1

I have upgraded from asp.net core 1.0 to asp.net core 2.0 I need url based authentication which create a authorized cookie. There is no Login page. If url contains certain token I need to authenticate the request if not redirect them to error page. I am stuck in redirect loop. what's wrong in my code

ConfigureServices method

 services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(options =>
                {
                    options.LoginPath = new PathString("/Error/");
                    options.AccessDeniedPath = new PathString("/Error/");
                    options.SlidingExpiration = true;
                    options.ExpireTimeSpan = TimeSpan.FromMinutes(20);

                });

Configure Method

app.UseAuthentication();
app.ValidateRequest(Configuration);

In validaterequest middleware

public Task Invoke(HttpContext context)
        {
                context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                   principal,
                   new AuthenticationProperties
                   {
                       ExpiresUtc = DateTime.UtcNow.AddSeconds(expiration),
                       IsPersistent = true,
                       AllowRefresh = true,
                       IssuedUtc = DateTime.UtcNow,
                   });
return _next.Invoke(context);
}


[MiddlewareFilter(typeof(validaterequestPipeline))]
    public class HomeController : Controller
    {
      [Authorize]
        [HttpGet]
        public IActionResult Index()
        {
        }
   }
Improve this question
8
  • Reference Using Cookie Authentication without ASP.NET Core Identity Commented Feb 8, 2018 at 17:54
  • I based it on that but something is not working Commented Feb 8, 2018 at 17:57
  • 3
    Are you awaiting the sign in? You provided code does not show that. provide a minimal reproducible example that can be used to reproduce the problem, allowing a better understanding of what is being asked. Commented Feb 8, 2018 at 18:00
  • Ok with cookies there is at least 2 steps. You authenticate and then a cookie is passed back in the response. That cookie is then used on subsequent request. In your example you are trying to set the cookie and use it in the same request Commented Feb 8, 2018 at 18:05
  • Can you please give me an example? Commented Feb 8, 2018 at 18:06

1 Answer 1

Reset to default
2

Login was working properly on http/localhost but once it is on https/subdomain.domain.com it didn't work. Change was to do this

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
    options.LoginPath = new PathString("/account/signin");
    options.SlidingExpiration = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
    options.Cookie.SameSite = SameSiteMode.None;
});

options.Cookie.SameSite = SameSiteMode.None;

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.