Search code examples
authentication.net-corecookiesumbraco

.net 5 Authentication Cookie not set


I have a Umbraco 9 .Net 5 AspNet Core project.

I'm trying to set an auth cookie. I've followed microsofts guide and got it working in a seperate project but when trying to implement it in my Umbraco project it fails. I'm not sure why but I guess the Umbraco 9 Configuration has a part in it.

I've got as far as getting User.Identity.IsAuthenticated = true in the same controller as I sign in but as soon as I redirect to another controller the Authentication status is false.

I also try to set the LoginPath option when configure the cookie but it still redirect to the default path (/Account/Login) so something here is no working either

My StartUp.cs looks like following

 public void ConfigureServices(IServiceCollection services)
    {
        services.AddUmbraco(mEnvironment, mConfig)
            .AddBackOffice()
            .AddWebsite()
            .AddComposers()
            .Build();

        services.AddDistributedMemoryCache();

        //services.AddSession(options =>
        //{
        //    options.IdleTimeout = TimeSpan.FromSeconds(10);
        //    options.Cookie.HttpOnly = true;
        //    options.Cookie.IsEssential = true;
        //});

        services.AddControllersWithViews();
        services.AddRazorPages();

        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
        { 
            options.LoginPath = "/portal/"; //not working, still redirects to default
        });

    }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseAuthentication();
        app.UseAuthorization();


        //umbraco setup 
        app.UseUmbraco()
            .WithMiddleware(u =>
            {
                u.UseBackOffice();
                u.UseWebsite();
            })
            .WithEndpoints(u =>
            {
                u.UseInstallerEndpoints();
                u.UseBackOfficeEndpoints();
                u.UseWebsiteEndpoints();
            });


        //app.UseSession();

    }

My Login controller action looks like follows:

public async Task<ActionResult> Login()
    {
        
        var claimsIdentity = new ClaimsIdentity(new List<Claim>
        {
            new Claim(UserClaimProperties.UserRole, MemberRole, ClaimValueTypes.String)
        }, CookieAuthenticationDefaults.AuthenticationScheme);
        var authProps = new AuthenticationProperties
        {
            ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
            IsPersistent = true,
            AllowRefresh = true,
            RedirectUri = "/"
        };

                    await HttpContext.SignInAsync(
            //CookieAuthenticationDefaults.AuthenticationScheme,  //from MS-example but isAuth will be false using this
            new ClaimsPrincipal(claimsIdentity), 
            authProps);

        var isAuthenticated = User.Identity.IsAuthenticated;

        return Redirect("/myview/");
    }

If I set the Auth Scheme to "Cookies" in SignInAsync like it is in the microsoft example isAuthenticated will be false but without this I'll at least get it true here.

When redirected to the next action the User.Identity.IsAuthenticated is false.

Any suggestions why that is or why my LoginPath configuration wont work?

Edit: I don't want to create Umbraco members for each user that logs in. I just want to sign in a user to the context and be able to validate that the user is signed in by myself in my controllers.

Edit 2: I've try to catch the sign in event and got a breakpoint in that even. In my demo app(without umbraco) I'll get to the breakpoint in the one with Umbraco this breakpoint is never hit so. Is this because Umbraco probably override this or hijack the event?


Solution

  • Not sure why but after testing different Authentication schemes I got an error that the schemes I tested was not registered and I got a list of already registered schemes. I thought that by doing this

     services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
        { 
            options.LoginPath = "/portal/"; //not working, still redirects to default
        });
    

    I've registered the "Cookies" scheme.

    One of the schemes listed as registered was "Identity.Application" and by using that one I could get the User identity from the context in my redirect controller.