I am building a ASP.NET 4.5 application (not MVC another big story) using the .Net authentication an up to date Visual Studio 13. Yesterday I did some package manager updates that included some microsoft authentication updates. Everything was fine for a
while. Later in the day I suddenly could not log out, no errors. Searched the web for solutions and found nothing. This morning it was working fine and then late this afternoon log off stopped working again. In Chrome, which auto logs in the last user, log
out will not work. In IE, which does not auto log in, login/logout worked (after Chrome stopped working) for a while but suddenly login stopped working. I have tried closing IE, reboot my computer - no luck. Being a programmer this kind of work/doesn't behaviour
is disturbing.
My Logout code is in a logout page
protected void Page_Load(object sender, EventArgs e) {
Context.GetOwinContext().Authentication.SignOut();
Session.Abandon();
//Context.GetOwinContext().Authentication.SignOut();
//FormsAuthentication.SignOut();
//HttpContext.Current.GetOwinContext().Authentication.SignOut();
//Session.Abandon();
//Roles.DeleteCookie();
//FormsAuthentication.SignOut();
//Session.Clear();
//Session.RemoveAll();
//Session.Abandon();
Response.Redirect("~/Default.aspx", true);
}
I left in the comments to show all the different things I tried. The uncommented one works fine when logout is working, like in IE when I could login.
I will get this error in Chrome when it fails, and I get it 4 times time it happens. I have my doubts it is related.
System.Web.HttpException (0x80004005): Server cannot append header after HTTP headers have been sent.
at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
at System.Web.HttpHeaderCollection.Set(String name, String value)
at Microsoft.Owin.Host.SystemWeb.CallHeaders.AspNetResponseHeaders.Set(String key, String[] values)
at Microsoft.Owin.Host.SystemWeb.CallHeaders.AspNetResponseHeaders.set_Item(String key, String[] value)
at Microsoft.Owin.Infrastructure.OwinHelpers.SetHeaderUnmodified(IDictionary`2 headers, String key, String[] values)
at Microsoft.Owin.Infrastructure.OwinHelpers.AppendHeaderUnmodified(IDictionary`2 headers, String key, String[] values)
at Microsoft.Owin.HeaderDictionary.AppendValues(String key, String[] values)
at Microsoft.Owin.Infrastructure.ChunkingCookieManager.AppendResponseCookie(IOwinContext context, String key, String value, CookieOptions options)
at Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler.<ApplyResponseGrantAsync>d__f.MoveNext()
I do not have a redirect in a try/catch statement anywhere in my code. I fix for most with this problem.
This is my startup which is just the default one pretty much.
public partial class Startup {
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301883
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
//ExpireTimeSpan = new System.TimeSpan(14, 0, 0, 0),
SlidingExpiration = false,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)),
OnException = context => {
Debug.Log(this, "CookieAuthenticationProvider exception: \n" + context.Exception.ToString());
}
}
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
SlidingExpiration was True and I tried False to see it would help because of a comment somewhere, it didn't help. This is all quite mysterious with no exceptions on the login/logout failures. I wonder that it might be cookie related.
At this point I wonder if I can trust Owin if it can pull this kind of mysterious failure out the blue - I was working on completely unrelated forms in when it failed - it works/it doesn't. Authentication must work for me to develop let alone release the
product. Any suggestions for an alternate authentication system are welcome.
George