Aspnetcore.docs: Website redirecting back to the login page after successful login
Similar to #9638
Followed the steps in the article with .net core 2.2 (mvc) and also downloaded this sample which is .net core 2.1 (razor pages) but after successful login using await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, authProperties); the website redirects to the login page.
Downloaded the sample, ran and opened authorized page. After successful login the page redirects to the back to login page and as I enter the credentials and press enter it opens the login page again.
Full debug log after POST to login:
https://pastebin.com/Wf61uAz2 (see line 11)
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: d2229fc6-f8c8-952e-e567-b1d5a463055a
- Version Independent ID: b18a015b-914d-f014-f711-120d208904d9
- Content: Use cookie authentication without ASP.NET Core Identity
- Content Source: aspnetcore/security/authentication/cookie.md
- Product: aspnet-core
- GitHub Login: @Rick-Anderson
- Microsoft Alias: riande
umair-me
All 9 comments
The sample app works here. I can't repro that behavior. Can you check in developer tools and see (after signing in with the Maria email address and any password) if the auth cookie is there?
guardrex
on 24 Feb 2019
@umair-me ... could you test a different string comparison there.
In your sample app, change this ...
... to ...
if (string.Equals(email, "[email protected]", StringComparison.OrdinalIgnoreCase))
... and try again.
guardrex
on 24 Feb 2019
Right, just figured something, seeing your screenshot, I tried this in Edge and it started to work. I was using chrome and there is some chrome extension that I have which does not save the cookie for ".AspNet.Consent" after accepting it, so which means, that the cookie for authentication is also not being saved (or deleted after saving) it worked in chrome incognito mode, so its definitely some extension causing this. After changing the cookie name to something else, this started to work. options.Cookie.Name = "Microsoft.Authentication"; Will try removing extensions one by one to find the culprit.
umair-me
on 24 Feb 2019
Marking the cookie "essential" will make it bypass that consent check. I think it goes like this ...
services.ConfigureApplicationCookie(options => options.Cookie.IsEssential = true);
... famous last words. :smile: I haven't tested that. lol
In any case, leave this issue open. I want to change that string comparison, and I should note in the topic that if the cookie is not marked essential and the GDPR bits are active that it will :boom: as you say.
Cross-ref: https://docs.microsoft.com/aspnet/core/security/gdpr
guardrex
on 24 Feb 2019
Got it, will try this essential cookie thing. Thanks.
umair-me
on 24 Feb 2019
Yes, please do let me know here if that works. I didn't test here.
guardrex
on 24 Feb 2019
Looks like ConfigureApplicationCookie only works for Identity. I'll try another approach.
guardrex
on 24 Feb 2019
Yes I think it needs to be:
.AddCookie(options =>
{
options.Cookie.IsEssential = true;
});
... and it indicates that IsEssential is true by default; therefore, I only need to mention that fact in the topic as opposed to actually setting it.
guardrex
on 24 Feb 2019
Related issues
davisnw
·
3Comments
danroth27
·
3Comments
nenmyx
·
3Comments
Rick-Anderson
·
3Comments
YeyoCoder
·
3Comments
Most helpful comment
Yes I think it needs to be: