locked
[Authorize] Attribute causes BadRequest error RRS feed

  • Question

  • User297458589 posted

    I have 2 applications that share cookies between them. This is the configuration in both the startup.cs:

    services.ConfigureApplicationCookie(options =>
    {
        // Cookie settings
        options.Cookie.Name = Environment.GetEnvironmentVariable(CONST.CookieName);
        options.Cookie.SameSite = SameSiteMode.Lax;
        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
        options.Cookie.Path = Environment.GetEnvironmentVariable(CONST.CookiePath);
        options.Cookie.Domain = Environment.GetEnvironmentVariable(CONST.CookieDomain);
        options.Cookie.HttpOnly = true;
        options.ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(Environment.GetEnvironmentVariable(CONST.CookieExpiryTimeSpanInMinutes)));
    
        options.LoginPath = Environment.GetEnvironmentVariable(CONST.LoginPath);
        options.AccessDeniedPath = Environment.GetEnvironmentVariable(CONST.AccessDeniedPath);
        options.SlidingExpiration = true;
    });

    The problem now is that if I load App A and App B together, login into App A then click login on App B, I get a Bad Request error. I tried to debug App B to check why it was getting this error and I discovered that when I am logged in to App A and try to login on App B, the Application doesn't know that I have already been authenticated.

    if (User.Identity.IsAuthenticated)
    {
        return LocalRedirect(returnUrl);
    }

    The line above is always false.

    I have set the Data Protection Key for all the apps:

    var ds = new DirectoryInfo("PathTOKey");
    services.AddDataProtection()
        .PersistKeysToFileSystem(ds)
        .SetApplicationName("DPName");

    After debugging, I have discovered that the [Authorize] attribute is the one that causes the error. I am unsure of what I can do to solve it. 

    Tuesday, October 15, 2019 4:08 AM

All replies