I have logged in manually to a .NET Core 3 Web API app as seen in the controller action below. No matter what I try, I can't seem to get the .NET framework to recognize that the application user is logged in. I am testing locally in Visual Studio, but this behavior is also reflected when I test on a server as well. Why isn't the principal that I have created and used in the HttpContext.SignInAsync method being sent to the middleware (at least it seems as though it is not)?
Note: I have seem some posts where users say you have to sign in and then make another request to the server for the new principal to take effect. I have tried this but the result is the same.
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//........
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = DefaultAuthenticationTypes.ApplicationCookie;
})
.AddCookie(DefaultAuthenticationTypes.ApplicationCookie, options =>
{
// true by default
options.SlidingExpiration = true;
// 14 days by default
options.ExpireTimeSpan = TimeSpan.FromMinutes(120);
options.Cookie.IsEssential = true;
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.LoginPath = "/Login";
options.LogoutPath = "/Logout";
});
services.AddAuthorization();
//........
}
public void Configure(IApplicationBuilder app)
{
//........
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();
app.UseCors();
//........
}
Controller Action:
ClaimsIdentity userIdentity =
new ClaimsIdentity(jwtSecurityToken.Claims, DefaultAuthenticationTypes.ApplicationCookie);
ClaimsPrincipal principal =
new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(DefaultAuthenticationTypes.ApplicationCookie, principal,
new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddDays(7)
});
AuthenticateResult authenticateResult =
await httpContext.AuthenticateAsync(DefaultAuthenticationTypes.ApplicationCookie);
//This always returns false!!!
User.Identity.IsAuthenticated
//This always returns false!!!
I hate to do this, but this code actually works. If you hit this code via the browser directly, the code logs you in as expected and it all works as expected.
What I was trying to do was get it to work via a Vue.js front end app using a .NET Core 3 Web API 2 app on the backend. For some reason, the Vue app cannot log the backend app in. When on a Vue front page and I hit the API action to login via Vue code, the .NET code logs in with no errors, but on any other call from the VUE app, the .NET app says that the user is unauthorized. I suspect that there is something going on with how the cookie is stored and data privacy around the cookie.
In the context of this question, this code works as expected. Thank you.