Analyze upgrading Microsoft.Owin.Security dependency

auth0 / auth0-aspnet-owin

Auth0 ASP.NET 4.5 Owin/Katana Authentication Handler

MIT License

46 stars 50 forks source link

Analyze upgrading Microsoft.Owin.Security dependency #16

Closed rolodato closed 8 years ago

rolodato commented 9 years ago

Might fix intermittent issues with getExternalIdentity returning null.

nicosabena commented 8 years ago

This entries at Stack Overflow describe the problem:

http://stackoverflow.com/questions/32928841/issue-with-https-on-production-environment

http://stackoverflow.com/questions/27976507/aspnetapplicationcookie-and-asp-net-sessionid-not-created?rq=1

The issue is with Katana, see https://katanaproject.codeplex.com/workitem/197

There's a fix here: https://github.com/KentorIT/owin-cookie-saver, and also a NuGet package: https://www.nuget.org/packages/Kentor.OwinCookieSaver.

rkralston commented 8 years ago

I plan on looking more into this next week. Please post something if you find a workaround this weekend.

nicosabena commented 8 years ago

Upgrading to the latest Microsoft.Owin and related dependencies (3.0.1) doesn't seem to fix the problem. The simple repro posted here continues to fail:

public ActionResult Index()
{
    HttpContext.GetOwinContext()
        .Response.Cookies.Append("OwinCookie", "SomeValue");
    HttpContext.Response.Cookies["ASPCookie"].Value = "SomeValue";
    HttpContext.Response.Cookies.Remove("ASPCookie");

    return View();
}

jerriep commented 8 years ago

@nicosabena Thanks for following up on this. Since upgrading makes no difference, can we close this issue?

jerriep commented 8 years ago

Nevermind. I updated to the latest versions in any case because of another issue