0

ASP.NET Core 3.1 identity persist cookie authentication after web deploy publish to remote IIS still fails

I am usling solution from this answer https://stackoverflow.com/a/56493862/3650307

public Startup(IConfiguration configuration, IHostingEnvironment environment) {
  Configuration = configuration;
  hostingEnvironment = environment;
}

private IHostingEnvironment hostingEnvironment;

public IConfiguration Configuration { get; }

// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services) {
  // create a directory for keys if it doesn't exist
  // it'll be created in the root, beside the wwwroot directory
  var keysDirectoryName = "Keys";
  var keysDirectoryPath = Path.Combine(hostingEnvironment.ContentRootPath, keysDirectoryName);
  if (!Directory.Exists(keysDirectoryPath)) {
    Directory.CreateDirectory(keysDirectoryPath);
  }
  services.AddDataProtection()
    .PersistKeysToFileSystem(new DirectoryInfo(keysDirectoryPath))
    .SetApplicationName("CustomCookieAuthentication");

  services.Configure<CookiePolicyOptions>(options =>
  {
  ...

I have done a lot of googling and research (if this one is also relevant to asp.net core 3.1 https://stackoverflow.com/a/3516058/3650307 )

I am deploying to russian based web hosting REG.RU, after IIS Web Deploy Publish my cookie still doesnt persist, I have to login again after each redeploy.

I undestand that community will suggest me to examine extensively my remote server hosting logs, but at least help me what to look for and how generally enable and view logs on remote windows web asp.net application hosting providers (in general, REG.ru hosting uses Plesk admin panels, however I understand that logging is probably enabled in web.config or other ASP.NET application folder filer)

Has anyone else recently experienced problems with persist cookie login asp.net core 3.1 identity when publishing IIS web deploy to ASP.NET windows hostings?

May the rewriting of web.config file during publishing affect restart of the application and so the cookie no longer works even though Keys storage is considered? If yes, is there way to prevent web.config rewriting?

And yes, the Keys folder appears on FTP when I check with xml keys file

user3650307
  • 31
  • 1
  • 4
  • one developer hinted me and I got an idea to untick "Remove additional files at destination" in publishing profile options. This was both genius and easy and obvious. However now I am trying to understand how unticked "Remove additional files at destination" may affect my pulish lifecycle for when I am updating app with never builds and for example I want some files to be removed for example static img and js content, may I have to remove them manually via ftp with the remove additional files option unchecked during publish updates lifecycle – user3650307 Aug 29 '20 at 02:33

1 Answers1

0

The persistence granted by IsPersistent is, only meant to imply that the authentication will persist through browsing sessions (that is, it is kept even when the browser is closed). You need a combination of Persistence and to set an expiration time for the cookie. The expiration of the cookie can be set via the CookieAuthenticationOptions, using the ExpireTimeSpan option.

samwu
  • 3,857
  • 3
  • 11
  • 25
  • thank you your answer. i already have also implemented isPersisent to be true by default in addition to keys saving via dataprotection and removing "Remove additional files at destination" option in publishing profile. all these 3 steps solved my problem and successfully granted uses persistent cookie logins – user3650307 Sep 01 '20 at 08:05
  • But how do you set CookieAuthenticationOptions for Identity? I did have persistance working when I used my own cookie authentication, but now that I'm using Identity, it appears to be ignoring my settings – Auspex Oct 25 '21 at 13:50