I am having a weird situation in my web app whereby I can successfully sign in but not authenticated. I have checked the property: User.Identity.IsAuthenticated property and its value is false. I am using the default Account controller
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
I put a break break-point and the value of result is Success but User.Identity.IsAuthenticated is false.
Below is my code for the ConfigureServices method in Startup class:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<SchoolIdentityContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("IdentityConnection")));
services.AddIdentity<User, IdentityRole>()
.AddEntityFrameworkStores<SchoolIdentityContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = "/Account/Signin";
options.LogoutPath = "/Account/Signout";
options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
});
services.AddScoped(typeof(IAppLogger<>), typeof(LoggerAdapter<>));
services.AddScoped<IBookCategoryService, BookCategoryService>();
services.AddScoped<IBookService, BookService>();
services.AddHttpClient("chikoroapi", c =>
{
c.BaseAddress = new Uri("http://localhost:5100/api");
});
services.Configure<IdentityOptions>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 8;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
_services = services;
}
And the configure method is as below
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
ListAllRegisteredServices(app);
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
I have cross-checked with the documentation several times and I can't figure out what I am missing.
SignIn persists the given information for future requests, it does not set HttpContext.User on the current one.
You could only get User.Identity.IsAuthenticated as ture for subsequent request on login.