The `UseOAuthBearerTokens` extension method creates both the token server and the middleware to validate tokens for requests in the same application.

Pseudocode from source using reflector:

    UseOAuthAuthorizationServer(); // authorization server middleware
    UseOAuthBearerAuthentication(ApplicationOAuthBearerProvider); // application bearer token middleware           
    UseOAuthBearerAuthentication(ExternalOAuthBearerProvider); // external bearer token middleware



I&#39;m using a Microsoft azure service bus queue to process calculations and my program runs fine for a few hours but then I start to get this exception for every message that I process from then on. I have no clue where to start since everything runs fine for the first few hours. My code seems to be accurate as well. I will post the method where I handle the azure service bus message.

    public static async Task processCalculations(BrokeredMessage message)
        {
            try
            {
                if (message != null)
                {
                    if (connection == null || !connection.IsConnected)
                    {
                        connection = await ConnectionMultiplexer.ConnectAsync(&quot;connection,SyncTimeout=10000,ConnectTimeout=10000&quot;);
                        //connection = ConnectionMultiplexer.Connect(&quot;connection,SyncTimeout=10000,ConnectTimeout=10000&quot;);
                    }

                    cache = connection.GetDatabase();

                    string sandpKey = message.Properties[&quot;sandp&quot;].ToString();
                    string dateKey = message.Properties[&quot;date&quot;].ToString();
                    string symbolclassKey = message.Properties[&quot;symbolclass&quot;].ToString();
                    string stockdataKey = message.Properties[&quot;stockdata&quot;].ToString();
                    string stockcomparedataKey = message.Properties[&quot;stockcomparedata&quot;].ToString();

                    var sandpTask = cache.GetAsync&lt;List&lt;StockData&gt;&gt;(sandpKey);
                    var dateTask = cache.GetAsync&lt;DateTime&gt;(dateKey);
                    var symbolinfoTask = cache.GetAsync&lt;SymbolInfo&gt;(symbolclassKey);
                    var stockdataTask = cache.GetAsync&lt;List&lt;StockData&gt;&gt;(stockdataKey);
                    var stockcomparedataTask = cache.GetAsync&lt;List&lt;StockMarketCompare&gt;&gt;(stockcomparedataKey);

                    await Task.WhenAll(sandpTask, dateTask, symbolinfoTask,
                        stockdataTask, stockcomparedataTask);

                    List&lt;StockData&gt; sandp = sandpTask.Result;
                    DateTime date = dateTask.Result;
                    SymbolInfo symbolinfo = symbolinfoTask.Result;
                    List&lt;StockData&gt; stockdata = stockdataTask.Result;
                    List&lt;StockMarketCompare&gt; stockcomparedata = stockcomparedataTask.Result;

                    StockRating rating = performCalculations(symbolinfo, date, sandp, stockdata, stockcomparedata);

                    if (rating != null)
                    {
                        saveToTable(rating);
                        if (message.LockedUntilUtc.Minute &lt;= 1)
                        {
                            await message.RenewLockAsync();
                        }
                        await message.CompleteAsync(); // getting exception here
                    }
                    else
                    {
                        Console.WriteLine(&quot;Message &quot; + message.MessageId + &quot; Completed!&quot;);
                        await message.CompleteAsync();
                    }
                }
            }
            catch (TimeoutException time)
            {
                Console.WriteLine(time.Message);
            }
            catch (MessageLockLostException locks)
            {
                Console.WriteLine(locks.Message);
            }
            catch (RedisConnectionException redis)
            {
                Console.WriteLine(&quot;Start the redis server service!&quot;);
            }
            catch (MessagingCommunicationException communication)
            {
                Console.WriteLine(communication.Message);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                Console.WriteLine(ex.StackTrace);
            }
        }

UPDATE: I check the time until the lock expiration and I call lock renew if it needs it but it renews the lock with no errors but I&#39;m still getting this exception. 

    timeLeft = message.LockedUntilUtc - DateTime.UtcNow;
      if (timeLeft.TotalMinutes &lt;= 2)
                        {
                            //Console.WriteLine(&quot;Renewed lock! &quot; + ((TimeSpan)(message.LockedUntilUtc - DateTime.UtcNow)).TotalMinutes);
                            message.RenewLock();
                        }

    catch (MessageLockLostException locks)
            {
                Console.WriteLine(&quot;Delivery Count: &quot; + message.DeliveryCount);
                Console.WriteLine(&quot;Enqueued Time: &quot; + message.EnqueuedTimeUtc);
                Console.WriteLine(&quot;Expires Time: &quot; + message.ExpiresAtUtc);
                Console.WriteLine(&quot;Locked Until Time: &quot; + message.LockedUntilUtc);
                Console.WriteLine(&quot;Scheduled Enqueue Time: &quot; + message.ScheduledEnqueueTimeUtc);
                Console.WriteLine(&quot;Current Time: &quot; + DateTime.UtcNow);
                Console.WriteLine(&quot;Time Left: &quot; + timeLeft);
            }

All I know so far is that my code runs fine for awhile and the renew lock gets called and works but I&#39;m still getting the lock exception and inside that exception, I output the timeleft and it keeps increasing the time difference as the code runs which makes me believe that the time until lock expiration is not being changed somehow?

The lock supplied is invalid. Either the lock expired, or the message has already been removed from the queue

Despite reading all available docs on Flyway website, I still don&#39;t understand what is baseline good for. Could somebody explain it in plain English and mention some use cases for this command?

What is Flyway baseline feature good for?

