Asp Net Core authentication troubles

Question

I have made asp net core web app with Angular. It is using authentication based on cookies using standard net core authentication mechanism. All is working fine until IIS restart (recycle). After application restarted all users becomes unauthenticated and needs to relogin.

May be some one knows what should be done to make information stored in cookies be actual for several days and not depending on application restart.

This is the piece of code

public void ConfigureServices(IServiceCollection services)
{
  services.AddDbContext<MyAppContext>(options => options.UseMySql(connectionString));
  services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
  {
    options.User.RequireUniqueEmail = true;
    options.SignIn.RequireConfirmedEmail = true;
  })
  .AddEntityFrameworkStores<MyAppContext>()
  .AddDefaultTokenProviders();

  services.AddAuthorization();
  services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
       .AddCookie(options =>
       {
          options.SlidingExpiration = true;
          options.ExpireTimeSpan = System.TimeSpan.FromDays(7);
          options.LoginPath = $"/Identity/Login";
          options.LogoutPath = $"/Identity/Logout";
          options.Cookie.IsEssential = true;
       });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseSpaStaticFiles();

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();
}

Not remember exactly for .net core, but you need to keep your encryption key in your application config file. — Pankaj Rawat, Apr 09 '20 at 11:20
I thought about it, .Net core don't uses config file from IIS. — antonad, Apr 09 '20 at 12:16

Farhad Zamani · Accepted Answer · 2020-04-09T13:26:07.110

3

Asp.Net Core uses the Data Protection mechanism to generate temporary encryption keys. and with the restart of the server or IIS, these keys are lost and re-generated.

In order that the keys for encrypting web application information are stored permanently and not lost with the server restart you can go to Application pool setting in IIS and set Load user profile to True

In this case, the keys will be permanently stored in the user's profile folder for the application's application pool, encrypted by the Windows DPAPI mechanism.

Or you can check these links 1,2 to keep the login status after iis reset

edited Apr 09 '20 at 13:26

answered Apr 09 '20 at 11:35

Farhad Zamani

5,381
2
16
41

Thanks for your reply. I have tested this chages, but it have not help :-( After IIS restart still need to login once more – antonad Apr 09 '20 at 12:32
@antonad i updated my answer. i hope helpful for you – Farhad Zamani Apr 09 '20 at 12:56
Thanks, this works. Very simple solution, but I missed it. – antonad Apr 09 '20 at 13:30
@antonad Good luck ;) – Farhad Zamani Apr 09 '20 at 13:31

Asp Net Core authentication troubles

1 Answers1