Menu
Using asp.net identity version 1.0.0-rc1 with Entity Framework 6.0.0-rc1 (the ones that come with Visual Studio 2013 RC).
Trying to give users an opportunity to change their UserName.
There seems to be no function for that under AuthenticationIdentityManager, so I change the data using EF (get User object for current user, change UserName and save changes).
The problem is that authentication cookies remain unchanged, and the next request fails as there is no such user.
With forms authentication in the past I used the following code to solve this.
var formsAuthCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
var isPersistent = FormsAuthentication.Decrypt(formsAuthCookie.Value).IsPersistent;
FormsAuthentication.SetAuthCookie(newUserName, isPersistent);
What should I do with asp.net identity to update the cookies?
UPDATE
The following code seems to update the authentication cookie.
var identity = new ClaimsIdentity(User.Identity);
identity.RemoveClaim(identity.FindFirst(identity.NameClaimType));
identity.AddClaim(new Claim(identity.NameClaimType, newUserName));
AuthenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant
(new ClaimsPrincipal(identity), new AuthenticationProperties {IsPersistent = false});
The remaining problem is: how to extract IsPersistent value from current authentication cookie?
963
The auth cookie should always be HttpOnly. The only way would be to make an AJAX request and let the cookie be set server-side, in which case you need to ensure you are passing any credentials over SSL. You can set HttpOnly on the cookie instance before it's saved.
Cookie-based Authentication The cookie is typically stored on both the client and server. The server will store the cookie in the database, to keep track of each user session, and the client will hold the session identifier.
AuthenticationScheme passed to AddAuthentication sets the default authentication scheme for the app. AuthenticationScheme is useful when there are multiple instances of cookie authentication and the app needs to authorize with a specific scheme. Setting the AuthenticationScheme to CookieAuthenticationDefaults.
How do you login/authenticate a user with Asp.Net MVC5 RTM bits using AspNet.Identity?
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
For the RC1, You can use the similar code.
AuthenticationManager.SignOut();
IdentityManager.Authentication.SignIn(AuthenticationManager, user.UserId, isPersistent:false);
For persistent value, you need to access the authentication cookie and retrieve the status.
Updated:
Use appropriate AuthenticationType used in place of "Bearer". Also make sure while issuing the signin ticket, you are setting the AuthenticationProperties.IsPersistent.
bool isPersistent=false;
var authContext = await Authentication.AuthenticateAsync("Bearer");
if (authContext != null)
{
var aProperties = authContext.Properties;
isPersistent = aProperties.IsPersistent;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
