TechQA.

Using Cookies based authentication in WebAPI and asp.net core

5.8k views Asked by At

Scenario:

I have a solution, in which, i have both WebAPI and Asp.Net Core MVC Project. I have implemented Cookies based authentication in WebAPI. It's working great while testing using Postman. But when i consume the WebAPI Service from my MVC project, authentication seems to be broken.

Here's my code:

WebAPI:

Startup.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    AuthenticationScheme = "ApiAuth",
    AutomaticAuthenticate = true,
    AutomaticChallenge = false
});

AccountController.cs

[HttpPost]
[Route("authenticate")]
public IActionResult Authenticate([FromBody]LoginModel login)
{
    if (_accountManager.Authenticate(login))
    {
        var identity = new ClaimsIdentity("password");
        identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
        HttpContext.Authentication.SignInAsync("ApiAuth", new ClaimsPrincipal(identity)).Wait();
    }
    else
    {
        return Unauthorized();
    }
    return Ok(_accountManager.Authenticate(login));
}

All Controllers have this attribute [Authorize(Roles = "User")]

MVC App:

AccountController.cs

public async Task<IActionResult> Login(LoginModel loginModel)
{
    var loginFlag = false;
    HttpResponseMessage response = await ServiceCall<LoginModel>.postData(URLPREFIX + "/authenticate", loginModel);
    if (response.IsSuccessStatusCode)
    {
        loginFlag = await response.Content.ReadAsAsync<bool>();
    }
    if (loginFlag)
    {
        return RedirectToAction("Index", "Home");
    }
    else
    {
        return View();
    }
}

ServiceCall.cs:

public static class ServiceCall<T>
    {
        static HttpClient client = new HttpClient();
        const string HTTP_BASE = "http://localhost:13359/";

        public static async Task<HttpResponseMessage> postData(string Url, T data)
        {
            HttpResponseMessage response = null;
            StringContent content = new StringContent(JsonConvert.SerializeObject(data), Encoding.UTF8, "application/json");
            client.BaseAddress = new Uri(HTTP_BASE);
            client.DefaultRequestHeaders.Accept.Clear();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            response = await client.PostAsync(Url, content);
            return response;
        }
    }

Here is my Screenshot:

enter image description here

The login function in both WebAPI and MVC is executing correctly, but when navigating to home page, i could not consume the service. Any Advice would be helpful. Thanks.

Update #1:

Here is my project repo with the issue. Please take a look. Thanks

c# authentication asp.net-core-mvc claims-based-identity asp.net-core-webapi
Original Q&A
1

There are 1 answers

5
Bucketcode On BEST ANSWER

i think problem is here:

 HttpResponseMessage response = await ServiceCall<LoginModel>.postData(URLPREFIX + "/authenticate", loginModel);
    if (response.IsSuccessStatusCode)
    {
        loginFlag = await response.Content.ReadAsAsync<bool>();
    }

you are using a new request authenticate, this authenticate write a cookie in the response, of course not working on your real browser request.
you need using browser request the authenticate directly, let cookie write back to client, then your client can request home index.

Related Questions in C#

Related Questions in AUTHENTICATION

Related Questions in ASP.NET-CORE-MVC

Related Questions in CLAIMS-BASED-IDENTITY

Related Questions in ASP.NET-CORE-WEBAPI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions