I have a web site which is written with c# and .net core 3.1 MVC. for this site I have enabled SSL and role based authentication and it is hosted on some hosting provider. When I try to access the site it some times gives me a http 403 forbidden: access denied error. but if I clear the cookies of my browser and refresh the page I can access it without problem. Also I am having this problem when I try to access public (controller that dont have authorize attribute). Can anyone help me about it? Thanks a lot.
My ConfigureServices method in Startup.cs file:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IISServerOptions>(options => { options.AutomaticAuthentication = false; });
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
});
services.AddScoped<IDbInitializer, DbInitializer>();
services.AddControllersWithViews();
services.AddRazorPages();
services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.LoginPath = "/Identity/Account/Login";
options.AccessDeniedPath = "/Identity/Account/AccessDenied";
});
services.AddTransient<IMessage, EmailService>();
}
My Configure Method in Startup.cs:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDbInitializer initializer)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
//app.UseExceptionHandler("/Home/Error");
app.UseStatusCodePagesWithRedirects("/");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
initializer.Initialize();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "user_default",
pattern: "{action=Index}",
defaults: new
{area = "User", controller = "Home", action = "Index"},
constraints: new {area = "User", controller = "Home"}
);
endpoints.MapControllerRoute(
name: "products_default",
pattern: "{controller}/{mainCategory}/{category}/{product}",
defaults: new
{area = "User", action = "Index", mainCategory = "", category = "", product = ""},
constraints: new
{area = "User", controller = "Products"}
);
endpoints.MapControllerRoute(
name: "user_subcontrollers_default",
pattern: "{controller=Home}/{action=Index}/{id?}",
defaults: new
{area = "User"},
constraints: new {area = "User"}
);
endpoints.MapControllerRoute(
name: "default",
pattern: "{area=User}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
Turns out that our hosting's firewall settings was causing this issue. After they reconfigured it our 403 errors stopped. Sadly I do not know what they changed in the firewall.