In our `Startup` class, I have configured the following auth server options:

    OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString(&quot;/api/v1/token&quot;),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
        Provider = new SimpleAuthorizationServerProvider()
    };

After this, which option are we supposed to use to actually enable bearer authentication?  There seem to be two variations on the Internet.

**Option 1:**

    app.UseOAuthAuthorizationServer(OAuthServerOptions);
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

**Option 2:**

    app.UseOAuthBearerTokens(OAuthServerOptions);

I have tested them both and the results are the same.

What are the difference between these options?  When are we supposed to use which?

UseOAuthBearerTokens vs UseOAuthBearerAuthentication

In our <code>Startup</code> class, I have configured the following auth server options:
<pre><code class="hljs language-ini">OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
 AllowInsecureHttp = true,
 TokenEndpointPath = new PathString("/api/v1/token"),
 AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
 Provider = new SimpleAuthorizationServerProvider()
};
</code></pre>
After this, which option are we supposed to use to actually enable bearer authentication? There seem to be two variations on the Internet.
Option 1:
<pre><code class="hljs language-ini">app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
</code></pre>
Option 2:
<pre><code class="hljs language-ini">app.UseOAuthBearerTokens(OAuthServerOptions);
</code></pre>
I have tested them both and the results are the same.
What are the difference between these options? When are we supposed to use which?

I&#39;m using MVC5 Identity 2.0 for users to log into my website, where the authentication details are stored in an SQL database. Asp.net Identity has been implemented in a standard way as can be found in many online tutorials.

The ApplicationUser class in IdentityModels has been extended to include some custom properties, such as an integer OrganizationId. The idea is that many users can be created and assigned to a common Organization for database relationship purposes.

    public class ApplicationUser : IdentityUser
        {
            public async Task&lt;ClaimsIdentity&gt; GenerateUserIdentityAsync(UserManager&lt;ApplicationUser&gt; manager)
            {
                // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
                var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie);
                // Add custom user claims here
                return userIdentity;
            }
    
            //Extended Properties
            public DateTime? BirthDate { get; set; }
            public long? OrganizationId { get; set; }
    
            //Key Mappings
            [ForeignKey(&quot;OrganizationId&quot;)]
            public virtual Organization Organization { get; set; }
        }

How can I retrieve the OrganizationId property of the currently logged in user from within a controller? 
Is this available via a method once a user is logged in or do I always have the retrieve the OrganizationId from the database, based on the UserId, every time a controller method executes?

Reading around on the web I have seen I need to use the following to get the logged in UserId etc.

    using Microsoft.AspNet.Identity;
    ...
    User.Identity.GetUserId();

However, OrganizationId is not a property available in User.Identity. Do I need to extend User.Identity to include the OrganizationId property? If so, how do I go about this.

The reason I need the OrganizationId so often is that many table queries are reliant on the OrganizationId to retrieve data relevant to the Organization that&#39;s associated to the logged in user.

How to extend available properties of User.Identity

I planned to use ASP.NET Identity 2.0 in an ASP.NET MVC application for authentication and authorization.

Referring the below link

[JSON Web Token in ASP.NET Web API 2 using Owin][1]


  [1]: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/

I was able to create a access token(JWT) for the valid user i.e., When user Logs in to the application I will validate the user with name and password then I will issue a JSON web token for that valid user.

Now, I read in some articles that we need to pass the bearer token in headers for every request to validate the user for authentication. In MVC we will provide Authorize attribute for the methods that needs to be protected as shown below…

          public class UserController : BaseHRAppController
          {
                [Authorize]
                public ActionResult Index()
                {          
                   return View();
                }
           }

How to tell my MVC application to use JWT for validating the user?

I want to make my MVC application validate the user using JWT whenever the user tries to access the method with authorize attribute. Since I will use AJAX calls in many pages to access method present in MVC controller, I don&#39;t think it&#39;s good to pass a token on every AJAX request. I need help to accomplish authentication and authorization in an efficient way using ASP.NET Identity in an MVC applicaton. 

Currently, I don&#39;t know how to use this JWT token for authentication and authorization in an MVC application.

How to use JWT in MVC application for authentication and authorization?

I&#39;ve done this before with MVC5 using `User.Identity.GetUserId()` but that doesn&#39;t seem to work here.
The `User.Identity` doesn&#39;t have the `GetUserId()` method.

I am using `Microsoft.AspNet.Identity`.

How to get the current logged in user ID in ASP.NET Core?

I&#39;m developing an ASP.NET MVC 5 application. I have an existing DB, from which I created my ADO.NET Entity Data Model.
I have a table in that DB which contains &quot;username&quot; and &quot;password&quot; column, and I want to use them to implement authentication and authorization in my Webapp; I cannot create any other database or table or column and I cannot use the standard Identity authentication, because of customer&#39;s requirements.
I don&#39;t need to manage signup, password changing or other stuffs: just login with password and username.
How can I do that? 

How to implement custom authentication in ASP.NET MVC 5

I have seen lots of similar pages on the web, but most of them use a new project instead of an existing one, or don&#39;t have the necessary features. So, I have an existing `MVC 5` project and want to integrate **ASP.NET MVC5 Identity with log in, email confirmation and password reset** features.

In addition to this, I also need to create all the **necessary tables** on the database i.e. User, Roles, groups, etc. (I use EF Code First in my project). Is there an article or sample that corresponds to these needs?

