diff --git a/src/IdentityServer/Services/Default/DefaultUserSession.cs b/src/IdentityServer/Services/Default/DefaultUserSession.cs index c128f5507..76dd21f11 100644 --- a/src/IdentityServer/Services/Default/DefaultUserSession.cs +++ b/src/IdentityServer/Services/Default/DefaultUserSession.cs @@ -141,7 +141,7 @@ protected virtual async Task AuthenticateAsync() } var result = await handler.AuthenticateAsync(); - if (result != null && result.Succeeded) + if (result != null && result.Succeeded && result.Principal.Identity.IsAuthenticated) { Principal = result.Principal; Properties = result.Properties; diff --git a/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs b/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs index e5b360415..cfea6316a 100644 --- a/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs +++ b/test/IdentityServer.UnitTests/Services/Default/DefaultUserSessionTests.cs @@ -202,13 +202,23 @@ public async Task adding_client_should_set_item_in_cookie_properties() } [Fact] - public async Task when_authenticated_GetIdentityServerUserAsync_should_should_return_authenticated_user() + public async Task when_handler_successful_GetIdentityServerUserAsync_should_should_return_authenticated_user() { _mockAuthenticationHandler.Result = AuthenticateResult.Success(new AuthenticationTicket(_user, _props, "scheme")); var user = await _subject.GetUserAsync(); user.GetSubjectId().Should().Be("123"); } + + [Fact] + public async Task when_handler_successful_and_identity_is_anonymous_GetIdentityServerUserAsync_should_should_return_null() + { + var cp = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("xoxo", "1") })); + _mockAuthenticationHandler.Result = AuthenticateResult.Success(new AuthenticationTicket(cp, _props, "scheme")); + + var user = await _subject.GetUserAsync(); + user.Should().BeNull(); + } [Fact] public async Task when_anonymous_GetIdentityServerUserAsync_should_should_return_null()