I am able to authenticate against both Facebook and via a local database using Windows Identity and OWIN. I am able to successfully return a ClaimsIdentity in both instances. Without error, I am able to able to sign in that ClaimsIdentity with the AuthenticationManager.
I am using the scaffolded code for the MVC 5 Account controller when Individual User Accounts is selected when you create the project. I have added some debugging lines to sign-in method to provide more detail:
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
Debug.WriteLine("identity.Name = " + identity.Name);
Debug.WriteLine("identity.Claims.Count() = " + identity.Claims.Count().ToString());
Debug.WriteLine("AuthenticationManager.User.Identity.IsAuthenticated = " + AuthenticationManager.User.Identity.IsAuthenticated)
Debug.WriteLine("this.User.Identity.IsAuthenticated = " + this.User.Identity.IsAuthenticated);
}
The debug statements produce:
identity.Name = Cleo
identity.Claims.Count() = 3
AuthenticationManager.User.Identity.IsAuthenticated = False
this.User.Identity.IsAuthenticated = False
My identity is being populated by either my local db or Facebook, and when I try to sign in with the AuthenticationManager, it appears to work (or at least no error is thrown), but it appears that I have no way to figure out if the user, in the context of my application, is authenticated or not.
I used
CookieSecure = CookieSecureOption.Alwaysin Startup.Auth.cs which produced this behaviour for me. I removed it and now the Authentication is successful.