Adding ASP.NET MVC5 Identity Authentication to an existing project

**UPDATE**

Thanks for all the answers. I am on a new project and it looks like I&#39;ve finally got to the bottom of this: It looks like the following code was in fact to blame:


    public static HttpResponseMessage GetHttpSuccessResponse(object response, HttpStatusCode code = HttpStatusCode.OK)
    {
        return new HttpResponseMessage()
        {
            StatusCode = code,
            Content = response != null ? new JsonContent(response) : null
        };
    }

elsewhere...
           
    public JsonContent(object obj)
    {
        var encoded = JsonConvert.SerializeObject(obj, Newtonsoft.Json.Formatting.None, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore } );
        _value = JObject.Parse(encoded);
        
        Headers.ContentType = new MediaTypeHeaderValue(&quot;application/json&quot;);
    }

I had overlooked the innocuous looking JsonContent assuming it was WebAPI but no.

This is used _everywhere_... Can I just be the first to say, wtf? Or perhaps that should be &quot;Why are they doing this?&quot;

-----------------------------------

*original question follows*


One would have thought this would be a simple config setting, but it&#39;s eluded me for too long now.

I have looked at various solutions and answers:

https://gist.github.com/rdingwall/2012642

doesn&#39;t seem to apply to latest WebAPI version...

The following doesn&#39;t seem to work - property names are still PascalCased.


    var json = GlobalConfiguration.Configuration.Formatters.JsonFormatter;

    json.UseDataContractJsonSerializer = true;
    json.SerializerSettings.NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore;

    json.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); 

Mayank&#39;s answer here: https://stackoverflow.com/questions/23370619/camelcase-json-webapi-sub-objects-nested-objects-child-objects seemed like an unsatisfactory but workable answer until I realised these attributes would have to be added to generated code as we are using linq2sql...

Any way to do this automatically? This &#39;nasty&#39; has plagued me for a long time now. 


Web API 2: how to return JSON with camelCased property names, on objects and their sub-objects

I tried to follow the steps at http://enable-cors.org/server_aspnet.html
to have my RESTful API (implemented with ASP.NET WebAPI2) work with cross origin requests (CORS Enabled). It&#39;s not working unless I modify the web.config.

I installed WebApi Cors dependency:

    install-package Microsoft.AspNet.WebApi.Cors -ProjectName MyProject.Web.Api

Then in my `App_Start` I&#39;ve got the class `WebApiConfig` as follows:

    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            var corsAttr = new EnableCorsAttribute(&quot;*&quot;, &quot;*&quot;, &quot;*&quot;);
            config.EnableCors(corsAttr);

            var constraintsResolver = new DefaultInlineConstraintResolver();

            constraintsResolver.ConstraintMap.Add(&quot;apiVersionConstraint&quot;, typeof(ApiVersionConstraint));
            config.MapHttpAttributeRoutes(constraintsResolver); 
            config.Services.Replace(typeof(IHttpControllerSelector), new NamespaceHttpControllerSelector(config));
            //config.EnableSystemDiagnosticsTracing(); 
            config.Services.Replace(typeof(ITraceWriter), new SimpleTraceWriter(WebContainerManager.Get&lt;ILogManager&gt;())); 
            config.Services.Add(typeof(IExceptionLogger), new SimpleExceptionLogger(WebContainerManager.Get&lt;ILogManager&gt;()));
            config.Services.Replace(typeof(IExceptionHandler), new GlobalExceptionHandler()); 
        }
    }

but after that I run the application, I request a resource with Fiddler like:
http://localhost:51589/api/v1/persons
and in the response I cannot see the HTTP headers that I should see such as:

* `Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS`
* `Access-Control-Allow-Origin: *`

Am I missing some step? I have tried with the following annotation on the controller:

`[EnableCors(origins: &quot;http://example.com&quot;, headers: &quot;*&quot;, methods: &quot;*&quot;)]`

Same result, no CORS enabled.

However, if I add the following in my web.config (without even installing the AspNet.WebApi.Cors dependency) it works:

    &lt;system.webServer&gt;

    &lt;httpProtocol&gt;
      &lt;!-- THESE HEADERS ARE IMPORTANT TO WORK WITH CORS --&gt;
      &lt;!--
      &lt;customHeaders&gt;
        &lt;add name=&quot;Access-Control-Allow-Origin&quot; value=&quot;*&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Methods&quot; value=&quot;POST, PUT, DELETE, GET, OPTIONS&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Headers&quot; value=&quot;content-Type, accept, origin, X-Requested-With, Authorization, name&quot; /&gt;
        &lt;add name=&quot;Access-Control-Allow-Credentials&quot; value=&quot;true&quot; /&gt;
      &lt;/customHeaders&gt;
      --&gt;
    &lt;/httpProtocol&gt;
    &lt;handlers&gt;
      &lt;!-- THESE HANDLERS ARE IMPORTANT FOR WEB API TO WORK WITH  GET,HEAD,POST,PUT,DELETE and CORS--&gt;
      &lt;!--
      
      &lt;remove name=&quot;WebDAV&quot; /&gt;
      &lt;add name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; path=&quot;*.&quot; verb=&quot;GET,HEAD,POST,PUT,DELETE&quot; type=&quot;System.Web.Handlers.TransferRequestHandler&quot; preCondition=&quot;integratedMode,runtimeVersionv4.0&quot; /&gt;
      &lt;remove name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; /&gt;
      &lt;remove name=&quot;OPTIONSVerbHandler&quot; /&gt;
      &lt;remove name=&quot;TRACEVerbHandler&quot; /&gt;
      &lt;add name=&quot;ExtensionlessUrlHandler-Integrated-4.0&quot; path=&quot;*.&quot; verb=&quot;*&quot; type=&quot;System.Web.Handlers.TransferRequestHandler&quot; preCondition=&quot;integratedMode,runtimeVersionv4.0&quot; /&gt;
    --&gt;
    &lt;/handlers&gt;
      
  &lt;/system.webServer&gt;

Any help would be much appreciated!

