Unexpected response when requesting content-length header value

Expected behaviour: Requesting the value of the 'Content-Length' header for requests that do not have this present, the result should be null. Actual behaviour: Requesting the value of the 'Con...

Id #446 | Release: None | Updated: Thu at 10:55 AM by richzilla | Created: Thu at 10:55 AM by richzilla

SecurityStampValidator has the security stamp claim type hard coded

The SecurityStampValidator is not configurable to use a different security stamp claim type, it requires this: Constants.DefaultSecurityStampClaimType However, the ClaimsIdentityFactory allows ...

Id #444 | Release: None | Updated: Feb 4 at 8:43 AM by Shandem | Created: Feb 2 at 1:56 PM by Shandem

CookieAuthenticationHandler cookie expiry incorrect

As far as I can tell, the CookieAuthenticationHandler suffers from the same cookie expiry issue reported here for aspnetcore: https://github.com/aspnet/Security/pull/286 where this occurs: c...

Id #443 | Release: None | Updated: Feb 4 at 6:40 AM by Tratcher | Created: Feb 2 at 10:39 AM by Shandem

Microsoft.Owin replaces + in cookies with a single space.

This caused me a massive headache when dealing with base64 encoded cookies from FAM/SAM (Ws-Federation in ASP.NET). I found the specific line of code that does the replacement. OwinHelpers.cs i...

Id #442 | Release: None | Updated: Jan 28 at 7:54 PM by crosscifixio | Created: Jan 28 at 6:04 PM by psibernetic

Microsoft.Owin.Testing preset headers on test client

Hi, We're quite happy with the Owin in-memory pipeline. It helps us produce a number of tests that were otherwise pretty hard to do. There is however one thing I'd wish it would let me do. I...

Id #441 | Release: None | Updated: Jan 27 at 5:23 PM by Tratcher | Created: Jan 27 at 12:34 PM by WMeints

Propogate async context when run in IIS

When run in IIS - context that set by owin middleware is never reaches Controller. When I set call context in middleware and than attempt to get it in MVC controller - it is empty. When execution c...

Id #440 | Release: None | Updated: Feb 1 at 5:19 PM by gorkar | Created: Jan 17 at 6:39 PM by SergeyKanzhelev

facebook oauth2 email problem fix

http://stackoverflow.com/a/32636149/4594225

Id #439 | Release: None | Updated: Dec 22, 2015 at 7:25 PM by Tratcher | Created: Dec 22, 2015 at 6:39 PM by alisherdavronov

HttpListenerResponse.Abort crashes server (Mono)

Hello! I've already described this bug in Mono's bugtracker: https://bugzilla.xamarin.com/show_bug.cgi?id=33254#c4 But I think this bug won't fix soon. And I hope there is something that I can...

Id #438 | Release: None | Updated: Dec 10, 2015 at 6:00 PM by Tratcher | Created: Dec 9, 2015 at 8:09 AM by AlexMAS

Query response mode not supported in OpenIDConnect

The Microsoft.Owin.Security.OpenIdConnect middleware exclusively supports the form_post response mode for handling response messages. While the OpenID Connect v1.0 specifications support 2 more res...

Id #437 | Release: None | Updated: Dec 8, 2015 at 4:59 PM by Tratcher | Created: Dec 8, 2015 at 1:49 PM by RobinIT

Authorization Code Flow not supported in OpenIDConnect

The Microsoft.Owin.Security.OpenIdConnect does not implement Authorization Code Flow. See OpenidConnectAuthenticationHandler.cs:247 in v3.0.1 // code is only accepted with id_token, in this versi...

Id #436 | Release: None | Updated: Dec 9, 2015 at 3:26 PM by Tratcher | Created: Dec 8, 2015 at 1:35 PM by RobinIT