Why is User.Identity null after login with AspNet.Identity 3.0

Question

I am using Microsofts AspNet.Identity 3.0 framework within the DNX RC1. With the help of some tutorials I have built a custom authentication system. After a successful password check some claims are created for the user and the Authentication will be set:

var claimsPrincipal = await SignInManager.CreateUserPrincipalAsync(user);
if (claimsPrincipal != null && claimsPrincipal.Identity != null)
{
    // Set the claims to the user 
    await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);
    return RedirectToAction("Index", "App");
}

After this login action my browser has two cookies: .AspNet.Cookies and .AspNet.Microsoft.AspNet.Identity.Application

However I do have now a problem with my identity. Controllers annotated with [Authorize] are not executed at all. And controllers with [AllowAnonymous] give me a NullReferenceException because User.Identity is null:

[AllowAnonymous]
[Route("api/trips")]
public class TripController : Controller
{

[HttpGet("")]
public JsonResult Get()
{
    var trips = _repository.GetUserTripsWithStops(User.Identity.Name);
    ...

    return Json(results);
}

Can someone please tell me what's wrong with my authentication?

As I guess that my mistake is somewhere in the Startup.cs file - here is the configure method:

public void Configure(IApplicationBuilder app)
{
    app.UseStaticFiles();

    app.UseIdentity();
    app.UseCookieAuthentication(options =>
    {
        options.LoginPath = new PathString("/App/Login");
    });

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller}/{action}/{id?}",
            defaults: new { controller = "App", action = "Index" });
    });
}

score 2 · Answer 1 · answered Jan 19 '16 at 14:33

2

In order to access the User object, the controller/action must be decorated with [Authorize]. [AllowAnonymous] is only useful in conjunction with [Authorize]. On its own it does nothing, as by default, everything is accessible to anonymous users.

answered Jan 19 '16 at 14:33

Chris Pratt

232,153
36
385
444

You are right, that the User object actually only makes sense within an [Authorize] block. However these blocks are then not executed at all - therefore I changed for testing the Authorize to AllowAnonymous. With the use of AllowAnonymous I have discovered that User.Identity is NOT null when I am not logged in (deleted all cookies) - but as soon as I have logged in, the User.Identity is null. Actually I would have expected this behaviour the other way round. – marco birchler Jan 19 '16 at 14:42
I am getting null on User as ClaimsPrincipal. I tried everything adding Authorize / AllowAnonymous on method / controller – Mohan Jan 10 '18 at 18:25

score 1 · Accepted Answer · edited Nov 12 '17 at 16:11

1

Thank god I have found the solution after more than one day trial and error. Finally I just added the AutomaticAuthenticate-line in the Startup.cs file:

app.UseCookieAuthentication(options =>
{
    options.AutomaticAuthenticate = true;
    options.LoginPath = new PathString("/App/Login");
});

edited Nov 12 '17 at 16:11

niico

11,206
23
78
161

answered Jan 20 '16 at 14:04

marco birchler

1,566
2
21
45

You should add below line in startup.cs inside Configure(IApplicationBuilder app, IHostingEnvironment env) method. app.UseAuthentication(); app.UseCookieAuthentication() is obselete in latest version. – Deepak Rai Jun 23 '18 at 03:45

Why is User.Identity null after login with AspNet.Identity 3.0

2 Answers2

Linked