I have my website enabled with owin and identity authentication. I can authenticate to my website based on a bearer token and on an applicationcookie. Everything works fine on my own server. Now I have deployed my website to a provider, the authentication of the bearer token fails after about 10 mins.
The website has a certificate and I use https.
I do the next steps from an Android app with HttpsUrlconnection.
- I first get a bearer token based on username and password credentials with a 14 days validation. This works fine.
- Then I can do webapi calls, which need to be authorized with this token and that works fine as well.
- But when I do nothing for a while (about 10 - 15 mins) and then try to do another webapi call with the same token in the header, I get an access denied response.
Since everything is running at my provider I can not debug and besides that I would not know where to debug for seeing the bearer token evaluation.
Can anyone tell me where I need to look for this problem?
Is it possible that some IIS setting overrules something or so?
Thanx
