I created an ASP.NET Core Razor Pages web app with "Individual authentication". I then added the Identity scaffolding and ran the application, it asked for "Apply Migration" I did it. I then registered a user and logged in with that user. Everything went as smoothly.
After successful login, the application landed on the Index page.
But the problem happened when I marked my "Index.cshtml.cs" page with [Authorize] attribute and added cookie settings in my startup.cs file. The application started redirecting back to login page after successful login.
The expected behavior is that it should redirect to the Home page i.e Index.cshtml.
I checked this SO question and others but nothing is working for me.
I am not understanding where I am going wrong.
Here is my startup.cs file
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = false)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddRazorPages();
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Identity/Account/Login";
options.ExpireTimeSpan = new System.TimeSpan(0, 10, 0);
options.SlidingExpiration = true;
options.Cookie = new CookieBuilder
{
SameSite = SameSiteMode.Strict,
SecurePolicy = CookieSecurePolicy.Always,
IsEssential = true,
HttpOnly = true
};
options.Cookie.Name = "Authentication";
});
services.AddAuthorization();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseMigrationsEndPoint();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
});
}
}
Login.cshtml.cs
[AllowAnonymous]
public class LoginModel : PageModel
{
private readonly UserManager<IdentityUser> _userManager;
private readonly SignInManager<IdentityUser> _signInManager;
private readonly ILogger<LoginModel> _logger;
public LoginModel(SignInManager<IdentityUser> signInManager,
ILogger<LoginModel> logger,
UserManager<IdentityUser> userManager)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[BindProperty]
public InputModel Input { get; set; }
public IList<AuthenticationScheme> ExternalLogins { get; set; }
public string ReturnUrl { get; set; }
[TempData]
public string ErrorMessage { get; set; }
public class InputModel
{
[Required]
[EmailAddress]
public string Email { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
public async Task OnGetAsync(string returnUrl = null)
{
if (!string.IsNullOrEmpty(ErrorMessage))
{
ModelState.AddModelError(string.Empty, ErrorMessage);
}
returnUrl ??= Url.Content("~/");
// Clear the existing external cookie to ensure a clean login process
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
ReturnUrl = returnUrl;
}
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl ??= Url.Content("~/");
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
_logger.LogInformation("User logged in.");
return LocalRedirect(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning("User account locked out.");
return RedirectToPage("./Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return Page();
}
}
// If we got this far, something failed, redisplay form
return Page();
}
}
Can anybody help me on this?
Do not know the exact reason but changing the default authentication scheme worked for me.
In your startup.cs file, change
from this:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Identity/Account/Login";
options.ExpireTimeSpan = new System.TimeSpan(0, 10, 0);
options.SlidingExpiration = true;
options.Cookie = new CookieBuilder
{
SameSite = SameSiteMode.Strict,
SecurePolicy = CookieSecurePolicy.Always,
IsEssential = true,
HttpOnly = true
};
options.Cookie.Name = "Authentication";
});
to this:
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Identity/Account/Login";
options.ExpireTimeSpan = new System.TimeSpan(0, 10, 0);
options.SlidingExpiration = true;
options.Cookie = new CookieBuilder
{
SameSite = SameSiteMode.Strict,
SecurePolicy = CookieSecurePolicy.Always,
IsEssential = true,
HttpOnly = true
};
options.Cookie.Name = "MyCookie";
});