Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the replacement for Cookies.ApplicationCookie.AutomaticChallenge = false in ASP.NET Core 2.0 Identity?

Tags:

asp.net-core

cookies

asp.net-core-2.0

asp.net-core-identity

I upgraded from ASP.NET Core 1.1 to 2.0 and am now having 401 Unauthorized responses get changed to 302 Redirect responses. This was previously an issue for me in 1.1 and was mitigated with the following code:

services.AddIdentity<User, IdentityRole>(identityOptions =>
{
    identityOptions.Cookies.ApplicationCookie.AutomaticChallenge = false;
})

However, there is no longer a Cookies property on identityOptions.

I have tried adding the following as well (and also note that I previously did not need this extension method in my app):

services.AddCookieAuthentication(cookieAuthenticationOptions => {
    cookieAuthenticationOptions.LoginPath = ""; // also tried null
    cookieAuthenticationOptions.AccessDeniedPath = ""; // also tried null
    cookieAuthenticationOptions.LogoutPath = ""; // also tried null
});

That code appears to have no effect to the default redirect paths or behaviors. How can I prevent these redirects in Core 2.0?

like image 691
Matthew Steven Monkan Avatar asked Jul 23 '17 22:07

Matthew Steven Monkan

1 Answers

As explained in https://github.com/aspnet/Announcements/issues/262, you must now configure the default scheme handlers at the global level, using the services.AddAuthentication() extension.

To prevent the cookies handlers registered by Identity from handling challenges, replace DefaultChallengeScheme by the scheme corresponding to a different handler (e.g the JWT bearer handler).

services.AddIdentity<User, IdentityRole>();

services.AddAuthentication(options =>
{
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});

If - for whatever reason - choosing a different handler is not an option for you, then you'll have to use services.ConfigureApplicationCookie() to register a custom CookieAuthenticationEvents.(On)RedirectToLogin event to change the way Identity returns a "unauthorized response".

Here's an example returning a 401 response:

services.ConfigureApplicationCookie(options =>
{
    options.Events.OnRedirectToLogin = context =>
    {
        context.Response.StatusCode = 401;

        return Task.CompletedTask;
    };
});
like image 97
Kévin Chalet Avatar answered Oct 18 '22 21:10

Kévin Chalet
Sign in to Comment

Related questions

ie9 loses cookies after redirect
How to create a simple PHP cookie language toggle?
How to delete a cookie on server with JAX-RS NewCookie?
What should I use for express.cookieParser() secret?
Disable google tag manager according to the decision of single users (opt-out)
Chrome Postman does not show Cookies button
ASP.Net MVC Cookies Best Practices
Why might my users be being logged out after a minute or so?
Rack Session Cookie and Sinatra - setting and accessing data
Cookies expiration not working in C#
How do I set a cookie for an integration test in Rails?
Cookies not being stored with Fetch
Loadbalancer SSL Termination & secure cookie
Fail to create cookies while using ngrok with header rewrite
Url rewrite in apache based on cookie value
Set-Cookie: Expire property, clock skew and Internet Explorer issue
how can i extend the cookie expiration time in php everytime i i regenerate the session id?
Cookie Domain contains Dot?
How does websockets deal with for two tabs of the same browser
How to describe interaction between web server and web client?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!