locked
Unable to retrieve claims according to the user logged in in WebApi RRS feed

  • Question

  • HI,

    I'm trying to implement Token based authentication in my application by using owin.

    Prolem that I'm facing is 
    Login with user1 and logOut and then again login with some other user e,g user2 when I retrieve user claims in ApiController using User.Identity there I see claims assigned to user1

    Here is OAuthAuthenticationProvider

             public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
            {
                context.Request.Context.Authentication.SignOut(OAuthDefaults.AuthenticationType);
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
    
                User user = await _authService.FindUser(context.UserName, context.Password);
    
                if (user == null)
                {
                    context.SetError("invalid_grant", "Invalid username or password");
                    return;
                }
    
                var identity = new ClaimsIdentity(context.Options.AuthenticationType);
                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
                identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
                identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
                var authenticationProperties = CreateProperties(user);
                var ticket = new AuthenticationTicket(identity, authenticationProperties);
                context.Validated(ticket);
                context.Request.Context.Authentication.SignIn(identity);
            }

    Here is Startup.Auth.cs 

    public void ConfigureOAuth(IAppBuilder app, IContainer container)
            {
                OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions()
                {
                    AllowInsecureHttp = true,
                    AuthenticationType = OAuthDefaults.AuthenticationType,
                    TokenEndpointPath = new PathString("/token"),
                    AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                    Provider = container.Resolve<IOAuthAuthorizationServerProvider>()
                };
    
                app.UseOAuthAuthorizationServer(oAuthServerOptions);
                app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
            }

    • Moved by CoolDadTx Wednesday, June 28, 2017 1:38 PM ASP.NET related
    Wednesday, June 28, 2017 1:35 PM

All replies