From 2cb14932f7a9b70f9d47f0b16ae18c46bf6f57d8 Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Thu, 25 Sep 2014 15:15:07 -0700 Subject: [PATCH] Disable sign out external cookie temporarily Potential SignOut bug is preventing this from working correctly for now --- samples/IdentitySample.Mvc/Startup.cs | 2 +- src/Microsoft.AspNet.Identity/SignInManager.cs | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/samples/IdentitySample.Mvc/Startup.cs b/samples/IdentitySample.Mvc/Startup.cs index 916969aa4e..6b5351727f 100644 --- a/samples/IdentitySample.Mvc/Startup.cs +++ b/samples/IdentitySample.Mvc/Startup.cs @@ -115,7 +115,7 @@ namespace IdentitySamples options.Password.RequireLowercase = false; options.Password.RequireUppercase = false; options.Password.RequireNonLetterOrDigit = false; - options.SecurityStampValidationInterval = TimeSpan.Zero; + options.SecurityStampValidationInterval = TimeSpan.FromMinutes(1); }); services.SetupOptions(options => { diff --git a/src/Microsoft.AspNet.Identity/SignInManager.cs b/src/Microsoft.AspNet.Identity/SignInManager.cs index 5aa7521ab2..2920a2799a 100644 --- a/src/Microsoft.AspNet.Identity/SignInManager.cs +++ b/src/Microsoft.AspNet.Identity/SignInManager.cs @@ -74,8 +74,9 @@ namespace Microsoft.AspNet.Identity CancellationToken cancellationToken = default(CancellationToken)) { var userIdentity = await CreateUserIdentityAsync(user); - // Always clear any external login cookies when signing in for real - Context.Response.SignOut(Options.ExternalCookie.AuthenticationType); + // Should always clear any external login cookies when signing in for real + // BUG: SignOut currently throws if auth type was not signed in + //Context.Response.SignOut(Options.ExternalCookie.AuthenticationType); if (authenticationMethod != null) { userIdentity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));