How do I Use JWT Authentication with Owin in ASP.NET 4.x Web API?

I am building a new application that will be using Angular 5 on the front end, and ASP.NET 4.5, along with Web API and Owin on the back.

I want to use Okta to validate the id_token recieved when a user is authenticated to secure my api’s. To do this I will use the [Authorize] attribute to validate if a request contains a valid token.

I am new to Okta as an identity provider, and I am use to configuring these settings in a Owin startup file, along with the Web API configuration.

How do I configure my applications Owin startup.cs file to accept JWT/id_token I receive from incoming requests from my API?

Here is my Startup.cs file

 public class Startup
    public void Configuration(IAppBuilder app)
        // Configure Web API

Here is my WebApiConfig.cs file

 public static class WebApiConfig
    public static void Configure(IAppBuilder app)
        HttpConfiguration config = new HttpConfiguration();
        // Web API routes
        config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
        //config.MessageHandlers.Add(new PreflightRequestHandler());
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional });


For this scenario (a SPA calling a backend API), you should use an access token to authorize API calls. We have a tutorial just for this: Angular frontend + ASP.NET 4.x API backend!

Let me know if that tutorial has the info you need.

Thank you, It works perfectly!



I have built an application as per the tutorial. It is working perfectly in my development machine. But it is not working in my server when I deployed.

Do we have any option to debug this to find the root cause.

Is there any change in the given below statement.

 ValidAudience = "api://default",