ASP MVC) HttpContext.GetOwinContext().Authentication.Challenge function is not working properly.

Question

When I tested it with the demo project in the link below, there was no problem.
I got that error when I moved the code from the demo project to my project.
In my project, the basic login & signup function was implemented, and this time I saw the demo code and added sso login.
There is nothing wrong with the first login, and an error occurs when logging in again after logging out. You will also be directed to the login page, followed the login process, but as a result, you will not be authenticated. (always false == Request.IsAuthenticated)
Even if you put a log generating code in OnAuthenticationFailed(), no log is created.
One of the differences from the demo project is that I implement Activity Manager in my project and check the unique ID of the user session.
Is it possible to predict an error based on this content?

Demo Project : https://github.com/microsoftgraph/msgraph-training-aspnetmvcapp/tree/main/Demos/01-create-app

Implement activity manager)

public static class ActivityManager  
    {  
        public static void StartActivity()  
        {  
            if (Activity.Current == null)  
            {  
                var activity = new Activity("Default Activity");  
  
                string parentIdFromHeaders = HttpContext.Current?.Request.Headers[GetRequestIdHeaderName()];  
                if (!string.IsNullOrEmpty(parentIdFromHeaders))  
                {  
                    activity.SetParentId(parentIdFromHeaders);  
                }  
  
                activity.Start();  
                Activity.Current = activity;  
  
                // Sometimes I had issues with Activity.Current being empty even though I set it  
                // So just to be sure, I add it also to HttpContext Items.  
                HttpContext.Current?.Items.Add("Activity", activity);  
            }  
        }  
  
        public static void StopActivity()  
        {  
            GetActivity()?.Stop();  
        }  
  
        public static Activity GetActivity()  
        {  
            Activity activity = Activity.Current ?? (Activity)HttpContext.Current.Items["Activity"];  
            return activity;  
        }  
  
        public static string GetRequestIdHeaderName()  
        {  
            return "Request-Id";  
        }  
  
        public static string GetRequestId()  
        {  
            Activity activity = GetActivity();  
  
            if (activity != null)  
            {  
                string activityId = activity.Id;  
                return activityId;  
            }  
  
            // For the rare cases when something happens and activity is not set  
            // Try to read Request-Id first, if none, then create new GUID  
            return HttpContext.Current?.Request.Headers.Get(GetRequestIdHeaderName())  
                    ?? Guid.NewGuid().ToString().Replace("-", "");  
        }  
    }  
  
// Global.asax  
        protected void Application_BeginRequest()  
        {  
            ActivityManager.StartActivity();  
        }  
  
        protected void Application_EndRequest()  
        {  
            ActivityManager.StopActivity();  
        }  

Thank you !

Answer 1

Hi @경태 노 ,

Thaks for reaching out.
It is very difficult to troubleshoot the error with limited information.
Is demo project versions are in sync with your project. Make sure to get core identity features by adding NuGet packages to get all the references you needed for the core identity features

Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.Cookies

In startup.cs, Enable the application to use a cookie to store information for the signed in user.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/LogOn")
});

Did you try all the possible scenarios mentioned here: https://stackoverflow.com/questions/19536955/request-isauthenticated-is-always-false

Thanks,
Shweta