owin

I'm setting IsPersistent when signing the user in, how to read that value back? var identity = await UserManager.CreateIdentityAsync(appUser, DefaultAuthenticationTypes.ApplicationCookie); HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity); can you please try this, I haven't test it IAuthenticationManager AuthenticationManager { get { return HttpContext.GetOwinContext().Authentication; } } AspNet.Identity gives you access to the bool value of IsPersistent for the session. The most direct way to read its value is to call

I'm implemented a [CustomAuthorization] attribute based on [Authorize] attribute. My attribute looks like this: public class CustomAuthorizeAttribute : AuthorizeAttribute { public eUserRole CustomRoles { get; set; } = eUserRole.Administrator; // If not specified, the required role is Administrator protected override bool IsAuthorized(HttpActionContext actionContext) { AuthorizationSystem auth = new AuthorizationSystem(actionContext.RequestContext.Principal, this.CopyleaksRoles); var res = auth.Validate(); if (!res) return false; return base.IsAuthorized(actionContext); } } I splitted the logic

I'm using MVC with Owin external login with Facebook. Owin doesn't open facebook login as popup.It redirects the page to facebook. I know there is a option to make facebook login open as popup.We need to add the "&dialog=popup" in the URL. I don't have this option with OWIN. Is there any way to do that? I had the same problem. After reading though the source, I found a solution: Basically: you need to go ahead and create an authentication provider for Facebook. So create a class that inherits from FacebookAuthenticationProvider. Within this class, override the "ApplyRedirect" method. Make it

I've got an asp.net MVC 5 web project which is running fine on my development system. But for some reason, the login using Microsoft Owin with Facebook stops working as soon as I deploy the solution on my production system. The callback always retrieves ....error=access_denied as parameter and I tracked it back to the fact that owin returns null for my identity. Any clue whats going on here? UPDATE I implemented log4net in my Owin code and was able to dive deeper: Response status code does not indicate success: 400 (Bad Request). Stack trace: at System.Net.Http.HttpResponseMessage

How to detect all possible SignOuts? Is there a way to get some event when SignOut is made manually, by timeout and any other possible ways? I need to know when user authentication ends like i know that it starts when SingIn is called. I'm using both internal accounts and external (like Facebook). I need a spot that i can initialize user session when user is already authenticated. Below is code that should do the job, i don't like it at all. I need to check session at each request to be sure that flag in session is already loaded and was loaded for current user. In future that flag will be

I'm using the following OAuth provider and options: UserManagerFactory = () => new UserManager<IdentityUser>(new UserStore<IdentityUser>(new ApplicationDbContext())); OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/AccountOwin/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(2), AllowInsecureHttp = true }; app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseExternalSignInCookie

I am trying to figure out how to get the claim out of my token. I will try an keep the explanation short I have an HTML page that does a post to my web api, does and auth check and returns an JWT token when i get the token back i want to send it to different url, and the way i am doing it is using a querystring. I know i can use cookies but for this app we dont want to use them. So if my url looks like this http://somedomain/checkout/?token=bearer token comes here I am using Owin middleware and this is what i have so far app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions {

Referring to the SignalR Hubs API Guide indicates the following information in the configuration comments: // Setup the CORS middleware to run before SignalR. // By default this will allow all origins. You can // configure the set of origins and/or http verbs by // providing a cors options with a different policy. map.UseCors(CorsOptions.AllowAll); however, the Origins property of System.Web.CorsPolicy has a private setter, no constructor that allows origins to be injected, and no exposed setter method. With regards to the Origins list, it seems to only expose an "AllowAllOrigins" property and

I created a custom principal class public class FacebookPrincipal : ClaimsPrincipal { public JObject Data { get; set; } } And I want to use it. When the user logs in, I tried to set var fbP = new FacebookPrincipal { Data = user.Data }; Thread.CurrentPrincipal = fbP; AuthenticationManager.User = fbP; HttpContext.User = fbP; It works right after I set it, but when I go ho home/index the value is lost var user = HttpContext.GetOwinContext().Authentication.User; var bbbb = this.User; var cccc = ClaimsPrincipal.Current; All the above methods return a Principal of type ClaimsPrincipal and casting to