owin-security

问题 When trying to create a DataProtectionProvider manually I have stumbled upon the Microsoft documenation to DpapiDataProtectionProvider which says: Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity. A question suddenly arises: What is the best choice when your application IS hosted by ASP.NET? Searching

问题 When trying to create a DataProtectionProvider manually I have stumbled upon the Microsoft documenation to DpapiDataProtectionProvider which says: Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity. A question suddenly arises: What is the best choice when your application IS hosted by ASP.NET? Searching

问题 I am using the OWIN cookie authentication middleware and have setup a custom OnValidateIdentity -method that should be invoked on all requests that needs to be authenticated. My setup looks like this: app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "my-cookie", Provider = new CookieAuthenticationProvider() { OnValidateIdentity = async ctx => { // my own validation code } } } The issue I have is that for some requests, OnValidateIdentity is not called. If I

问题 As per subject, I updated the Owin.Security.WsFederation and dependent packages to version 4.0 and I get the error. I did not make any code changes other than changing using Microsoft.IdentityModel.Protocols; to using Microsoft.IdentityModel.Protocols.WsFederation; where is the WsFederationConfiguration class seems to be now. Here is my StartupAuth : public void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication( new CookieAuthenticationOptions { AuthenticationType =

问题 I am using Facebook Owin Authentication and more or less follow Microsoft sample. I am more or less following the First time user logs in, everything is ok. But if they sign out and try again, it seems like the previous .AspNet.Correlation.Facebook is not removed, but set to empty string. So my next call to api/getexternallogin looks like this in Fiddler: This is when we are generating a correlationId and having multiple cookies at this point is not a show stopper. In the response, I set it