From 10b2c70ffe4d6155fad901f7c7cffa858ba7cda2 Mon Sep 17 00:00:00 2001
From: Brock Allen <brockallen@gmail.com>
Date: Thu, 29 Jun 2023 12:42:29 -0400
Subject: [PATCH 1/2] check for IsAuthenticated in addition to Succeeded when
 calling AuthenticateAsync

---
 src/IdentityServer/Services/Default/DefaultUserSession.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/IdentityServer/Services/Default/DefaultUserSession.cs b/src/IdentityServer/Services/Default/DefaultUserSession.cs
index c128f5507..76dd21f11 100644
--- a/src/IdentityServer/Services/Default/DefaultUserSession.cs
+++ b/src/IdentityServer/Services/Default/DefaultUserSession.cs
@@ -141,7 +141,7 @@ protected virtual async Task AuthenticateAsync()
             }
 
             var result = await handler.AuthenticateAsync();
-            if (result != null && result.Succeeded)
+            if (result != null && result.Succeeded && result.Principal.Identity.IsAuthenticated)
             {
                 Principal = result.Principal;
                 Properties = result.Properties;

From 14e2e76fca6374fd40260e5a0b358ea373e2514b Mon Sep 17 00:00:00 2001
From: Brock Allen <brockallen@gmail.com>
Date: Thu, 29 Jun 2023 12:51:41 -0400
Subject: [PATCH 2/2] add test to confirm IsAuthenticated check

---
 .../Services/Default/DefaultUserSessionTests.cs      | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs b/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs
index e5b360415..cfea6316a 100644
--- a/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs
+++ b/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs
@@ -202,13 +202,23 @@ public async Task adding_client_should_set_item_in_cookie_properties()
     }
 
     [Fact]
-    public async Task when_authenticated_GetIdentityServerUserAsync_should_should_return_authenticated_user()
+    public async Task when_handler_successful_GetIdentityServerUserAsync_should_should_return_authenticated_user()
     {
         _mockAuthenticationHandler.Result = AuthenticateResult.Success(new AuthenticationTicket(_user, _props, "scheme"));
 
         var user = await _subject.GetUserAsync();
         user.GetSubjectId().Should().Be("123");
     }
+    
+    [Fact]
+    public async Task when_handler_successful_and_identity_is_anonymous_GetIdentityServerUserAsync_should_should_return_null()
+    {
+        var cp = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("xoxo", "1") }));
+        _mockAuthenticationHandler.Result = AuthenticateResult.Success(new AuthenticationTicket(cp, _props, "scheme"));
+
+        var user = await _subject.GetUserAsync();
+        user.Should().BeNull();
+    }
 
     [Fact]
     public async Task when_anonymous_GetIdentityServerUserAsync_should_should_return_null()