I am working on converting a DotNet 4.5 MVC/WebAPI application to AspNetCore 2.0, and I'm having some trouble getting my Cookie authentication working again. When I set the cookie and try to access a secure method, I can't get there. When I go into an anonymous method and inspect the user object, it is empty - no authentication type, no claims, etc.
I have followed this article as best I can: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x. I am not using Identity.
My code in startup.cs ConfigureServices is as follows:
services.AddAuthentication("ACE_AUTH")
.AddCookie("ACE_AUTH", options =>
{
options.AccessDeniedPath = "/Home/Index/";
options.LoginPath = "/Home/Index/";
});
My code in the Configure method:
app.UseAuthentication();
The Principal is fully populated when this is called. Where I am setting my cookie:
await HttpContext.SignInAsync("ACE_AUTH", samlData.Principal);
Nothing I have tried has caused my claims to show up when attempting to Authenticate the user.
Here is what is working for me: Most of what I learned comes from this microsoft doc but as you said the documentation doesn't seem to take you all the way there.
in startup.cs
And then in your controller that handles authentication:
If you can authenticate and assign loggedIn the result of your authentication request, you should be able to store claims in the cookie. You can then recall that claim in a controller that might be doing authorization/recalling values using the following: