skip to Main Content

Here is the code inside login method:

await HttpContext.SignInAsync(
                            CookieAuthenticationDefaults.AuthenticationScheme,
                            new ClaimsPrincipal(identity),
                            new AuthenticationProperties
                            {
                                IsPersistent = true,
                                AllowRefresh = true,
                                ExpiresUtc = DateTimeOffset.UtcNow.AddHours(10),
                            });
return RedirectToAction("Index", "UserDashBoard");

2

Answers


  1. There is nothing wrong with this part of the code you provided. I’m guessing the problem might be in the configuration of your Program.cs file.

    When authentication and authorization middleware are in the wrong order, there may be situations where cookies cannot be set. Make sure your middleware is in the following order:

    app.UseAuthentication();
    app.UseAuthorization();
    

    In some cases, if it is not configured to use HTTPS, the cookie will not be sent to the browser, which will also lead to the situation you describe.

    Please check if you have the above two phenomena in your application, here is an official document and a working example, you can refer to it.

    If you still can’t figure out the problem, please provide a minimal reproducible example.

    Login or Signup to reply.
  2. This is how I create session

            #region User found and create session
    
            // set default claims
            var claims = new List<Claim>
                {
                    new Claim(ClaimTypes.Email, user.Username),
                    new Claim(ClaimTypes.Name, user.Name),
                    new Claim(CustomClaimTypes.UserId, user._id.ToString())
                };
    
            // set user role claims
            foreach (var roleName in user.Roles)
            {
                Claim roleClaim = new Claim(ClaimTypes.Role, roleName);
                claims.Add(roleClaim);
            }
    
            var claimsIdentity = new ClaimsIdentity(
                claims, CookieAuthenticationDefaults.AuthenticationScheme);
    
            var authProperties = new AuthenticationProperties
            {
                //AllowRefresh = <bool>,
                // Refreshing the authentication session should be allowed.
    
                ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(120),
                // The time at which the authentication ticket expires. A 
                // value set here overrides the ExpireTimeSpan option of 
                // CookieAuthenticationOptions set with AddCookie.
    
                IsPersistent = Input.RememberMe,
                // Whether the authentication session is persisted across 
                // multiple requests. Required when setting the 
                // ExpireTimeSpan option of CookieAuthenticationOptions 
                // set with AddCookie. Also required when setting 
                // ExpiresUtc.
    
                IssuedUtc = DateTimeOffset.UtcNow,
                // The time at which the authentication ticket was issued.
    
                //RedirectUri = <string>
                // The full path or absolute URI to be used as an http 
                // redirect response value.
            };
    
            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                new ClaimsPrincipal(claimsIdentity),
                authProperties);
    
            #endregion
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search