Asp.net core cookie authentication too many requests

Question

I am following Cookie Middleware to add authentication for my simple web application.

I have added the below code in startup.cs Configure method.

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    AuthenticationScheme = "Cookies",
    LoginPath = new PathString("/Account/Login/"),
    AccessDeniedPath = new PathString("/Account/Error/"),
    AutomaticAuthenticate = true,
    AutomaticChallenge = true
});

When i accessing /Home, it redirects to /Account/Login but page doesn't open and getting error message as

The localhost page isn’t working : localhost redirected you too many times.

The url appends with same login page many times and look like

http://localhost:5000/Account/Login/?ReturnUrl=%2FAccount%2FLogin%2F%3FReturnUrl%3D%252FAccount%252FLogin%252F%253FReturnUrl%253D%25252FAccount........%2FHome

What i did wrong? Help me to solve this.

Answer 1

This is because your /Account/Login action also requires login, which causes an infinite redirect loop. Add AllowAnonymousAttribute on this action.

Answer 2

Just an addendum for anyone else running into this problem - check web.config to see if it has something like this:

<authorization>
    <deny users="?"/>
</authorization>

That caused my webforms app to error even though I'd set Windows Authentication to Disabled & Anonymous Authentication to Enabled

Answer 3

In my case the /Account/Login controller already has the AllowAnonymous attribute but I keep getting the message

The localhost page isn’t working : localhost redirected you too many times.

The problem was in the IIS configuration. I had to change some options in the authentication tab. I had to disable the Windows Authentication option and enable the Anonymous Authentication option.