Quantcast
Channel: Security
Viewing all articles
Browse latest Browse all 4737

owin signin, not appearing as logged in until refresh/redirect

$
0
0

For an MVC5 application using owin authentication, we have an account activation link that a user receives via email.  Once the link is clicked, they're taken to the MVC site which activates the accounts and then immediately attempts to login (all within a single GET action on /Account/Activate).  Signin is performed per below code snippet.  After sign in, we simply want to display the view at /Account/Activate to confirm that the activation is complete.

The issue we're facing is that the user doesn't appear to be signed unless a redirect or manual page refresh is performed.  Instead, the user is presented with the header seen by an unauthenticated user.  Checking HttpContext.Current.User.Identity immediately after the signin code below shows that IsAuthenticated is false... after a redirect/refresh it's true.

Do we truly need to perform a redirect after an owin signin before the .net application can see the user as logged in or are we doing something wrong here?

 

var identity = new ClaimsIdentity(new[] {
					new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", username),    
					new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", username),
					new Claim(ClaimTypes.Name, username), 
					new Claim(ClaimTypes.Role, model.UserType.ToString())
				}, 
				DefaultAuthenticationTypes.ApplicationCookie, 
				ClaimTypes.Name, 
				ClaimTypes.Role);

AuthenticationManager.SignIn(new AuthenticationProperties
{
	IsPersistent = isPersistent
}, identity);


Thanks


Viewing all articles
Browse latest Browse all 4737

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>