ASP.NET Identity does not authenticate user after successful sign in

Question

I am using using the "default" authentication code generated by Visual Studio, at the creation of a new project.

The authentication (using local accounts) goes well... in most of the cases. In some cases (I cannot establish a pattern), even if the result of the sign-in is "success", the user does not appear to be authenticated and it's not being redirected to the start page. This is the code:

// Validate the user password
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
var result = signinManager.PasswordSignIn(Email.Text, Password.Text, true, shouldLockout: false);
switch (result)
{                   
    case SignInStatus.Success:
         BLL.HelperMethods.LogInfo("Inside 'switch', on branch 'Success'"); 
         IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);                       
         break;
    ...
}

I can see in the log file that the result of the authentication is success. Even so, the page is not being redirected and the user is not being authenticated.

Thank you.

LATER EDIT:

I think that the following error, which appears from time to time is related to this problem:

EXCEPTION TYPE: System.Web.HttpException
EXCEPTION MESSAGE: Server cannot append header after HTTP headers have been sent.
SOURCE: Global.asax.cs -> Application_Error
STACK TRACE:    at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
   at System.Web.HttpHeaderCollection.Set(String name, String value)
   at Microsoft.Owin.Host.SystemWeb.CallHeaders.AspNetResponseHeaders.Set(String key, String[] values)
   at Microsoft.Owin.Host.SystemWeb.CallHeaders.AspNetResponseHeaders.set_Item(String key, String[] value)
   at Microsoft.Owin.Infrastructure.OwinHelpers.SetHeaderUnmodified(IDictionary`2 headers, String key, String[] values)
   at Microsoft.Owin.Infrastructure.OwinHelpers.AppendHeaderUnmodified(IDictionary`2 headers, String key, String[] values)
   at Microsoft.Owin.HeaderDictionary.AppendValues(String key, String[] values)
   at Microsoft.Owin.Infrastructure.ChunkingCookieManager.AppendResponseCookie(IOwinContext context, String key, String value, CookieOptions options)
   at Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler.<ApplyResponseGrantAsync>d__f.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<ApplyResponseCoreAsync>d__b.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<ApplyResponseAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<TeardownAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware`1.<Invoke>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNet.Identity.Owin.IdentityFactoryMiddleware`2.<Invoke>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNet.Identity.Owin.IdentityFactoryMiddleware`2.<Invoke>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNet.Identity.Owin.IdentityFactoryMiddleware`2.<Invoke>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContextStage.<RunApp>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.<DoFinalWork>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar)
   at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar)
   at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Without seeing a more complete example, a best guess would be that `Request.QueryString["ReturnUrl"]` sometimes contains a value that doesn't map to a valid action, and you haven't configured the default URL. — Tieson T., Aug 29 '17 at 07:26
This is the (logged) value of Request.QueryString["ReturnUrl"]: "/cm" - it has the same value when the login works properly and when it doesn't - having the behavior described in the post. — Diana, Aug 29 '17 at 07:42
What do you see in the developer console? Are you sure there isn't an error occurring? — Tieson T., Aug 29 '17 at 07:43
No error... I have a void Application_Error(object sender, EventArgs e) {...} in the Global.asax and it doesn't catch anything on this (but it works, it catched other errors). According to the log file, it enters the switch, it goes on the branch "case SignInStatus.Success" and it somehow redirects, because it does't get to the line which logs the end of the method, outside the "switch". Still, the user does not get redirected in the browser. — Diana, Aug 29 '17 at 07:52
Depending on where in the pipeline an error occurs, Application_Error is not always going to handle every error. Of course, if it happens earlier, you should be getting dumped to a YSOD. You may want to use something like [Fiddler](http://www.telerik.com/fiddler) to see what responses are being sent. — Tieson T., Aug 29 '17 at 08:00
Can you be clearer about "not appear to be authenticated" and "not being redirected to the start page". They are not necessarily the same. What if such a user then clicks on a protected page, what does the IsAutenticated property say? — H H, Aug 29 '17 at 08:13
When a user is authenticated (in 95% of the cases), on the upper-right corner of the screen, I see a "Hello, user@domain.com" text and the user is being redirected to application/cm. In 5% of the cases, the user enters a valid username and password, clicks the "Login" button, but it keeps seing the the login page, no error message and no "Hello user@domain.com" text. (I suppose this happens because it's not being authenticated and it's being redirected to application/cm, from where it's being redirected to the login page - since application/cm can only be accessed by authenticated users). — Diana, Aug 29 '17 at 08:37
Are you sending authenticate request via full page post instead of Ajax? Also did you check browser console if any issues logged? — Siva Gopal, Aug 29 '17 at 11:22
Yes, full page post. No, I haven't checked the browser console - will do that next time the error occurs. — Diana, Aug 29 '17 at 15:38

score 0 · Answer 1 · answered Aug 29 '17 at 18:29

0

I have found another question which describes the same problem. AND some workarounds. It seems to be a bug. You can find the solution here - ASP.NET_SessionId + OWIN Cookies do not send to browser

answered Aug 29 '17 at 18:29

Diana

287
2
6
18

ASP.NET Identity does not authenticate user after successful sign in

1 Answers1