-1

I have an application with claims based authentication and recently I have been having an issue where at random I lose authentication. The application usually gets it's Identity, Claims information from System.Security.Claims.ClaimsIdentity and it authorizes fine. For some reason after clicking around different pages I lose authentication and it seems to be looking in System.Security.Claims.WindowsIdentity and it exits with a null exception as there is now no more authorization information. I am also using IdentityServerV3. I apologise for the lack of specific technical data but was wondering if anyone has ever had this issue. There is no specific time that this does this after as I first thought it might be expiring. It happens very randomly. I have included screen grabs:

This was when I was authorized

This was when I was authorized

and this was 10 seconds later

enter image description here

If you need any further infromation let me know and thanks in advance!

Tieson T.
  • 20,774
  • 6
  • 77
  • 92
AndyRow123
  • 29
  • 6

1 Answers1

1

I had similar issue where losing authentication randomly, caused by three reasons I can remember,

1) multiple threading - code was executed by a different thread that doesn't have identity context

2) cookie size exceeded browser limit authentication cookie get chunked when pass back to server

3) identity server hosted in multiple instances and identity server configured to store token in memory.

Regarding your case, my gut feel which might be completely red herring, is the 1) which the thread executing your code 10 sec later is under a different identity context , I would suggest try to verify any path of your code can by multiple threading first, at the mean time check the thinktecture log that can be found in output window if you are using default logging provider to see if anything suspicious

Hope it helps

Ming
  • 730
  • 2
  • 8
  • 23