Reputation: 11
ASP.NET CORE Sign In Cookie
I am having a lot of trouble understanding some things in Asp.NET Core. I already have a Asp.NET 4.5 application that has login authentication using FormAuthenticationTicket but my goal is to set up a Core Web Api that authenticates a user and creates a cookie for my 4.5 Application to read, and on redirect to already be signed in via cookie.
I have given both applications the same <machinekey> in the web.config and added UseCookieAuthentication with CookieAuthenticationOptions to Startup.cs but I am at a loss from here on how to replicate the FormsAuthenticationTicket inside my ApplicationController.cs in my Core application. I find that the documentation for Core is not overly consistant yet but I have been trying out a lot of suggestions to no avail.
I think the main confusion for me is that I can create a cookie in Core I am clearly not creating it correctly or most likely not authenticating correctly either.
Startup.cs in Configure function
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "ApiAuth",
CookieName = ".ASPXAUTH",
CookieHttpOnly = false,
ExpireTimeSpan = TimeSpan.FromDays(30),
SlidingExpiration = true,
AutomaticAuthenticate = true,
LoginPath = new PathString("/Application/Authorize"),
});
ApplicationController.cs
[HttpGet("Authorize/{appGuid}/{userGuid}", Name = "SignIn")]
public async Task<IActionResult> SignIn(Guid appGuid, Guid userGuid)
{
var application = Application.Find(appGuid);
var user = User.Find(userGuid);
if (application != null && user != null)
{
await HttpContext.Authentication.SignOutAsync("ApiAuth");
/****************Confusion start****************/
Claim cookiePath = new Claim(ClaimTypes.CookiePath, ".ASPXAUTH");
Claim expiration = new Claim(ClaimTypes.Expiration, DateTime.UtcNow.AddDays(30).ToString());
Claim expiryDate = new Claim(ClaimTypes.Expired, "false");
Claim persistant = new Claim(ClaimTypes.IsPersistent, "true");
Claim issueDate = new Claim("IssueDate", DateTime.UtcNow.ToString());
Claim name = new Claim(ClaimTypes.Name, user.Username);
Claim userData = new Claim(ClaimTypes.UserData, "");
Claim version = new Claim(ClaimTypes.Version, "2");
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { cookiePath, expiration, expiryDate,
persistant, issueDate, name, userData, version }, "ApiAuth"));
await HttpContext.Authentication.SignInAsync("ApiAuth", principal);
/****************Confusion end****************/
return new RedirectResult("http://localhost/MyWebsite/Repository.aspx");
}
return Unauthorized();
}
The size of the cookie is much larger than the one on my 4.5 application and I am at a loss as to where to go from here. I believe I am also causing conflicting settings with UseCookieAuthentication and the ClaimsPrincipal.
Upvotes: 1
Views: 1207
Answers (0)
Related Questions
- Create cookie with ASP.NET Core
- ASP.Net Core Cookie Authentication is not persistant
- ASP.NET Core session authentication
- .Net Core 2.2 Cookie Authentication Problem
- Cookie authentication in ASP.Net core 2.0 Web API
- Cookie Authentication ASP.NET Core
- ASP.NET core API - cookie auth
- Authentication with Cookies in ASP.NET Core
- Using Cookies based authentication in WebAPI and asp.net core
- Signing in using the CookieAuthenticationMiddleware in Asp.Net Core