0

I'm new to OWIN authentication and I am trying to get the (seemingly) basic to work.

When I post to my Login action "_signInManager.PasswordSignInAsync" returns a success however my IPrincipal User does not seem to be updated. Additionally if I perform separate tests (I.E performing a userManager.FindByEmail and doing a count on the logins, or trying SignInManager.GetVerifiedUserId) I don't get any history of successful login attempts. So when the redirect happens .net has forgotten about the logged in user and acts as if it was never authenticated and I'm at a loss as to why.

It is worth noting my Identity is a separate solution that is referenced by the main solution.

Main solution:

Account Controller:

    private ApplicationSignInManager _signInManager;
    private ApplicationUserManager _userManager;

    public AccountController()
    {
        _userManager = OwinContext.GetApplicationUserManager();
        _signInManager = OwinContext.GetApplicationSignInManager();
    }

    public AccountController(ApplicationUserManager userManager, ApplicationSignInManager signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
    }

    ***Other methods***

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(Login model, string returnUrl)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }

        // This doesn't count login failures towards account lockout
        // To enable password failures to trigger account lockout, change to shouldLockout: true
        var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);

        switch (OwinContext.SignInResult(result))
        {
            case OwinContext.SignInStatus.Success:
                if (User.IsInRole("Admin") || User.IsInRole("SuperAdmin"))
                {
                    return RedirectToAction("UserList");
                }

                return RedirectToLocal(returnUrl);
            case OwinContext.SignInStatus.LockedOut:
                return View("Lockout");
            case OwinContext.SignInStatus.RequiresVerification:
                return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
            case OwinContext.SignInStatus.Failure:
            default:
                ModelState.AddModelError("", "Invalid login attempt.");
                return View(model);
        }
    }

OWIN Context

    private static IOwinContext GetOwinContext()
    {
        return HttpContextWrapper.GetCurrentContext().GetOwinContext();
    }

    public static ApplicationSignInManager GetApplicationSignInManager()
    {
        var applicationSignInManager = GetOwinContext().Get<ApplicationSignInManager>();

        return applicationSignInManager;
    }

Identity solution

Startup.cs

using System.Data.Entity;
using Microsoft.Owin;
using Owin;
using Shared_Identity.IdentityConfig;
using Shared_Identity.Models.Context;

namespace Shared_Identity
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            //ConfigureAuth(app);
            Database.SetInitializer<SharedIdentity>(null);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
        }
    }
}

I have tried the below:
https://stackoverflow.com/a/27282956/4046026
https://stackoverflow.com/a/30734550/4046026 - (confirmed DB connection string is correct)
https://stackoverflow.com/a/24643382/4046026
https://stackoverflow.com/a/27500097/4046026
along with looking at a few misc tutorials from Google but everywhere seems to suggest this should be straightforward. I'm probably missing something simple or have a conceptual issue.

Community
  • 1
  • 1
Lee
  • 366
  • 2
  • 12

1 Answers1

2

Hao Kung's answer on: https://stackoverflow.com/a/19102266/4046026 solved my problem.

Specifically:

you need the follow changes in your Startup.Auth.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login")
    });
Community
  • 1
  • 1
Lee
  • 366
  • 2
  • 12