Reputation: 21
ASP.NET Identity authentication is false when I switch from https to http
I am using Asp.Net Identity and when I login in https login page and come to http home page I am seeing User.Identitiy.IsAuthenticated is false.
Is there someone who can explain why this is happening ?
Thanks
Ünal
Upvotes: 0
Views: 62
Answers (1)
Reputation: 64923
If I'm not mistaken, since you've logged in from HTTPS, the cookie is secure and it won't be sent through insecure channels like plain HTTP.
What's the solution? There's no viable solution: if you authenticate users and work with security data, your data exchange must go over the wire through HTTPS or you're absolutely open to man-in-the-middle attacks to steal your users' credentials (and other data like claims)....
Further reading: Reading cookies via HTTPS that were set using HTTP
Upvotes: 2
Related Questions
- What are the correct version numbers for C#?
- Create Generic method constraining T to an Enum
- Is there a reason for C#'s reuse of the variable in a foreach?
- A potentially dangerous Request.Form value was detected from the client
- ASP.NET Web Site or ASP.NET Web Application?
- Why not inherit from List<T>?
- How do you create a dropdownlist from an enum in ASP.NET MVC?
- ASP.NET Identity DbContext confusion
- Try-catch speeding up my code?
- ASP.NET Identity - HttpContext has no extension method for GetOwinContext