Aug 18, 2019 04:25 PM|PatriceSc|LINK
First could you be more specific about which authentication method you are using ? You are using Azure Active Directory with ADFS (and so AD) behind the scene maybe ?
If I understood a user can sign in using multiple mail addresses and you want the user to be recognized as the same user when he logs out and log again with another mail address? And so it seems your intent is to do something while the user is anonymous
so that when he logs out/sign in again he is recognized as being the same user ?
I would have to check but instead I would reconsider using the mail address as my technical identifier. I would have to check but you should have a better claim that doesn't change (if I remember the NameIdentifier, the OnPremSid could be also useful).
Likely overkill but ASP.NET Identity and https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.iuserloginstore-1?view=aspnetcore-2.2
is interesting to know about ie you could even built a system where a user could log using entirely different identity providers and still being recognized as the same user.