Thank you.

Asp.Net WebApi2 Enable CORS not working with AspNet.WebApi.Cors 5.2.3

I have an existing Web API 2 service and need to modify one of the methods to take a custom object as another parameter, currently the method has one parameter which is a simple string coming from the URL.  After adding the custom object as a parameter I am now getting a 415 unsupported media type error when calling the service from a .NET windows app.  Interestingly, I can successfully call this method using javascript and the jquery ajax method.

The Web API 2 service method looks like this:

    &lt;HttpPost&gt;
    &lt;HttpGet&gt;
    &lt;Route(&quot;{view}&quot;)&gt;
    Public Function GetResultsWithView(view As String, pPaging As Paging) As HttpResponseMessage
       Dim resp As New HttpResponseMessage
       Dim lstrFetchXml As String = String.Empty
       Dim lstrResults As String = String.Empty
    
       Try
          &#39;... do some work here to generate xml string for the response
          &#39;// write xml results to response
          resp.Content = New StringContent(lstrResults)
          resp.Content.Headers.ContentType.MediaType = &quot;text/xml&quot;
          resp.Headers.Add(&quot;Status-Message&quot;, &quot;Query executed successfully&quot;)
          resp.StatusCode = HttpStatusCode.OK
       Catch ex As Exception
          resp.StatusCode = HttpStatusCode.InternalServerError
          resp.Headers.Add(&quot;Status-Message&quot;, String.Format(&quot;Error while retrieving results from view {0}: {1}&quot;, view, ex.Message))
       End Try
       Return resp
    End Function

The method allows both `POST` and `GET` because the `Paging` object is optional.  If I call this method with a `GET` request it works.

And the simple .NET client code calling the service looks like this:

    Dim uri As String = BASE_URI + &quot;fetch/someview&quot;
    Dim resp As HttpWebResponse
    Dim sr As StreamReader
    Dim lstrResponse As String
    Dim reqStream As Stream
    Dim bytData As Byte()
    Dim req As HttpWebRequest = WebRequest.Create(uri)
    Dim lstrPagingJSON As String
    Dim lPaging As New Paging
    Try
       lPaging.Page = 1
       lPaging.Count = 100
       lPaging.PagingCookie = &quot;&quot;
       req.Method = &quot;POST&quot;
       lstrPagingJSON = JsonSerializer(Of Paging)(lPaging)
       bytData = Encoding.UTF8.GetBytes(lstrPagingJSON)
       req.ContentLength = bytData.Length
       reqStream = req.GetRequestStream()
       reqStream.Write(bytData, 0, bytData.Length)
       reqStream.Close()
       req.ContentType = &quot;application/json&quot;
    
       resp = req.GetResponse()
    
       sr = New StreamReader(resp.GetResponseStream, Encoding.UTF8)
       lstrResponse = sr.ReadToEnd
       &#39;// do something with the response here
    Catch exweb As WebException
       txtOutput.AppendText(&quot;Error during request: &quot; + exweb.Message)
    Catch ex As Exception
       txtOutput.AppendText(String.Format(&quot;General error during request to {0}: {1}&quot;, uri, ex.Message))
    End Try

The .NET client is running on the 4.5 framework and the service is on 4.5.2 framework.  The error is thrown at the `resp = req.GetResponse()` line. Some things I tried already:

 - on the client, set the `req.Accept` value to &quot;application/xml&quot; or
   &quot;text/xml&quot;
 - in the service method, removed the line
   `resp.Content.Headers.ContentType.MediaType = &quot;text/xml&quot;
 - replace the XML response content with some static JSON, tried to rule out any problems with sending in JSON on the request and getting XML back on the response

So far I keep getting the same 415 error response no matter what I try.

I mentioned this works when called from javascript, here&#39;s my ajax call that is working:

    $.ajax({
       headers: {},
       url: &quot;api/fetch/someview&quot;,
       type: &quot;POST&quot;,
       data: &quot;{Count:100,Page:1,PagingCookie:\&quot;\&quot;}&quot;,
       contentType: &quot;application/json; charset=utf-8&quot;,
       dataType: &quot;xml&quot;,
       success: function (data) {
          alert(&quot;call succeeded&quot;);
       },
       failure: function (response) {
          alert(&quot;call failed&quot;);
       }
    });

On the service side, there is nothing fancy going on with the route config or anything else, it&#39;s pretty much all out-of-the-box Web API 2.  I know the routing is working, calls are being correctly routed to the method, they&#39;re not going somewhere else unexpectedly, so what am I missing in the .NET client?  Any help is much appreciated!

**--- UPDATE ---**&lt;br/&gt;
I tried to create a completely new Web API service to rule out any possible issues with the existing service, I created a controller with a single method that takes a custom object as the parameter.  I then tried calling that from the .NET client and got the same error.  I also tried using WebClient instead of HttpWebRequest, but still get the same error. This is also something that previously worked for me with Web API (prior to Web API 2).

**--- UPDATE ---**&lt;br/&gt;
I also tried creating a new web app using Web API 1, when I call that with a POST my complex object parameter is now coming in null.  I have another web service running Web API 1 and verified that I can still call that successfully with complex objects.  Whatever my problem is, it appears to be something with the JSON passing between the client and server.  I have checked the JSON I&#39;m sending it and its valid, the object definition is also an exact match between the client and server so the JSON should be able to be parsed by the server.

HTTP 415 unsupported media type error when calling Web API 2 endpoint

Is there a way to display all enums as their string value in swagger instead of their int value? 

