Starting to Porting our project from .Net 4.6 to .Net Core 2.1. I got cookie Authentication working at some point. I've upgraded my libraries and changed some configuration and now only the users that have a cookie can login. No new users can login. Calling HttpContext.SignInAsync doesn't set the identity.
In my startup I have the following code to build the middle ware to support cookie authentication:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
...
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddSessionStateTempDataProvider();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.Name = "researchCookie";
options.AccessDeniedPath = new PathString("/account/create");
options.LoginPath = new PathString("/account/create");
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromDays(365);
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
options.SlidingExpiration = true;
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseAuthentication();
...
app.UseCookiePolicy(new CookiePolicyOptions
{
HttpOnly = HttpOnlyPolicy.Always,
MinimumSameSitePolicy = SameSiteMode.Lax,
Secure = CookieSecurePolicy.Always,
});
...
app.UseMvc(routes =>
{
routes.MapRoute(
name: "home",
template: " {controller=default}/{action=Index}");
});
}When I authenticate this is the code I have:
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, loginResult.AccessData.FirstName + " " + loginResult.AccessData.LastName),
new Claim(ClaimTypes.Email, loginResult.AccessData.Email),
new Claim(ClaimTypes.GivenName, loginResult.AccessData.FirstName),
new Claim(ClaimTypes.Surname, loginResult.AccessData.LastName),
new Claim(ClaimTypes.NameIdentifier, loginResult.AccessData.AccessID.ToString())
};
ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
AllowRefresh = true,
// Refreshing the authentication session should be allowed.
ExpiresUtc = DateTimeOffset.UtcNow.AddYears(2),
// The time at which the authentication ticket expires. A
// value set here overrides the ExpireTimeSpan option of
// CookieAuthenticationOptions set with AddCookie.
IsPersistent = true,
// Whether the authentication session is persisted across
// multiple requests. Required when setting the
// ExpireTimeSpan option of CookieAuthenticationOptions
// set with AddCookie. Also required when setting
// ExpiresUtc.
IssuedUtc = DateTime.Now.ToUniversalTime(),
// The time at which the authentication ticket was issued.
//RedirectUri = <string>
// The full path or absolute URI to be used as an http
// redirect response value.
};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity), authProperties);I must be doing something wrong or something in the library updates has broken this. But Like I said only people who previously logged in can login. If you delete the cookies then the identity never gets set.
Any suggestions would be greatly appreciated.