Copy .NET Core authentication cookie to another browser works

458 views Asked by Sepehr Estaki At 13 August 2022 at 16:01

I have a website project with .NET 6 (MVC) and I use an authentication cookie for authorizing users with this config:

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options.SlidingExpiration = true;
        options.Cookie.HttpOnly = true;
        options.Cookie.SameSite = SameSiteMode.Lax;
        options.Cookie.Name = "sepsep";
        options.Cookie.IsEssential = true;
        options.ExpireTimeSpan=TimeSpan.FromDays(365);
    });

I've created the same cookie (name, value and etc) on another browser on another computer and I am authorized now on that other computer!

Is it possible to protect this cookie so it won't be copied? I mean I think this cookie should just work in my own computer and even just in that browser!

UPDATE

I use claim based method to login the user:

var claims = new List<Claim>
        {
            new Claim("UserMobile",mobile),
        };
            
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
                         {
                             IsPersistent = true
                         };

_contextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, 
                                         new ClaimsPrincipal(claimsIdentity), 
                                         authProperties);

Original Q&A

TechQA.

Copy .NET Core authentication cookie to another browser works

There are 0 answers

Related Questions in C#

Related Questions in AUTHENTICATION

Related Questions in .NET-CORE

Related Questions in AUTHORIZATION

Related Questions in COOKIE-AUTHENTICATION

Popular Questions

Popular Tags

Trending Questions