I want to be able to submit POST actions and put enums according to their string value without having to look at the enum every time. 

I tried `DescribeAllEnumsAsStrings` but the server then receives strings instead of the enum value which is not what we&#39;re looking for. 

Has anyone solved this?

Edit:

    public class Letter 
    {
    	[Required]
    	public string Content {get; set;}
    	
    	[Required]
    	[EnumDataType(typeof(Priority))]
    	public Priority Priority {get; set;}
    }
    
    
    public class LettersController : ApiController
    {
    	[HttpPost]
    	public IHttpActionResult SendLetter(Letter letter)
    	{
    		// Validation not passing when using DescribeEnumsAsStrings
    		if (!ModelState.IsValid)
    			return BadRequest(&quot;Not valid&quot;)
    		
    		..
    	}
    
    	// In the documentation for this request I want to see the string values of the enum before submitting: Low, Medium, High. Instead of 0, 1, 2
    	[HttpGet]
    	public IHttpActionResult GetByPriority (Priority priority)
    	{
    		
    	}
    }
    
    
    public enum Priority
    {
    	Low, 
    	Medium,
    	High
    }

Swagger UI Web Api documentation Present enums as strings?

I have a controller with the following signature:

    [Route(&quot;products/filter/{apc=apc}/{xpc=xpc}/{sku=sku}&quot;)]
    public IHttpActionResult Get(string apc, string xpc, int? sku)
    { ... }

I call this method with following URIs:

 - ~/api/products/filter?apc=AA&amp;xpc=BB
 - ~/api/products/filter?sku=7199123

The first URI works without issue. The second one has a strange side effect. Even though the default values for apc and xpc should be null when not provided, the parameters are actually their names. I can overcome this by adding the additional logic:

    apc = (apc == &quot;apc&quot;) ? null : apc;
    xpc = (xpc == &quot;xpc&quot;) ? null : xpc;

This seems like a hack, and would be problematic if value passed was ever equal to the parameter name. 

Is there a way to define the Route without this side effect? 

Web API optional parameters

I have followed [this article][1] to implement an OAuth Authorization server. However when I use post man to get a token, I get an error in the response:

&gt;&quot;error&quot;: &quot;unsupported_grant_type&quot;

I read somewhere that the data in Postman needs to be posted using `Content-type:application/x-www-form-urlencoded`. I have prepped the required settings in Postman:

![enter image description here][2]

and yet my headers are like this:

![enter image description here][3]

Here is my code

    public class CustomOAuthProvider : OAuthAuthorizationServerProvider
    {
        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            context.Validated();
            return Task.FromResult&lt;object&gt;(null);
        }

        public override Task MatchEndpoint(OAuthMatchEndpointContext context)
        {
            if (context.OwinContext.Request.Method == &quot;OPTIONS&quot; &amp;&amp; context.IsTokenEndpoint)
            {
                context.OwinContext.Response.Headers.Add(&quot;Access-Control-Allow-Methods&quot;, new[] { &quot;POST&quot; });
                context.OwinContext.Response.Headers.Add(&quot;Access-Control-Allow-Headers&quot;, new[] { &quot;accept&quot;, &quot;authorization&quot;, &quot;content-type&quot; });
                context.OwinContext.Response.StatusCode = 200;
                context.RequestCompleted();
                return Task.FromResult&lt;object&gt;(null);
            }
            return base.MatchEndpoint(context);       
        }

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            string allowedOrigin = &quot;*&quot;;

            context.OwinContext.Response.Headers.Add(&quot;Access-Control-Allow-Origin&quot;, new[] { allowedOrigin });
            context.OwinContext.Response.Headers.Add(&quot;Access-Control-Allow-Headers&quot;, new[] { &quot;Content-Type&quot; });

            Models.TheUser user = new Models.TheUser();
            user.UserName = context.UserName;
            user.FirstName = &quot;Sample first name&quot;;
            user.LastName = &quot;Dummy Last name&quot;;

            ClaimsIdentity identity = new ClaimsIdentity(&quot;JWT&quot;);

            identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
            foreach (string claim in user.Claims)
            {
                identity.AddClaim(new Claim(&quot;Claim&quot;, claim));    
            }
            
            var ticket = new AuthenticationTicket(identity, null);
            context.Validated(ticket);
        }
    }

    public class CustomJwtFormat : ISecureDataFormat&lt;AuthenticationTicket&gt;
    {
        private readonly string _issuer = string.Empty;

        public CustomJwtFormat(string issuer)
        {
            _issuer = issuer;
        }

        public string Protect(AuthenticationTicket data)
        {
            string audienceId = ConfigurationManager.AppSettings[&quot;AudienceId&quot;];
            string symmetricKeyAsBase64 = ConfigurationManager.AppSettings[&quot;AudienceSecret&quot;];
            var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
            var signingKey = new HmacSigningCredentials(keyByteArray);
            var issued = data.Properties.IssuedUtc;
            var expires = data.Properties.ExpiresUtc;
            var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
            var handler = new JwtSecurityTokenHandler();
            var jwt = handler.WriteToken(token);
            return jwt;
        }

        public AuthenticationTicket Unprotect(string protectedText)
        {
            throw new NotImplementedException();
        }
    }

In the CustomJWTFormat class above only the breakpoint in the constructor gets hit. In the CustomOauth class, the breakpoint in the GrantResourceOwnerCredentials method never gets hit. The others do. 

