1

I'm trying to determine the best way to handle current authentication for my app. There isn't any authentication by my app but will be handled from a login page before getting to my app. If they successfully authenticate my app will receive a cookie containing credentials and other user information.

What's the best way to determine if the cookie is present throughout the users session? I am currently reading the cookie on the startup page but this causes issues if the user bookmarks a page past that. Should I be checking on each page request is the cookie is there or can I check up front when the user hits the default page and store that somehow?

Here's how I'm currently grabbing the user from the cookie

                UserId = _ltpaToken.LTPATokenParse();

                if (UserId == "")
                {
                    _logger.Error("No User found");
                    return RedirectToPage("/Error");
                }
                else
                {
                    HttpContext.Session.SetString("UserId", UserId);
                    return RedirectToPage();
                    //user is good to 
                }

Then checking for the UserId again on another page

            UserId = _httpContextAccessor.HttpContext.Session.GetString("UserId");

            if(UserId == null)
            {
                Response.Redirect("ToCompanyLoginPage");
            }

            //continue on to page load

Is there a better way to do this?

MBarto
  • 11
  • 2
  • I would advice to add some code into your question. It will increase the chances to get an answer. Plus, it will prevent your question to be flagged and closed. – acarlstein Apr 11 '19 at 17:36
  • Start with the official Asp.net Core documentation. There are tutorials that cover setting up authentication. –  Apr 11 '19 at 18:11
  • @acarlstein Thanks for the advice! – MBarto Apr 11 '19 at 18:15

2 Answers2

1

if you need something other than the default authentication you could use something like this

first create a simple user class

public class MyCustomUser
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string GivenName { get; set; }
}

in startup.cs inside ConfigureServices method 

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
        {
            options.ExpireTimeSpan = TimeSpan.FromDays(7);
            options.LoginPath = "/Account/CustomLogin";
            options.Cookie.Name = "MyAuthCookieName";
        }
    );

in startup.cs inside Configure method

app.UseAuthentication();

then on your SignIn action in your controller you could write something like this that would save the information of the user in claims (what are claims?)

//Inside your SignIn method
    //User info should be taken from DB
    MyCustomUser user = new MyCustomUser()
    {
        Id = 1,
        Name = "Mr.Awesome",
        GivenName = "John Doe"
    };

    //Add user information
    List<Claim> claims = new List<Claim>
    {
        new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
        new Claim(ClaimTypes.Name, user.Name),
        new Claim(ClaimTypes.GivenName, user.GivenName)
    };

    //Create the principal user from the claims
    ClaimsIdentity identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
    ClaimsPrincipal principal = new ClaimsPrincipal(identity);
    AuthenticationProperties authenticationProperties = new AuthenticationProperties() {IsPersistent = false};

    //Create the authentication cookie and store it
    await this.HttpContext
            .SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, 
             principal, authenticationProperties);

   // DONE!
Hoshani
  • 746
  • 1
  • 10
  • 27
0

var currentUserName = User.Identity.Name;

works everywhere, also roles are good way to go

var currentUserRole = User.IsInRole("Admin");

controller 

public class PersonAuthorizationController : Controller
{
    private readonly SignInManager<IdentityUser> _signInManager;
    private readonly UserManager<IdentityUser> _userManager;
    private readonly MainDbContext _context;

    public PersonAuthorizationController(
        MainDbContext context, 
        UserManager<IdentityUser> userManager,
        SignInManager<IdentityUser> signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
        _context = context;
    }

    // GET: Contact/PersonAuthorization
    public async Task<IActionResult> Index()
    {
        var currentUserId = _userManager.GetUserId(User);
        return View();
    }
Fatih Alac
  • 16
  • 5