In my ASP.NET MVC project, the default login path is /Account/Login. I want to configure It to be /User/Login when [Authorize] tag is used on the controller.
The following is the relevant code in Program.cs, it seems the setting in ConfigureApplicationCookie has no effect. It still redirects to /Account/Login.
Any idea what I'm missing here?
using Auth0.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddDbContextFactory<ApplicationDbContext>(options => options.UseSqlite(devConnString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/User/Login");
options.LogoutPath = new PathString("/User/Logout");
});
builder.Services.AddAuth0WebAppAuthentication(options =>
{
options.Domain = builder.Configuration["Auth0:Domain"];
options.ClientId = builder.Configuration["Auth0:ClientId"];
});
builder.Services.AddRazorPages();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseMigrationsEndPoint();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseResponseCaching();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapRazorPages();
app.Run();
AddAuth0WebAppAuthentication will configure a cookie using Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme which has a value of "Cookies".
ConfigureApplicationCookie will configure a cookie using Microsoft.AspNetCore.Identity.IdentityConstants.ApplicationScheme which has a value of "Identity.Application".
Remove the ConfigureApplicationCookie invocation, and replace it with your own CookieAuthenticationOptions configuration using the same scheme as the Auth0 library.
using Microsoft.AspNetCore.Authentication.Cookies;
//...
builder.Services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options => {
options.LoginPath = "/User/Login";
options.LogoutPath = "/User/Logout";
});
Or you can continue to use ConfigureApplicationCookie, but you'll need to tell Auth0 to use it as its cookie authentication scheme.
builder.Services.AddAuth0WebAppAuthentications(options => {
options.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme;
//...
});
If you choose this option, be sure to update your sign out logic with the cookie scheme your using.
//...
await HttpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, logoutProps);
//await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignOutAsync(IdentityConstants.ApplicationScheme);