The Startup class:

    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
            
            HttpConfiguration config = new HttpConfiguration();
            WebApiConfig.Register(config);

            ConfigureOAuthTokenGeneration(app);
            ConfigureOAuthTokenConsumption(app);
            
            app.UseWebApi(config);
        }
    
        private void ConfigureOAuthTokenGeneration(IAppBuilder app)
        {
            var OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                //For Dev enviroment only (on production should be AllowInsecureHttp = false)
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString(&quot;/oauth/token&quot;),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new CustomOAuthProvider(),
                AccessTokenFormat = new CustomJwtFormat(ConfigurationManager.AppSettings[&quot;Issuer&quot;])
            };

            // OAuth 2.0 Bearer Access Token Generation
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
        }

        private void ConfigureOAuthTokenConsumption(IAppBuilder app)
        {
            string issuer = ConfigurationManager.AppSettings[&quot;Issuer&quot;]; 
            string audienceId = ConfigurationManager.AppSettings[&quot;AudienceId&quot;];
            byte[] audienceSecret = TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings[&quot;AudienceSecret&quot;]);

            // Api controllers with an [Authorize] attribute will be validated with JWT
            app.UseJwtBearerAuthentication(
                new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    AllowedAudiences = new[] { audienceId },
                    IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                    {
                        new SymmetricKeyIssuerSecurityTokenProvider(issuer, audienceSecret)
                    }
                });
        }
    }

Do I need to set up `Content-type:application/x-www-form-urlencoded` somewhere else in the web api code? What could be wrong? Please help.


  [1]: http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/
  [2]: http://i.stack.imgur.com/ckYWz.png
  [3]: http://i.stack.imgur.com/gtkRP.png

Getting &quot;error&quot;: &quot;unsupported_grant_type&quot; when trying to get a JWT by calling an OWIN OAuth secured Web Api via Postman

The project was running fine until I updated all NuGet packages via 
NuGet Manager (I was trying to get the latest OWIN packages).

This error is in the `_Layout.cshtml` and I have not touched it at all.

&gt; Object reference not set to an instance of an object.
&gt; 
&gt; Description: An unhandled exception occurred during the execution of
&gt; the current web request. Please review the stack trace for more
&gt; information about the error and where it originated in the code. 
&gt; 
&gt; Exception Details: `System.NullReferenceException`: Object reference not
&gt; set to an instance of an object.
&gt; 
&gt; Source Error: 
&gt; 
&gt; 
&gt;     Line 13:  
&gt;     Line 14:     &lt;!-- Custom Fonts --&gt;
&gt;     Line 15:     @Scripts.Render(&quot;~/Content/fonts&quot;)
&gt; 
&gt; Source File: f:\Workplace\lrc\lrc\Views\Shared\_Layout.cshtml    Line:
&gt; 15

---------------------------------

### Update

Here is the code in the `_Layout.cshtml` (they are automatically generated when creating the project):

&lt;!-- language: lang-html --&gt;
    &lt;!DOCTYPE html&gt;
    &lt;html&gt;
    &lt;head&gt;
        &lt;meta charset=&quot;utf-8&quot; /&gt;
        &lt;meta http-equiv=&quot;X-UA-Compatible&quot; content=&quot;IE=edge&quot;&gt;
        &lt;meta name=&quot;viewport&quot; content=&quot;width=device-width, initial-scale=1.0&quot;&gt;
        &lt;meta name=&quot;description&quot; content=&quot;LRC - We are aiming at building up a healthier life style.&quot;&gt;
        &lt;meta name=&quot;author&quot; content=&quot;Winston Fan&quot;&gt;
        &lt;title&gt;@ViewBag.Title - LRC&lt;/title&gt;
        @Styles.Render(&quot;~/Content/css&quot;)
        @Scripts.Render(&quot;~/bundles/modernizr&quot;)
    
        &lt;!-- Custom Fonts --&gt;
        @Scripts.Render(&quot;~/Content/fonts&quot;)
        
        &lt;link href=&quot;http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&quot; rel=&quot;stylesheet&quot; type=&quot;text/css&quot;&gt;
        &lt;link href=&quot;http://fonts.googleapis.com/css?family=Montserrat:400,700&quot; rel=&quot;stylesheet&quot; type=&quot;text/css&quot;&gt;

So it is complaining this line of code:

    @Scripts.Render(&quot;~/Content/fonts&quot;)

But as you can see that, this is VS generated code, how could I make it wrong?

I also checked the content in the `Conntent/font-awesome/fonts` folder and all required resources are there. 

Here is the code inside the `BundleConfig` (which is also the auto-generated code):

&lt;!-- language: lang-csharp --&gt;
    bundles.Add(new ScriptBundle(&quot;~/Content/fonts&quot;).Include(
                  &quot;~/Content/font-awesome/fonts/fontawesome-*&quot;,
                  &quot;~/Content/font-awesome/fonts/FontAwesome.otf&quot;));

My `Microsoft.OWin.Security`, `Microsoft.OWin.Security.Google` and `Microsoft.OWin` are version `3.0.1.0`.

