locked
Owincontext Authentication signin cookie doesn't persist RRS feed

  • Question

  • User-1166598562 posted

    Hi all.

    I'm trying to implement claims with owin authentication but I have two problems with the authentication cookie.

    First problem is that the authentication cookie is set after the login, I see it on fiddler, but when I return to the home page the cookie is lost.

    Second problem is that the cookie expiration time is less then the current time, even thu I set it to 30 minutes after, it always set to an hour less of the current time.

    This is my startup code

    app.CreatePerOwinContext<UserManager>(IdentityFactory.CreateUserManager);
    app.CreatePerOwinContext<RoleManager>(IdentityFactory.CreateRoleManager);
    app.CreatePerOwinContext<ITSectorSignInManager>(IdentityFactory.CreateSignInManager);

    app.UseCookieAuthentication(new CookieAuthenticationOptions {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString(AuthenticationCoookieConfigs.AuthenticationLogin),
    LogoutPath = new PathString(AuthenticationCoookieConfigs.AuthenticationLogout),
    CookieSecure = CookieSecureOption.Always,
    CookieName = Objects.Common.Consts.Constants.OWIN_AuthenticationCookieName,
    SlidingExpiration = true,
    //ExpireTimeSpan = TimeSpan.FromMinutes(AuthenticationCoookieConfigs.AuthenticationCookieExpirationTime),
    Provider = new CookieAuthenticationProvider
    {
    OnValidateIdentity = CookieAuthenticationFactory.ValidateEntity,
    OnResponseSignIn = CookieAuthenticationFactory.ResponseSignIn,
    OnResponseSignedIn = CookieAuthenticationFactory.ResponseSignedIn,
    OnResponseSignOut = CookieAuthenticationFactory.ResponseSignOut
    }
    });

    AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Sid;

    This is my login example

    public virtual async Task<ActionResult> Login(LoginModel model, string returnUrl)
    {
    if (!ModelState.IsValid)
    {
    return View(model);
    }

    var identity = new ClaimsIdentity(new[] {
    new Claim(ClaimTypes.Name, model.UserName),
    new Claim(ClaimTypes.NameIdentifier, model.UserName),
    new Claim("DisplayName", model.UserName)
    },
    DefaultAuthenticationTypes.ApplicationCookie);

    OwinContext.Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
    OwinContext.Authentication.SignIn(identity);
    return RedirectToAction("Index", "Home");
    }

    Can anybody help me.... I don't how to solve this....

    Thanks

    Monday, June 25, 2018 2:13 PM

Answers

  • User-1166598562 posted

    The problem was very simple.

    On the startup of the owin context I set the cookie authentication

    app.UseCookieAuthentication(new CookieAuthenticationOptions {
    
    And set the property CookieSecure as CookieSecureOption.Always

    But the request were in http and not https, that was why the cookie didn't persist
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 26, 2018 4:38 PM

All replies

  • User475983607 posted

    Second problem is that the cookie expiration time is less then the current time, even thu I set it to 30 minutes after, it always set to an hour less of the current time.

    I'm guessing your browser's timezone is not set correctly.

    Monday, June 25, 2018 3:11 PM
  • User-1166598562 posted

    Hi thanks for the reply, how can I check that?

    My windows time zone is set to UTC+00:00 this is where I live

    Monday, June 25, 2018 3:22 PM
  • User475983607 posted

    ruben.monteiro

    Hi thanks for the reply, how can I check that?

    My windows time zone is set to UTC+00:00 this is where I live

    Just double click in the clock.  However, Safari has a separate setting, if you are using Safari.

    Or perhaps the class/property does not work correctly.   Have you tried setting a breakpoint and debugging the code?

    AuthenticationCoookieConfigs.AuthenticationCookieExpirationTime

    Monday, June 25, 2018 3:29 PM
  • User-1166598562 posted

    Browser time zone is the same as the pc.

    this is a set of printscreens from my code, the first 3 images are the debug of the code with the datetimenow and the expiresutc for 20 minutes,also the printscreens of the fiddler response of the login and of the index page

    Debug

    Fiddler Login

    Fiddler Index

    The second step is of the same steps but with a expire time of 300 minutes

    Debug

    Fiddler

    Fiddler

    Maybe this could be more helpfull

    Monday, June 25, 2018 4:59 PM
  • User-1166598562 posted

    The problem was very simple.

    On the startup of the owin context I set the cookie authentication

    app.UseCookieAuthentication(new CookieAuthenticationOptions {
    
    And set the property CookieSecure as CookieSecureOption.Always

    But the request were in http and not https, that was why the cookie didn't persist
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 26, 2018 4:38 PM