ActivateSession fix for changing identity from UserName to Anonymous. F…

…ixes #1149 (#1360)

Check for unsupported UserIdentity type in ReferenceServer e.g. IssuedToken identity

Applications/ReferenceServer/ReferenceServer.cs

@@ -221,9 +221,19 @@ private void SessionManager_ImpersonateUser(Session session, ImpersonateEventArg
                 return;
             }
 
-            // allow anonymous authentication and set Anonymous role for this authentication
-            args.Identity = new UserIdentity();
-            args.Identity.GrantedRoleIds.Add(ObjectIds.WellKnownRole_Anonymous);
+            // check for anonymous token.
+            if (args.NewIdentity is AnonymousIdentityToken || args.NewIdentity == null)
+            {
+                // allow anonymous authentication and set Anonymous role for this authentication
+                args.Identity = new UserIdentity();
+                args.Identity.GrantedRoleIds.Add(ObjectIds.WellKnownRole_Anonymous);
+
+                return;
+            }
+
+            // unsuported identity token type.
+            throw ServiceResultException.Create(StatusCodes.BadIdentityTokenInvalid,
+                   "Not supported user token type: {0}.", args.NewIdentity);
         }
 
         /// <summary>

Libraries/Opc.Ua.Server/Session/Session.cs

@@ -939,12 +939,6 @@ internal void TraceState(string context)
             if (identityToken == null || identityToken.Body == null ||
                 identityToken.Body.GetType() == typeof(Opc.Ua.AnonymousIdentityToken))
             {
-                // not changing the token if already activated.
-                if (m_activated)
-                {
-                    return null;
-                }
-
                 // check if an anonymous login is permitted.
                 if (m_endpoint.UserIdentityTokens != null && m_endpoint.UserIdentityTokens.Count > 0)
                 {