-----------------------------------------------------

### Update 2

Here is the stack trace:

&gt;     [NullReferenceException: Object reference not set to an instance of an
&gt;     object.]    Microsoft.Ajax.Utilities.JSParser.ParseExpression(AstNode
&gt;     leftHandSide, Boolean single, Boolean bCanAssign, JSToken inToken)
&gt;     +1007    Microsoft.Ajax.Utilities.JSParser.ParseExpressionStatement(Boolean
&gt;     fSourceElement) +268   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseStatement(Boolean
&gt;     fSourceElement, Boolean skipImportantComment) +1552   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseBlock() +164   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseStatement(Boolean
&gt;     fSourceElement, Boolean skipImportantComment) +498   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseBlock() +164   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseStatement(Boolean
&gt;     fSourceElement, Boolean skipImportantComment) +498   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseBlock() +164   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseStatement(Boolean
&gt;     fSourceElement, Boolean skipImportantComment) +498   
&gt;     Microsoft.Ajax.Utilities.JSParser.ParseStatements(Block block) +159   
&gt;     Microsoft.Ajax.Utilities.JSParser.InternalParse() +1011   
&gt;     Microsoft.Ajax.Utilities.JSParser.Parse(DocumentContext sourceContext)
&gt;     +123    Microsoft.Ajax.Utilities.JSParser.Parse(DocumentContext sourceContext, CodeSettings settings) +54   
&gt;     Microsoft.Ajax.Utilities.Minifier.MinifyJavaScript(String source,
&gt;     CodeSettings codeSettings) +987   
&gt;     System.Web.Optimization.JsMinify.Process(BundleContext context,
&gt;     BundleResponse response) +310   
&gt;     System.Web.Optimization.Bundle.ApplyTransforms(BundleContext context,
&gt;     String bundleContent, IEnumerable`1 bundleFiles) +263   
&gt;     System.Web.Optimization.Bundle.GenerateBundleResponse(BundleContext
&gt;     context) +355   
&gt;     System.Web.Optimization.Bundle.GetBundleResponse(BundleContext
&gt;     context) +104   
&gt;     System.Web.Optimization.BundleResolver.GetBundleContents(String
&gt;     virtualPath) +254   
&gt;     System.Web.Optimization.AssetManager.DeterminePathsToRender(IEnumerable`1
&gt;     assets) +252   
&gt;     System.Web.Optimization.AssetManager.RenderExplicit(String tagFormat,
&gt;     String[] paths) +75   
&gt;     System.Web.Optimization.Scripts.RenderFormat(String tagFormat,
&gt;     String[] paths) +292   
&gt;     System.Web.Optimization.Scripts.Render(String[] paths) +51   
&gt;     ASP._Page_Views_Shared__Layout_cshtml.Execute() in
&gt;     f:\Workplace\lrc\lrc\Views\Shared\_Layout.cshtml:15   
&gt;     System.Web.WebPages.WebPageBase.ExecutePageHierarchy() +271   
&gt;     System.Web.Mvc.WebViewPage.ExecutePageHierarchy() +121   
&gt;     System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext
&gt;     pageContext, TextWriter writer, WebPageRenderingBase startPage) +145  
&gt;     System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext
&gt;     pageContext, TextWriter writer) +41   
&gt;     System.Web.WebPages.&lt;&gt;c__DisplayClass3.&lt;RenderPageCore&gt;b__2(TextWriter
&gt;     writer) +335    System.Web.WebPages.HelperResult.WriteTo(TextWriter
&gt;     writer) +42   
&gt;     System.Web.WebPages.WebPageExecutingBase.WriteTo(TextWriter writer,
&gt;     HelperResult content) +45   
&gt;     System.Web.WebPages.WebPageBase.Write(HelperResult result) +53   
&gt;     System.Web.WebPages.WebPageBase.RenderSurrounding(String
&gt;     partialViewName, Action`1 body) +178   
&gt;     System.Web.WebPages.WebPageBase.PopContext() +229   
&gt;     System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext
&gt;     pageContext, TextWriter writer, WebPageRenderingBase startPage) +154  
&gt;     System.Web.Mvc.RazorView.RenderView(ViewContext viewContext,
&gt;     TextWriter writer, Object instance) +695   
&gt;     System.Web.Mvc.BuildManagerCompiledView.Render(ViewContext
&gt;     viewContext, TextWriter writer) +382   
&gt;     System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context)
&gt;     +431    System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext
&gt;     controllerContext, ActionResult actionResult) +39   
&gt;     System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1
&gt;     filters, Int32 filterIndex, ResultExecutingContext preContext,
&gt;     ControllerContext controllerContext, ActionResult actionResult) +116  
&gt;     System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1
&gt;     filters, Int32 filterIndex, ResultExecutingContext preContext,
&gt;     ControllerContext controllerContext, ActionResult actionResult) +529  
&gt;     System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext
&gt;     controllerContext, IList`1 filters, ActionResult actionResult) +106   
&gt;     System.Web.Mvc.Async.&lt;&gt;c__DisplayClass2b.&lt;BeginInvokeAction&gt;b__1c()
&gt;     +321    System.Web.Mvc.Async.&lt;&gt;c__DisplayClass21.&lt;BeginInvokeAction&gt;b__1e(IAsyncResult
&gt;     asyncResult) +185   
&gt;     System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult
&gt;     asyncResult) +42   
&gt;     System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +133   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +56   
&gt;     System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult
&gt;     asyncResult) +40   
&gt;     System.Web.Mvc.Controller.&lt;BeginExecuteCore&gt;b__1d(IAsyncResult
&gt;     asyncResult, ExecuteCoreState innerState) +34   
&gt;     System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult
&gt;     asyncResult) +70   
&gt;     System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +139   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +59   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +40   
&gt;     System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +44
&gt;     System.Web.Mvc.Controller.&lt;BeginExecute&gt;b__15(IAsyncResult
&gt;     asyncResult, Controller controller) +39   
&gt;     System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult
&gt;     asyncResult) +62   
&gt;     System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +139   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +59   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +40    System.Web.Mvc.Controller.EndExecute(IAsyncResult
&gt;     asyncResult) +39   
&gt;     System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult
&gt;     asyncResult) +39   
&gt;     System.Web.Mvc.MvcHandler.&lt;BeginProcessRequest&gt;b__5(IAsyncResult
&gt;     asyncResult, ProcessRequestState innerState) +39   
&gt;     System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult
&gt;     asyncResult) +70   
&gt;     System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +139   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +59   
&gt;     System.Web.Mvc.Async.AsyncResultWrapper.End(IAsyncResult asyncResult,
&gt;     Object tag) +40   
&gt;     System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
&gt;     +40    System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult
&gt;     result) +38   
&gt;     System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
&gt;     +932    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously) +188

