locked
How does cookie authentication in identity framework work? RRS feed

  • Question

  • User-1969622893 posted

    When a user signs in, I'm able to create a new cookie cookie and send it back to their browser. However, no user is being set when I call SignInAsync. 

    Here is where I'm setting the cookie.

     var claims = new List<Claim>
                {
                    new Claim(ClaimTypes.NameIdentifier, authRequest.UserName),
                    new Claim(ClaimTypes.Name, authRequest.UserName),
                    new Claim(ClaimTypes.Email, "TestClaim@Test.com")
                };
    
                var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
    
                var authProperties = new AuthenticationProperties
                {
                    AllowRefresh = true,
                    ExpiresUtc = DateTimeOffset.UtcNow.AddDays(1),
                    IsPersistent = true,
                    IssuedUtc = DateTimeOffset.UtcNow
                };
    
                await this._httpContextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties).ConfigureAwait(true);

    Here is my startup.cs file options:

      services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                    {
                       
                        options.Cookie.Name = "MyCookie.Identity";
    
                        options.Cookie.Expiration = TimeSpan.FromDays(1);
                        
                    });

    I have no idea what is happening once SignInAsync is called, but it's setting the options in my startup.cs. When I try to relogin with the user and they send the cookie, the httpcontext.User of the request is still anonymous user.  Any help would be appreciated!

    Tuesday, July 2, 2019 6:55 PM

Answers

  • User-854763662 posted

    Hi mavendano ,

    When I try to relogin with the user and they send the cookie, the httpcontext.User of the request is still anonymous user.

    What does the "anonymous user " mean? What do you expect to be, and what are you actually getting?

    I made a test demo , but it worked . Could you share some complete code or screenshots of the results?

    Check if you add app.UseAuthentication(); with correct order in Configure method like below :

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    
    app.UseAuthentication();
    
    app.UseMvc(routes =>
    {
        routes.MapRoute(
               name: "default",
               template: "{controller=Home}/{action=Index}/{id?}");
    });

    Note : In the Configure method, use the UseAuthentication method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before calling UseMvcWithDefaultRoute or UseMvc

    Best Regards ,

    Sherry

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 3, 2019 6:33 AM

All replies

  • User-854763662 posted

    Hi mavendano ,

    When I try to relogin with the user and they send the cookie, the httpcontext.User of the request is still anonymous user.

    What does the "anonymous user " mean? What do you expect to be, and what are you actually getting?

    I made a test demo , but it worked . Could you share some complete code or screenshots of the results?

    Check if you add app.UseAuthentication(); with correct order in Configure method like below :

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    
    app.UseAuthentication();
    
    app.UseMvc(routes =>
    {
        routes.MapRoute(
               name: "default",
               template: "{controller=Home}/{action=Index}/{id?}");
    });

    Note : In the Configure method, use the UseAuthentication method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before calling UseMvcWithDefaultRoute or UseMvc

    Best Regards ,

    Sherry

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 3, 2019 6:33 AM
  • User-1969622893 posted

    Hi Sherry, 

    Thanks for the reply! Here is my startup.cs configuration. 

                services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                    {
                       
                        options.Cookie.Name = "PangaeaService.Identity";
    
                        options.Cookie.Expiration = TimeSpan.FromDays(1);
                        
                    });
    
                // Add SAML SSO Service
                services.AddSaml(Configuration.GetSection("SAML"));
    
                services.AddMvc().AddJsonOptions(options =>
                {
                    options.SerializerSettings.Converters.Add(new StringEnumConverter());
                    options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
                });

    By Anonymous user, I meant when the login request with the cookie gets sent in and a new httpcontext is created, the User sending the request does not have any claims associated with them, or their identity. Screenshot of the HttpContext  (May need to open the image in a new tabl for it to show, not sure).

    I had the AddAuthentication after AddMVC(), but still no luck after moving the AddMVC after AddAuthentication. 

    Edit: FIXED IT!

    I missed the app.UseAuthentication() line in startup.cs!! Thank you so much for the help!

    Wednesday, July 3, 2019 2:24 PM