Re-challenge authenticated users in ASP.NET Core

Question

I\'m running into some issues with the authentication pipeline in ASP.NET Core. My scenario is that I want to issue a challenge to a user who is already authenticated using Open

Answer 1

I found a hint and the solution here: https://github.com/aspnet/Security/issues/912. ChallengeBehavior.Unauthorized is the "key".

This post gives the current (november 2016 - ASPNet 1.0.1) workaround: https://joonasw.net/view/azure-ad-b2c-with-aspnet-core

You'll need a new ActionResult to be able to call the AuthauticationManager.ChallengeAsync with the ChallengeBehavior.Unauthorized behavior.

Once the issue https://github.com/aspnet/Mvc/issues/5187 will be sucessfully closed, this should be integrated.

I tested it and it worked perfectly well (my goal was simply to extend Google scopes on a per user basis).

Answer 2

Try to sign out:

public void RefreshSession()
{
      HttpContext.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
      HttpContext.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
      HttpContext.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
}