External login callback signs incorrect user
I have a strange problem with ExternalLoginCallback
method. I am logging some information in the log and what is interesting Email
is correct, but then userId
is incorrect and it belongs to another user who was logged previously.
I.e. some UserA
is logged into the system and now UserB
wants to log into the system in another
window. I am expecting that in new window UserB
will be logged in and overwrite cookies, so if I refresh first window it will show UserB
, but somehow that is not happening and in second window it shows UserA
.
Here is the code:
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
EventLogManager.LogWarning(loginInfo.Email);
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: true);
switch (result)
{
case SignInStatus.Success:
{
var userId = SignInManager.AuthenticationManager.AuthenticationResponseGrant.Identity.GetUserId();
EventLogManager.LogWarning(userId);
...
EDIT
I think I should add more clarifications. There is some action which is being called from third party - Shopify
. It looks like:
public ActionResult Callback(string code, string hmac, string shop, string state, string timestamp)
{
//this resolved the issue
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session["Workaround"] = 0;
return new ChallengeResult("Shopify", Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = "/Product/Products" }), null, shop.Replace(".myshopify.com", ""));
}
asp.net asp.net-mvc asp.net-identity shopify
add a comment |
I have a strange problem with ExternalLoginCallback
method. I am logging some information in the log and what is interesting Email
is correct, but then userId
is incorrect and it belongs to another user who was logged previously.
I.e. some UserA
is logged into the system and now UserB
wants to log into the system in another
window. I am expecting that in new window UserB
will be logged in and overwrite cookies, so if I refresh first window it will show UserB
, but somehow that is not happening and in second window it shows UserA
.
Here is the code:
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
EventLogManager.LogWarning(loginInfo.Email);
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: true);
switch (result)
{
case SignInStatus.Success:
{
var userId = SignInManager.AuthenticationManager.AuthenticationResponseGrant.Identity.GetUserId();
EventLogManager.LogWarning(userId);
...
EDIT
I think I should add more clarifications. There is some action which is being called from third party - Shopify
. It looks like:
public ActionResult Callback(string code, string hmac, string shop, string state, string timestamp)
{
//this resolved the issue
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session["Workaround"] = 0;
return new ChallengeResult("Shopify", Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = "/Product/Products" }), null, shop.Replace(".myshopify.com", ""));
}
asp.net asp.net-mvc asp.net-identity shopify
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36
add a comment |
I have a strange problem with ExternalLoginCallback
method. I am logging some information in the log and what is interesting Email
is correct, but then userId
is incorrect and it belongs to another user who was logged previously.
I.e. some UserA
is logged into the system and now UserB
wants to log into the system in another
window. I am expecting that in new window UserB
will be logged in and overwrite cookies, so if I refresh first window it will show UserB
, but somehow that is not happening and in second window it shows UserA
.
Here is the code:
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
EventLogManager.LogWarning(loginInfo.Email);
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: true);
switch (result)
{
case SignInStatus.Success:
{
var userId = SignInManager.AuthenticationManager.AuthenticationResponseGrant.Identity.GetUserId();
EventLogManager.LogWarning(userId);
...
EDIT
I think I should add more clarifications. There is some action which is being called from third party - Shopify
. It looks like:
public ActionResult Callback(string code, string hmac, string shop, string state, string timestamp)
{
//this resolved the issue
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session["Workaround"] = 0;
return new ChallengeResult("Shopify", Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = "/Product/Products" }), null, shop.Replace(".myshopify.com", ""));
}
asp.net asp.net-mvc asp.net-identity shopify
I have a strange problem with ExternalLoginCallback
method. I am logging some information in the log and what is interesting Email
is correct, but then userId
is incorrect and it belongs to another user who was logged previously.
I.e. some UserA
is logged into the system and now UserB
wants to log into the system in another
window. I am expecting that in new window UserB
will be logged in and overwrite cookies, so if I refresh first window it will show UserB
, but somehow that is not happening and in second window it shows UserA
.
Here is the code:
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Login");
}
EventLogManager.LogWarning(loginInfo.Email);
var result = await SignInManager.ExternalSignInAsync(loginInfo, isPersistent: true);
switch (result)
{
case SignInStatus.Success:
{
var userId = SignInManager.AuthenticationManager.AuthenticationResponseGrant.Identity.GetUserId();
EventLogManager.LogWarning(userId);
...
EDIT
I think I should add more clarifications. There is some action which is being called from third party - Shopify
. It looks like:
public ActionResult Callback(string code, string hmac, string shop, string state, string timestamp)
{
//this resolved the issue
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
Session["Workaround"] = 0;
return new ChallengeResult("Shopify", Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = "/Product/Products" }), null, shop.Replace(".myshopify.com", ""));
}
asp.net asp.net-mvc asp.net-identity shopify
asp.net asp.net-mvc asp.net-identity shopify
edited Nov 22 '18 at 8:43
Giorgi Nakeuri
asked Nov 21 '18 at 7:15
Giorgi NakeuriGiorgi Nakeuri
31.1k72555
31.1k72555
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36
add a comment |
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406980%2fexternal-login-callback-signs-incorrect-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53406980%2fexternal-login-callback-signs-incorrect-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Whats your logout method look like? It should be removing the cookies
– DaImTo
Nov 21 '18 at 11:04
@DaImTo, its standard. I didn't change it. How this can be related? Also if I logoff issue is resolved, but I was expecting this behavior without logging off prev user.
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie); System.Web.HttpContext.Current.Session["current_token"] = null; System.Web.HttpContext.Current.Session["current_shop"] = null; return RedirectToAction("Welcome", "Home");
– Giorgi Nakeuri
Nov 22 '18 at 8:25
@DaImTo, actually I didn't explain the whole thing. I am not using standard login procudure. I am calling ChallengeResult manually. So there is an action which is being called by third party, in that action I am calling ChallengeResult.
– Giorgi Nakeuri
Nov 22 '18 at 8:36