OnValidateIdentity session is null - Mvc Owin


Currently, I have problems when access Session in OnValidateIdentity - HttpContext.Current.Session is null. What's I wrong . My application as below: - I have 2 project : Mvc vs WebApi - I want user will logout when I changed password -> change security stamp. - I implement as: The Mvc Project will validate SecurityStamp changed when user request. And I'm will get SecurityStamp from other webapi website . This mean My mvc not access directly to database that through out webapi. And I'm must be input token in authorize header to get securitystamp from webapi. But, I can't access token from session , when I login successfully I stored the token in the Session. Code example:

public void ConfigureAuthentication(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, CookieSecure = CookieSecureOption.SameAsRequest, LoginPath = new PathString("/Home"), LogoutPath = new PathString("/Account/Logout"), ExpireTimeSpan = TimeSpan.FromMinutes(30), Provider = new CookieAuthenticationProvider { OnValidateIdentity = async ctx => { var claim = ctx.Identity.FindFirst("SecurityStamp"); var accessToken = HttpContext.Current.Session["token"].ToString(); using (HttpClient httpClient = new HttpClient()) { // Used accessToken variable for httpClient // TODO Get security stamp from webapi . Ex : string securityStampWebApi = "demo"; if (securityStampWebApi != claim.Value) { ctx.RejectIdentity(); } } } } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); }

suggestion other implementaion to I can finish this case.


The cookie middleware runs at the authenticate stage in the IIS pipeline, which is prior to HttpContextor session state being made available. So you will need to work without it.


You should not be using HttpContext.Current in OWIN callbacks in general, that is most likely the issue. You should flow in the context provided to the callback.


  • SSLRead() return error -9806/15958)
  • Laravel 5.1 + PHPunit - API test returns always invalid argument error foreach
  • Zend Framework 2, Module Redirect
  • How to authenticate user name and password against Active Directory Federation Services (ADFS)?
  • Django: DRY principle and UserPassesTestMixin
  • How to bind comma separated list of values to List
  • (Tcl/Expect) clear screen after exit
  • Django return user model id with L
  • Mixing WebForms and MVC: What should I do with the MasterPage?
  • nodemcu custom firmware build problems
  • Laravel: Getting Session ID oddly truncates when using foreach
  • Invalid object name 'dbo.Item'
  • saving file generated by TCPDF
  • Jenkins: FATAL: Could not initialize class hudson.util.ProcessTree$UnixReflection
  • TextToSpeech.setEngineByPackageName() triggers NullPointerException
  • How to view images from protected folder with php?
  • How can I extract results of aggregate queries in slick?
  • Keep this build forever option - Jenkins
  • Webgrid not refreshing after delete MVC
  • Textfile Structure (tables)
  • How to run “Deployd” on port 80 instead of port 5000 in webserver.
  • Converting a WriteableBitmap image ToArray in UWP
  • MVC3 Razor - ListBox pre-select not working
  • Word Open XML Mail Merge
  • Django rest serializer Breaks when data exists
  • Typescript - Unable to get 'import' statement to function
  • Recording logins for password protected directories
  • Debugging ASP.NET on a built-in web server suddenly stops
  • Is there any way to access browser form field suggestions from JavaScript?
  • Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • How to extract text from Word files using C#?
  • How to check if every primary key value is being referenced as foreign key in another table
  • Sending data from AppleScript to FileMaker records
  • vba code to select only visible cells in specific column except heading
  • Hazelcast - OperationTimeoutException
  • InvalidAuthenticityToken between subdomains when logging in with Rails app
  • Unit Testing MVC Web Application in Visual Studio and Problem with QTAgent
  • Getting error when using KSoap library to consume .NET web services
  • How to get NHibernate ISession to cache entity not retrieved by primary key