Make sure you use AuthenticationManager.Signout(DefaultAuthenticationTypes.ApplicationCookie); as correctly suggested by Jamie. Being able to login with the same cookie again is by design. Identity does not create internal sessions to track all logged-in users and if OWIN gets cookie that hits all the boxes (i.e. copies from the previous session), it’ll let you login. If you … Read more
Both client_id and client_secret are not used in the password flow. However, as you are probably aware, OAuth2 has other flows, suited for other scenarios. Namely: the authorization code flow used in web apps that authenticate users server side. The client_id is used in the initial redirect, the client_secret is used in the last step … Read more
If you use a custom dependency resolver with SignalR, you can no longer use GlobalHost unless you modify it: GlobalHost.DependencyResolver = new AutofacDependencyResolver(container); IHubContext hubContext = GlobalHost.ConnectionManager.GetHubContext<MyHub>(); // A custom HubConfiguration is now unnecessary, since MapSignalR will // use the resolver from GlobalHost by default. app.MapSignalR(); If you don’t want to modify GlobalHost, you will … Read more
Since OAuth is not an authentication protocol, there is no notion of signout. Delete the access token on the client – that’s all you can do. If you want to invalidate the token on the server side, add a unique id to it and keep track in your service – you would need to manually … Read more
Create a new Microsoft.Owin.Security.Facebook.AuthenticationOptions object in Startup.ConfigureAuth (StartupAuth.cs), passing it the FacebookAppId, FacebookAppSecret, and a new AuthenticationProvider. You will use a lambda expression to pass the OnAuthenticated method some code to add Claims to the identity which contain the values you extract from context.Identity. This will include access_token by default. You must add email to … Read more
OWIN cookie authentication middleware doesn’t support session caching like feature yet. #2 is not an options. #3 is the right way to go. As Prabu suggested, you should do following in your code: OnResponseSignIn: Save context.Identity in cache with a unique key(GUID) Create a new ClaimsIdentity embedded with the unique key Replace context.Identity with the … Read more
I found a part of the solution in this blog post: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/ So I created my own Provider as follows: public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider { public override Task RequestToken(OAuthRequestTokenContext context) { var value = context.Request.Query.Get(“access_token”); if (!string.IsNullOrEmpty(value)) { context.Token = value; } return Task.FromResult<object>(null); } } Then I needed to add it to my … Read more
Move your Index.html to the root of your project. Then install-package Microsoft.Owin.StaticFiles in Package Manager Console and add the code below: public class Startup { public void Configuration(IAppBuilder app) { const string rootFolder = “.”; var fileSystem=new PhysicalFileSystem(rootFolder); var options = new FileServerOptions { EnableDefaultFiles = true, FileSystem = fileSystem }; app.UseFileServer(options); } } This … Read more
On method GrantResourceOwnerCredentials once you add claims after validating the username password you need to add this claim: identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); By doing this the UserId will be filled when you call User.Identity.Name inside protected controller. Hope this solves your issue.