.NET Core 3.1 & Windows Authentication Kills Session Variables
Whenever I enable Windows Authentication on my .NET Core 3.1 application, my session variables no longer seem to persist across requests. Whenever I turn off Windows Authentication, the Session variables work again.
I enabled Session variables in the ConfigureServices() section of Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
//......
services.AddSession(delegate (SessionOptions options)
{
options.IdleTimeout = TimeSpan.FromSeconds(1800);
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
});
//......
}
I enabled Windows Authentication using web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<remove name="aspNetCore" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" hostingModel="InProcess" disableStartUpErrorPage="false">
<environmentVariables>
<environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
</environmentVariables>
</aspNetCore>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
</location>
</configuration>
I set session variables like this in one Razor page (SET.cshtml):
<div>
@Context.Session.SetString("testvar", "123");
</div>
And on another Razor page (GET.cshtml), I check to see if the variable persisted:
<div>
@Context.Session.GetString("testvar")
</div>
When Windows Authentication is enabled in web.config, the session variable "testvar" does not persist when going from SET.cshtml to GET.cshtml (GET.cshtml should display "123" but it does not). When I disable Windows Authentication, it starts working again (GET.cshtml properly displays "123").
What could be the problem?
I figured out the issue. I wasn't calling "app.UseAuthorization()" in Startup.cs.
app.UseAuthorization() needs to be called in the Configure() method in Startup.cs in order for session variables to persist across requests when Windows authentication is enabled in .NET Core:
- Why won't my button call my function with button type as button?
- Get User by email address using Microsoft Graph API
- When TwoFactorEnabled is activated, I get an error during login (implementation with Identity)
- Blazor web app couldn't find js function in external js file
- Multiple EditForm in Blazor Page
- How to pass js function argument to inline c# in cshtml?
- Blazor: Implementing 404 not found page
- How to tell when a self-hosted ASP.NET Core application is ready to receive requests?
- What kind of commands/queries can be created with MediatR?
- C# HttpRequestMessage - Host ignores the Content-Type Header I send it and complains that I am sending the wrong Content Type
- User.Identity.IsAuthenticated is false in a non-auth methods after successful login in asp.net core
- InvalidOperationException: Cannot find compilation library location for package 'System.Security.Cryptography.Pkcs'
- How to validate uploaded files in ASP.Net MVC
- .Net Core [Authorize] - Or instead of And for permission test
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Get individual error messages from modelstate
- Property Injection in ASP.NET Core
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Confirm form resubmission - ASP.NET 5 MVC
- Serialise HTML Form with time/text input type and validation of time fields
- How to show loading progress while wasm part being loaded (.NET 8, no pre-render)
- How to merge multiple arrays from ASP.Net Core configuration files?
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Pass the selected value of a dropdown in to a URL.Action so that a modal form is displayed on a button click
- Why I am getting Cascade delete cycle error when updating the database
- To have different session timeout for different users
- How to setup a beta versioning in Swagger endpoint?
- Is there a way to have dynamic regex strings in a RegularExpression attribute?
- Is there a way to have the Identity Library cookies be tied to the root domain?
- How to access Microsoft.AspNetCore.Routing namespace