----------------------------------------

### Update 3

Here is the `Content` folder:

![enter image description here][1]

-------------------------------

### Update 4

Here is the content of the `packages.config`:

&lt;!-- language: lang-xml --&gt;
    &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
    &lt;packages&gt;
      &lt;package id=&quot;Antlr&quot; version=&quot;3.5.0.2&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;bootstrap&quot; version=&quot;3.3.4&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;EntityFramework&quot; version=&quot;6.1.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;jQuery&quot; version=&quot;2.1.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;jQuery.Validation&quot; version=&quot;1.13.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Identity.Core&quot; version=&quot;2.2.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Identity.EntityFramework&quot; version=&quot;2.2.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Identity.Owin&quot; version=&quot;2.2.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Mvc&quot; version=&quot;5.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Razor&quot; version=&quot;3.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.Web.Optimization&quot; version=&quot;1.1.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.WebApi&quot; version=&quot;5.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.WebApi.Client&quot; version=&quot;5.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.WebApi.Core&quot; version=&quot;5.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.WebApi.WebHost&quot; version=&quot;5.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.AspNet.WebPages&quot; version=&quot;3.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.jQuery.Unobtrusive.Validation&quot; version=&quot;3.2.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Host.SystemWeb&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.Cookies&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.Facebook&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.Google&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.MicrosoftAccount&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.OAuth&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Owin.Security.Twitter&quot; version=&quot;3.0.1&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Microsoft.Web.Infrastructure&quot; version=&quot;1.0.0.0&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Modernizr&quot; version=&quot;2.8.3&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Newtonsoft.Json&quot; version=&quot;6.0.8&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Owin&quot; version=&quot;1.0&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;Respond&quot; version=&quot;1.4.2&quot; targetFramework=&quot;net451&quot; /&gt;
      &lt;package id=&quot;WebGrease&quot; version=&quot;1.6.0&quot; targetFramework=&quot;net451&quot; /&gt;
    &lt;/packages&gt;

  [1]: http://i.stack.imgur.com/lciDc.png

Object reference not set to an instance of an object in _Layout.cshtml after updated packages

This error 

The following errors occurred while attempting to load the app.
- No assembly found containing an OwinStartupAttribute.
- The given type or method &#39;false&#39; was not found. Try specifying the Assembly.
To disable OWIN startup discovery, add the appSetting owin:AutomaticAppStartup with a value of &quot;false&quot; in your web.config.
To specify the OWIN startup Assembly, Class, or Method, add the appSetting owin:AppStartup with the fully qualified startup class or configuration method name in your web.config.

appears on my screen on the most face burningly ugly error page ever created in history. 

[![enter image description here][1]][1]

Ive tried to follow the instructions on the page by inserting the owin:AutomaticAppStartup in the config.

     &lt;appSettings &gt;
        &lt;add key=&quot;owin:AppStartup&quot; value=&quot;false&quot;&gt;&lt;/add&gt;
            &lt;/appSettings&gt;

this did not fix the problem. Any suggestions?

  [1]: http://i.stack.imgur.com/rDKpi.jpg

No assembly found containing an OwinStartupAttribute Error

I need ability to change password for user by admin. So, admin should not enter a current password of user, he should have ability to set a new password. I look at ChangePasswordAsync method, but this method requires to enter old password. So, this method is not appropriate for this task. Therefore I have made it by the following way:

        [HttpPost]
        public async Task&lt;ActionResult&gt; ChangePassword(ViewModels.Admin.ChangePasswordViewModel model)
        {
            var userManager = HttpContext.GetOwinContext().GetUserManager&lt;ApplicationUserManager&gt;();
            var result = await userManager.RemovePasswordAsync(model.UserId);
            if (result.Succeeded)
            {
                result = await userManager.AddPasswordAsync(model.UserId, model.Password);
                if (result.Succeeded)
                {
                    return RedirectToAction(&quot;UserList&quot;);
                }
                else
                {
                    ModelState.AddModelError(&quot;&quot;, result.Errors.FirstOrDefault());
                }
            }
            else
            {
                ModelState.AddModelError(&quot;&quot;, result.Errors.FirstOrDefault());
            }
            return View(model);
        }

it works, but theoretically we can receive error on AddPasswordAsync method. So, old password will be removed but new is not set. It&#39;s not good. Any way to do it in &quot;one transaction&quot;?
PS. I seen ResetPasswordAsync method with reset token, seems, it&#39;s more safe (because can&#39;t be unstable situation with user) but in any case, it does by 2 actions. 

Content Type	Original Author	Original Content on Stackoverflow
Question	Dave New	View Question on Stackoverflow
Solution 1 - asp.net Identity	Alberto Spelta	View Answer on Stackoverflow

UseOAuthBearerTokens vs UseOAuthBearerAuthentication

asp.net Identity Problem Overview

asp.net Identity Solutions

Solution 1 - asp.net Identity

What is Flyway baseline feature good for?

The lock supplied is invalid. Either the lock expired, or the message has already been removed from the queue

Attributions