When changing from UserNameToken to anonymous user, the UserNameToken stays associated with the session #1149
Assignees
Labels
bug
A bug was identified and should be fixed.
Comments
AlinMoldovean
added
bug
AlinMoldovean
added a commit
to AlinMoldovean/UA-.NETStandard
that referenced
this issue
Apr 13, 2021
…ixes OPCFoundation#1149 Check for unsupported UserIdentity type in ReferenceServer e.g. IssuedToken identity
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When I log in as an anonymous user, then change the user to a user identified via UserNameToken (keeping the same session) and then switch back to the anonymous user, the session.UserToken still is the UserNameToken not an AnonymousUserToken.
Source is in SessionManager.ActivateSession() where session.ValidateBeforeActivate() returns null for the token if the session is already activated and the user is anonymous.
later on in this method session.Activate() skips calling UpdateUserIdentity() if the token is null.
The client (tested with UaExpert) signals "user change succeded".
This becomes critical when access levels are dependent on the logged in user and the server allows for multiple sessions with different users.
Not sure if simply checking the token for null and replacing it with a new AnonymousUserToken after calling session.ValidateBeforeActivate() is the correct fix.
The text was updated successfully, but these errors were encountered: