1

I've got a web application that I'm working on that uses claims authentication, but I've got an issue with it dropping the logged in user whenever anyone refreshes the page. It sounds very similiar to this issue here: https://www.sitefinity.com/developer-network/forums/developing-with-sitefinity-/httpcontext-current-user-identity-isauthenticated-is-false-after-response-redirect but unfortunately I can't just switch over to forms based authentication because I also need to use the openid stuff to connect into facebook etc.

I've got the following code in my global.asax.cs 

protected void Application_Start(object sender, EventArgs e)
        {
            Telerik.Sitefinity.Abstractions.Bootstrapper.Initialized += Bootstrapper_Initialized;
            //  RegisterWebApiFilters(GlobalConfiguration.Configuration.Filters);
            System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier = System.Security.Claims.ClaimTypes.NameIdentifier;            
        }

 protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {
            var identity = System.Web.HttpContext.Current.User.Identity as System.Security.Claims.ClaimsIdentity;
            var claimsUser = ClaimsManager.GetCurrentIdentity();
            //identity.AddClaim(new System.Security.Claims.Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", identity.Name));
            identity.AddClaim(new System.Security.Claims.Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", identity.Name));
            //System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier = System.Security.Claims.ClaimTypes.NameIdentifier;
        }

The identity variable in the code above shows the logged in user fine before reloading the page, including that it's stored in the cookies, but upon reload comes back as an anonymous user.

I think I've got the web.config configured correctly too. I've got the identitymodel set to the following: 

<system.identityModel.services>
    <federationConfiguration>
      <wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="false" />
      <cookieHandler requireSsl="false" />
    </federationConfiguration>

Any ideas would be appreciated.

mwgriffith
  • 550
  • 3
  • 6

1 Answers1

0

I think you have faced the AntiforgeryToken error while submitted any form data and placed the code in Application_AuthenticateRequest Event try the below code may work for you! because with each request you are adding Claim... where as I am checking claim with each request if not added then add the claim else passover. 

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        var identity = System.Web.HttpContext.Current.User.Identity as System.Security.Claims.ClaimsIdentity;

        if (!identity.FindAll(System.Security.Claims.ClaimTypes.NameIdentifier).Any())
        {
            identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, System.Web.HttpContext.Current.User.Identity.Name));
        }
        System.Web.Helpers.AntiForgeryConfig.UniqueClaimTypeIdentifier = System.Security.Claims.ClaimTypes.NameIdentifier;
    }
Muhammad Essa
  • 142
  • 1
  • 10