Closed andrewchilcott closed 4 years ago
andrewchilcott
commented
7 years ago Update: In the SignUpSignIn code for my WebForms project context.Session.SessionID is a valid id.
at that point context.GetOwinContext().Environment["System.Web.HttpContextBase"].Session.SessionId also returns the valid session id. So the sessionId is being cleared somewhere between the authentication challenge and the receipt of the authorization code.
franzuca
commented
6 years ago Hi, could you resolve this issue? I'm having exactly the same problem.
Thanks!
andrewchilcott
commented
6 years ago franzuca - I never resolved this and as it was taking so much of my time I abandoned the project until I had some spare time to work on it. If you do discover a solution, please let me know
franzuca
commented
6 years ago I've found some answers that says that the problem is the moment on the IIS Integrated Pipeline Stage when you try to access the HttpContext.Session.
https://stackoverflow.com/questions/37920879/httpcontext-current-session-is-null-owin
This answer makes sense, and I was able to use it on a new project, but not on my existing project. This last one always execute the middleware on a Pipeline Stage where I can't access the session.
Please take a look and tell me what do you think.
nickgalea
commented
5 years ago Hi, did you manage to solve this issue please? Have the same exact issue
TiagoBrenck
commented
5 years ago @nickgalea this sample was recently updated to a new version. Could you please double check if the problem is still happening? Thanks
TiagoBrenck
commented
4 years ago Closing since we haven't heard back from the developer and the sample got updated. Please re-open this if the error still persists in the new version.
I have downloaded the sample, built it and it worked. I substituted my tenant details and I was still able to login.
I then copied the various pieces of code over into my current project. Login fails with a null object reference at MSALSessionCache.ReadUserStateValue - httpContext.Session is null.
This is passed in at line 144 of StartupAuth.cs and is derived from notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase.
notification.OwinContext.Environment["System.Web.HttpContextBase"].Session is null
I ran the debug on the sample code and at that same point notification.OwinContext.Environment["System.Web.HttpContextBase"].Session = System.Web.HttpSessionStateWrapper and when I examined its properties saw that it contained a SessionId.
The sample is an MVC project whereas mine is a WebForms project I have only had to make one change
in the MVC project SignUpSignIn the code is: if (!Request.IsAuthenticated) { HttpContext.GetOwinContext().Authentication.Challenge(); return; } whereas in the WebForms project the SignUpSignIn code is: if (!Request.IsAuthenticated) { HttpContextBase context = new HttpContextWrapper(HttpContext.Current); context.GetOwinContext().Authentication.Challenge(); return; } as in the WebForms project HttpContext.Current returns an HttpContext object rather than an HttpContextBase object.
I have gone round and round in circles trying to determine why the code in my WebForms project produces this null reference. Can anyone point me in the right direction?