I am using Asp.Net Identity and when I login in https login page and come to http home page I am seeing User.Identitiy.IsAuthenticated is false.
Is there someone who can explain why this is happening ?
Thanks
Ünal
Asked
Active
Viewed 51 times
1 Answers
2
If I'm not mistaken, since you've logged in from HTTPS, the cookie is secure and it won't be sent through insecure channels like plain HTTP.
What's the solution? There's no viable solution: if you authenticate users and work with security data, your data exchange must go over the wire through HTTPS or you're absolutely open to man-in-the-middle attacks to steal your users' credentials (and other data like claims)....
Further reading: Reading cookies via HTTPS that were set using HTTP
Community
- 1
- 1
Matías Fidemraizer
- 63,804
- 18
- 124
- 206
-
I changed entire pages to https :) thank you for your feedback. – ünal Kurt Mar 26 '16 at 20:53