I’m developing Asp.Net Core 3.1 MVC web application with Identity. My login page works fine but after adding the services.ConfigureApplicationCookie it not worked as expected and it keeps redirecting me to my local index. I can’t figure out what really happen. If I comment this block, everything works as expected.
Here is my ConfigureServices method in Startup file
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<IdentityUser, IdentityRole>(options => {
options.SignIn.RequireConfirmedAccount = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddIdentityCore<ApplicationUser>()
.AddRoles<IdentityRole>()
.AddClaimsPrincipalFactory<UserClaimsPrincipalFactory<ApplicationUser, IdentityRole>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
//.AddDefaultTokenProviders()
.AddDefaultUI();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = ".ExpirationCookie";
options.Cookie.IsEssential = true;
options.Cookie.HttpOnly = true;
options.LoginPath = "/Identity/Pages/Account/Login";
options.AccessDeniedPath = "/Identity/Pages/Account/AccessDenied";
options.ExpireTimeSpan = TimeSpan.Zero;
options.SlidingExpiration = true;
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
options.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ValidateAsync.ValidatingAsync
};
})
.Configure<SecurityStampValidatorOptions>(options =>
{
options.ValidationInterval = TimeSpan.Zero;
});
services.AddSingleton<IEmailSender, EmailSender>();
services.Configure<EmailOptions>(Configuration);
services.AddHangfire(config => config.UseSqlServerStorage(Configuration.GetConnectionString("DefaultConnection")));
services.AddHangfireServer();
services.AddControllersWithViews(); //?
services.AddRazorPages().AddRazorRuntimeCompilation(); //?
services.AddScoped<IExpirationJob, ExpirationJob>();
services.AddScoped<IReminderJob, EmailReminder>();
services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();
services.Configure<IdentityOptions>(options =>
{
// Password settings.
//options.Password.RequireDigit = true;
//options.Password.RequireLowercase = true;
//options.Password.RequireNonAlphanumeric = true;
//options.Password.RequireUppercase = true;
//options.Password.RequiredLength = 6;
//options.Password.RequiredUniqueChars = 1;
// Lockout settings.
//options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
//options.Lockout.MaxFailedAccessAttempts = 5;
//options.Lockout.AllowedForNewUsers = true;
// User settings.
//options.User.AllowedUserNameCharacters =
// "ab<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f291969794959a9b98999e9f9c9d82838081868784858a8b88b3b0b1b6b7b4b5babbb8b9bebfbcbda2a3a0a1a6a7a4a5aaaba8c2c3c0c1c6c7c4c5cacbdfdcadb2">[email protected]</a>+ ";
//options.User.RequireUniqueEmail = false;
});
}
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
From doc:
Controls how much time the cookie will remain valid from the point it is created. The expiration information is in the protected cookie ticket. Because of that an expired cookie will be ignored even if it is passed to the server after the browser should have purged it
In your ConfigureApplicationCookie,you set the cookie lifespan to zero.
Cookie authtication will never be successfully,you need to change it, like FromSeconds,FromMinutes,FromHours…
//......
options.ExpireTimeSpan = TimeSpan.FromHours(24);
//.......
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0