'.NET Core Cookie Authentication SignInAsync not working
I have a cookie authentication based core project using the AspNetCore.Authentication.Cookies but I can't seem to make the user to authenticate. I have read similar threads but none of the solutions provided seem useful.
[HttpPost]
public async Task<IActionResult> CookieAuth(ITwitterCredentials userCreds)
{
var claims = new[] {
new Claim("AccessToken" , userCreds.AccessToken),
new Claim("AccessTokenSecret", userCreds.AccessTokenSecret)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "CookieAuthentication"));
await HttpContext.Authentication.SignInAsync("CookieAuthentication", principal);
return Ok();
}
and startup.cs configure method
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = "CookieAuthentication",
LoginPath = new PathString("/"),
AccessDeniedPath = new PathString("/"),
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
The user does not seem to authenticate as HttpContext.User.Identity.IsAuthenticated always returns false.
Any idea why this might not be working?
Solution 1:[1]
as of .net 2.x, if you're using cookie auth, ensure you include the authenticationScheme, the identity and auth properties.
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, email));
identity.AddClaim(new Claim(ClaimTypes.Name, email));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
var principal = new ClaimsPrincipal(identity);
var authProperties = new AuthenticationProperties
{
AllowRefresh = true,
ExpiresUtc = DateTimeOffset.Now.AddDays(1),
IsPersistent = true,
};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(principal),authProperties);
return RedirectToPage("dashboard");
Solution 2:[2]
Try to clear browser cache and cookies, then retry.
Solution 3:[3]
In my case it was options.Cookie.SecurePolicy, our hosted application was not on HTTPS yet.
.AddCookie(config =>
{
config.Cookie.HttpOnly = true;
//options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
config.Cookie.SameSite = SameSiteMode.Lax;
config.Cookie.Name = CookieAuthenticationDefaults.AuthenticationScheme;
config.LoginPath = "/Login";
});
Solution 4:[4]
I think your startup configure service missing the following lines of code:
app.UseAuthentication();
app.UseAuthorization();
Solution 5:[5]
Usually this happens when you try to run with Http, enable SSL should fix your problem, its in the project Debug section.
Solution 6:[6]
As explaned in the previous answers, essentialy you should add Name and Role claims to your new identity. If your HttpContext.SignInAsync method succeeded your HttpContext is now depends on cookies and you are authenticated. I just want to add a very important point about placing middleware handlers in Configure method of the Startup class.
If you try to get your context filled with identity values, do it after your authentication middleware.
Otherwise in your middleware you'll get HttpContext blank (without identity data).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | hellow |
| Solution 2 | |
| Solution 3 | Amit Kakkar |
| Solution 4 | Salahuddin Ahmed |
| Solution 5 | Suren |
| Solution 6 | ???????? |