We are seeing an occasional issue where:
- The user logs in and accesses other urls successfully.
- After 10 -15 minutes of inactivity, the same request fails with a 401 unauthorized.
We have a Custom AuthenticationAttribute and I have verified that:
- All the cookies are included as part of the request and not expired
- Also verified that the session.Id matches the ss-id.
- When I retrieve the custom session object, only the id field is populated. The other fields that I had updated in OnAuthenticated seem to be nulll/ default values.
- However, request.IsAuthenticated is false in this instance.
This is where we save the user details to session OnAuthenticated
Any suggestions as to what are the causes for request.IsAuthenticated to be false?