Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OnValidateIdentity session is null - Mvc Owin

Currently, I have problems when access Session in OnValidateIdentity - HttpContext.Current.Session is null. What's wrong? My application as below:

  • I have 2 project : Mvc vs WebApi

I want user will logout when I changed password -> change security stamp. I implement as: The Mvc Project will validate SecurityStamp changed when user request. And I'm will get SecurityStamp from other webapi website . This mean My mvc not access directly to database that through out webapi. And I'm must be input token in authorize header to get securitystamp from webapi. But, I can't access token from session , when I login successfully I stored the token in the Session. Code example:

public void ConfigureAuthentication(IAppBuilder app)
    {            
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            CookieSecure = CookieSecureOption.SameAsRequest,
            LoginPath = new PathString("/Home"),
            LogoutPath = new PathString("/Account/Logout"),
            ExpireTimeSpan = TimeSpan.FromMinutes(30),
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity = async ctx =>
                {
                    var claim = ctx.Identity.FindFirst("SecurityStamp");
                    var accessToken = HttpContext.Current.Session["token"].ToString();

                    using (HttpClient httpClient = new HttpClient())
                    {
                        // Used accessToken variable for httpClient
                        // TODO Get security stamp from webapi . Ex :
                        string securityStampWebApi = "demo";
                        if (securityStampWebApi != claim.Value)
                        {
                            ctx.RejectIdentity();
                        }
                    }
                }
            }
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    }

suggestion other implementaion to I can finish this case.

like image 637
Quan Truong Avatar asked Feb 12 '23 14:02

Quan Truong


1 Answers

The cookie middleware runs at the authenticate stage in the IIS pipeline, which is prior to HttpContextor session state being made available. So you will need to work without it.

like image 51
Shoaib Shakeel Avatar answered Feb 25 '23 11:02

Shoaib Shakeel