locked
Identity problem - hosting ASP.NET Core 2.1 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User845701312 posted

    Hi, I have one ASP.NET Core 2.1 MVC web application with classic identity authentication. It worked perfect while debugging on IIS. I bought two different hostings that support ASP.NET Core (I need two webs for two customers).

    One hosting has problems with Identity - standard scaffolded pages (Areas/Identity/Pages/Account folder). The user is randomly logged out before cookie expiration.  Requests to operations annotated by [Authorize] return state 302 with location of login page.

    Why is this possible? Can identity behave different on different hostings?

    Here is my startup.cs. I've tried a lot of combinations. The hosting support told me that no one has this problem.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Identity;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.Http;
    using Microsoft.AspNetCore.HttpsPolicy;
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.EntityFrameworkCore;
    using Luh.Data;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using Luh.Models;
    using Microsoft.Extensions.Options;
    using Microsoft.AspNetCore.Authentication.Cookies;
    using Microsoft.AspNetCore.Authorization;

    namespace Luh
    {
    public class Startup
    {
    private readonly TimeSpan expireTimeSpan = TimeSpan.FromDays(365);

    public Startup(IConfiguration configuration)
    {
    Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
    services.Configure<CookiePolicyOptions>(options =>
    {
    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
    options.CheckConsentNeeded = context => true;
    options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(
    Configuration.GetConnectionString("DefaultConnection")));

    services.AddDefaultIdentity<IdentityUser>()
    .AddEntityFrameworkStores<ApplicationDbContext>();
    ////////
    ////////
    services.Configure<IdentityOptions>(ops =>
    {
    ops.Password.RequireDigit = false;
    ops.Password.RequiredLength = 5;
    ops.Password.RequireLowercase = false;
    ops.Password.RequireNonAlphanumeric = false;
    ops.Password.RequireUppercase = false;
    });

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
    options.Cookie.Expiration = expireTimeSpan;
    options.ExpireTimeSpan = expireTimeSpan;
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.LoginPath = "/Identity/Account/Login";
    options.AccessDeniedPath = "/Identity/Account/Forbidden";
    options.SlidingExpiration = true;
    options.Cookie.IsEssential = true;
    //options.Cookie.SecurePolicy = CookieSecurePolicy.None;
    options.Cookie.Name = "CHUADOJDWO2019";
    });

    services.ConfigureApplicationCookie(options =>
    {
    // Cookie settings
    //options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
    options.Cookie.Expiration = expireTimeSpan;
    options.ExpireTimeSpan = expireTimeSpan;
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.LoginPath = "/Identity/Account/Login";
    options.AccessDeniedPath = "/Identity/Account/AccessDenied";
    options.SlidingExpiration = true;
    options.Cookie.Name = "CHUADOJDWO2019";
    //options.Cookie.SecurePolicy = CookieSecurePolicy.None;
    });


    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
    if (env.IsDevelopment())
    {
    app.UseDeveloperExceptionPage();
    app.UseDatabaseErrorPage();
    }
    else
    {
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    app.UseAuthentication();
    app.UseMvc(routes =>
    {
    routes.MapRoute(
    name: "areaRoute",
    template: "{area}/{controller=ElementPages}/{action=Index}/{id?}");

    routes.MapRoute(
    name: "default",
    template: "{controller=ElementPages}/{action=Index}/{id?}");

    routes.MapRoute(
    name: "page",
    template: "{name}/{lang?}",
    defaults: new { controller = "ElementPages", action = nameof(Controllers.ElementPagesController.Details) });
    });
    }
    }
    }

    Monday, September 2, 2019 12:40 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User711641945 posted

    Hi Porceque,

    I bought two different hostings

    What are the two different hostings?And how did you host your project?If you could share the detailed steps,it would be more helpful to reproduce your issue.

    Best Regards,

    Rena

    Tuesday, September 3, 2019 8:32 AM