CookieAuthenticationHandler, in case using SessionStore, cookieOptions.Expires is not set on renewal

I think I found an issue in Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler class, method ApplyResponseGrantAsync. There is a line (within "else if (_shouldRenew)" block) of where cooki...

Id #470 | Release: None | Updated: Sep 15 at 9:28 AM by JaapMosselman | Created: Sep 15 at 9:28 AM by JaapMosselman

CorsMiddleware: CorsResult.ErrorMessages not used

Method HandleCorsRequestAsync in CorsMiddleware calls TryEvaluateCorsPolicy which if an origin is not allowed the CorsEngine will add an error to CorsResult.ErrorMessages collection which also make...

Id #469 | Release: None | Updated: Sep 15 at 9:12 PM by Tratcher | Created: Sep 12 at 8:46 PM by JoLu1977

OWIN Authentication issue while hitting some pages in Web Application

OWIN Pipeline throwing exception at Microsoft.IdentityModel.Protocols.AuthenticationProtocolMessage.SetParameter(String parameter, String value) at Microsoft.IdentityModel.Protocols.WsFederati...

Id #468 | Release: None | Updated: Sep 8 at 10:57 PM by Tratcher | Created: Aug 30 at 10:38 PM by bharatgupta486

Microsoft.Owin.Security.Facebook failed to get email info.

UseFacebookAuthentication() supports option includling email scope: var opt = new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions() { AppId = System.Confi...

Id #467 | Release: None | Updated: Aug 29 at 5:22 PM by Tratcher | Created: Aug 28 at 4:02 AM by darkthread

OAuthBearerAuthenticationHandler Validates Token Expiry After JwtSecurityTokenHandler

JwtSecuritTokenHandler has a ValidateToken(...) method which performs all of the core token validation - signature, issuer, replay detection, lifetime, audience. If validation fails you get an exce...

Id #466 | Release: None | Updated: Aug 7 at 9:14 PM by philco | Created: Aug 7 at 9:12 PM by philco

Katana TraceListener may cause doubled log messages in client code

The misbehavior (and some workarounds) has been discussed on Stackoverflow already: http://stackoverflow.com/questions/17948363/tracelistener-in-owin-self-hosting A TraceListener, that was regis...

Id #465 | Release: None | Updated: Jul 13 at 1:35 PM by ML8448 | Created: Jul 13 at 1:35 PM by ML8448

Account for breaking changes in TokenValidationParameters v5

(Moved from https://katanaproject.codeplex.com/discussions/656132) This was originally posted on Github at https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issu...

Id #464 | Release: None | Updated: Aug 23 at 3:32 PM by MattOl | Created: Jul 6 at 7:25 PM by Tratcher

What is max expiry for two factor code in UseTwoFactorSignInCookie?

I'm trying to find out what is the max value for a two factor authentication code expiry in a cookie from ASP.NET Identity 2.1, and if I can set it higher than 5 minutes. I have tried setting the...

Id #463 | Release: None | Updated: Jul 18 at 12:03 PM by chriscollins442 | Created: Jul 6 at 3:21 PM by chriscollins442

URI component encoding issue in query path

Hello! There is a bug in how Katana handles encoding when building a Uri in OwinRequest. The resource path delimiters "(" and ")" are encoded which violates RFC 3986. Please see section 3.3. This...

Id #462 | Release: None | Updated: Jun 28 at 6:37 AM by jstachowiak | Created: Jun 26 at 10:59 PM by jstachowiak

Security stamp is not updated in the database by UserManager

Hi, I have written the following code to update the user's security stamp value to the database after signout. But It is not updated in the database and see the old value. Did I miss anything o...

Id #461 | Release: None | Updated: Jun 24 at 6:46 PM by Tratcher | Created: Jun 22 at 9:20 AM by dpmragu