Katana TraceListener may cause doubled log messages in client code

The misbehavior (and some workarounds) has been discussed on Stackoverflow already: http://stackoverflow.com/questions/17948363/tracelistener-in-owin-self-hosting A TraceListener, that was regis...

Id #465 | Release: None | Updated: Jul 13 at 1:35 PM by ML8448 | Created: Jul 13 at 1:35 PM by ML8448

Account for breaking changes in TokenValidationParameters v5

(Moved from https://katanaproject.codeplex.com/discussions/656132) This was originally posted on Github at https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issu...

Id #464 | Release: None | Updated: Jul 12 at 3:38 PM by ESPNSTI | Created: Jul 6 at 7:25 PM by Tratcher

What is max expiry for two factor code in UseTwoFactorSignInCookie?

I'm trying to find out what is the max value for a two factor authentication code expiry in a cookie from ASP.NET Identity 2.1, and if I can set it higher than 5 minutes. I have tried setting the...

Id #463 | Release: None | Updated: Jul 18 at 12:03 PM by chriscollins442 | Created: Jul 6 at 3:21 PM by chriscollins442

URI component encoding issue in query path

Hello! There is a bug in how Katana handles encoding when building a Uri in OwinRequest. The resource path delimiters "(" and ")" are encoded which violates RFC 3986. Please see section 3.3. This...

Id #462 | Release: None | Updated: Jun 28 at 6:37 AM by jstachowiak | Created: Jun 26 at 10:59 PM by jstachowiak

Security stamp is not updated in the database by UserManager

Hi, I have written the following code to update the user's security stamp value to the database after signout. But It is not updated in the database and see the old value. Did I miss anything o...

Id #461 | Release: None | Updated: Jun 24 at 6:46 PM by Tratcher | Created: Jun 22 at 9:20 AM by dpmragu

SystemClock implementation is not monotonic

The current SystemClock implementation has an observable discrepancy where a later call to SystemClock.UtcNow produces an earlier timestamp. The current implementation: // the clock measures whole...

Id #460 | Release: None | Updated: Jun 9 at 9:54 PM by Tratcher | Created: Jun 8 at 10:35 AM by BachratyGergely

StaticFiles: max file size on range request

In the Microsoft.Owin.StaticFiles library, there is a bug that causes it to not respect range request headers for files larger than ~2GB. See RangeHelpers::TryParseLong method. It's supposed to b...

Id #459 | Release: None | Updated: Jun 2 at 6:39 PM by Tratcher | Created: Jun 2 at 2:55 PM by brazen

The state field is missing or invalid. ?

I've enabled Owin logging in 3.0.1 for our MVC website. However noticed this is turning up in the log for every user? WARN Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationMi...

Id #458 | Release: None | Updated: May 9 at 6:15 AM by micatiosoftware | Created: May 8 at 11:06 PM by micatiosoftware

EmbeddedResourceFileSystem fails to return files under folders with dashes in name

There are several web libraries with dashes in their name like d3-tip, es6-shim, font-awesome. When embedding these in an assembly and using the EmbeddedResourceFileSystem, the folder names are no...

Id #457 | Release: None | Updated: Jun 27 at 8:50 PM by troydai | Created: May 2 at 6:28 AM by jonstelly

MicrosoftAcount context properties set after OnAuthenticated

In MicrosoftAccountAuthenticationHandler.cs (ca. line 125) in AuthenticateCoreAsync, the context properties are assigned after the callback to (On)Authenticated, which is inconsistent with other pr...

Id #454 | Release: None | Updated: Apr 11 at 3:05 PM by Tratcher | Created: Apr 11 at 1:56 PM by sierratu