cookiesasp.net-corerazor-pagescookie-authentication

ASP.NET Core Razor Pages Cookie Authentication redirects to the login page after successful login


I followed the article Use cookie authentication without ASP.NET Core Identity and downloaded the sample from 2.x/Cookies.

Ran the sample in VS 2017. Opened the "contact" page as directed in the documentation and from code (that it is protected), signed in using the credentials authenticated in the code using simple string comparison, it signs in if debugged, which means it adds user principal with its claims in but redirects back to log-in page instead of the contact page.

ConfigureServices:

        services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddMvc()
        .AddRazorPagesOptions(options =>
        {
             options.Conventions.AuthorizePage("/Contact");
        })
        .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        #region snippet1   
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(options => options.ExpireTimeSpan = new System.TimeSpan(0, 10, 0));
        #endregion

        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

Configure

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        // Call UseAuthentication before calling UseMVC.
        #region snippet2
        app.UseAuthentication();
        #endregion

        app.UseMvc();

Authentication

            #region snippet1
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Name, user.Email),
                new Claim("FullName", user.FullName),
                new Claim(ClaimTypes.Role, "Administrator"),
            };

            var claimsIdentity = new ClaimsIdentity(
                claims, CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);

            var authProperties = new AuthenticationProperties
            {
                AllowRefresh = true,
                // Refreshing the authentication session should be allowed.

                ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10),
                // The time at which the authentication ticket expires. A 
                // value set here overrides the ExpireTimeSpan option of 
                // CookieAuthenticationOptions set with AddCookie.

                IsPersistent = true,
                // Whether the authentication session is persisted across 
                // multiple requests. Required when setting the 
                // ExpireTimeSpan option of CookieAuthenticationOptions 
                // set with AddCookie. Also required when setting 
                // ExpiresUtc.

                //IssuedUtc = <DateTimeOffset>,
                // The time at which the authentication ticket was issued.

                //RedirectUri = <string>
                // The full path or absolute URI to be used as an http 
                // redirect response value.
            };

            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme, 
                new ClaimsPrincipal(claimsIdentity),
                authProperties);
            #endregion

and then I redirect to the contacts page but brought back to the login page.


Solution

  • After making a test with this project, I could reproduce your issue with Chrome, it works with Edge.

    For making it work with Chrome, you could turn to launchSettings.json and change the sslPort for iisExpress to 44344 instead of 0.