You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 20, 2018. It is now read-only.
1: The TwoFactorUserId cookie middleware seems to be set to somehow running automatically (tho the AutomaticAuthN is not set AFAICT). This has the side effect of interfering with the primary authentication cookie and the User claims. So in short, I'm seeing all the claims from both the main cookie merged with the claim in the TwoFactorUserId cookie. For example, I put this in a view:
2: Also, it's using the Name claim type to store the user's user ID, so it seems more appropriate to use the NameIdentifier claim type instead. Especially if you can't fix the first issue for RTM.
3: Once I login with 2FA, the TwoFactorUserId cookie is not getting cleared.
4: All of the above is also true for the TwoFactorRememberMe cookie and claims.
The text was updated successfully, but these errors were encountered:
brockallen
changed the title
TwoFactorUserId cookie issues
TwoFactorUserId & TwoFactorRememberMe cookie issues
Jun 1, 2016
Ok, just debugged some more... turns out all of the UseIdentity() cookie middlewares are now being set to AutomaticAuthenticate=true. Perhaps this was a change in the cookie MW defaults in RC2?
If I explicitly set the 3 of them to false (all but the app cookie) then it's working as expected.
The TwoFactorUserId cookie is still not removed upon successful 2fa tho.
RC2 tooling, new project using local accounts.
1: The TwoFactorUserId cookie middleware seems to be set to somehow running automatically (tho the AutomaticAuthN is not set AFAICT). This has the side effect of interfering with the primary authentication cookie and the User claims. So in short, I'm seeing all the claims from both the main cookie merged with the claim in the TwoFactorUserId cookie. For example, I put this in a view:
Even for an anonymous user shows:
2: Also, it's using the Name claim type to store the user's user ID, so it seems more appropriate to use the NameIdentifier claim type instead. Especially if you can't fix the first issue for RTM.
3: Once I login with 2FA, the TwoFactorUserId cookie is not getting cleared.
4: All of the above is also true for the TwoFactorRememberMe cookie and claims.
The text was updated successfully, but these errors were encountered: