Can't authenticate with token

Question

I've a ASP.NET MVC website which uses an ASP.NET WebAPI to authenticate. I've using ThinkTecture IdentityModel for basic authentication and session token, which works fine locally and in Azure Websites. However, I had to migrate to Azure Cloud services and now I can't authenticate with the token, always receiving the 401 error, but with just username and password works fine.

The only difference I can guess is that I've to deal with IIS now. Is there any modification required to allow authentication with token?

UPDATED:

I'm not using any Web.Config configuration for authentication, just using the following code in WebAPIConfig.

public static void Register(HttpConfiguration config)
        {
            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
                );

            var authConfig = new AuthenticationConfiguration
                                 {
                                     RequireSsl = true,
                                     EnableSessionToken = true,
                                     SendWwwAuthenticateResponseHeaders = true,
                                     SessionToken = new SessionTokenConfiguration()
                                         {
                                             DefaultTokenLifetime = System.TimeSpan.FromDays(1.0)
                                         }
                                 };

            // setup authentication against membership
            authConfig.AddBasicAuthentication(
                (userName, password) => WebSecurity.Login(userName, password, true)
                );

            config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
        }

Answer 1

I'd set a fixed signing key on the SessionTokenConfiguration. You definitely need that.