tl;dr: Is there way how to set custom TokenProvider or something similar e.g. (jwt tokens has IssuerSigningKey) to cookies?
I have a .Net Core 3.1 backend with identity Authentication. I had a problem with confirming generated email token.. “Invalid Token” error. From this SO answer I found out there can be problem with my hosting. I have shared hosting for my application and my application was often restarted. I believe this was causing my problems. So as answer suggested I created my own TokenProvider:
services.AddIdentity<AppUser, AppRole>()
.AddEntityFrameworkStores<MyContext>()
.AddDefaultTokenProviders()
.AddTokenProvider<AesDataProtectorTokenProvider<AppUser>>(TokenOptions.DefaultProvider);
This helps. For authentication I was using JwtBearer tokens with custom IssuerSigningKey
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
})
I found out that SignInManager from Identity is creating Cookies by default. So I tough it will be better to use this cookies instead of my jwt tokens saved in localstorage. So I set up expiration time for my cookies to 30 days.
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.ExpireTimeSpan = TimeSpan.FromDays(30);
});
Everything worked great.. until I hosted my application to server. I believe that when my app is restarted, cookie validation fail and I am getting 401 from server. So..finally to my question.. Is there way how to set custom TokenProvider or something similar e.g. (jwt tokens has IssuerSigningKey) to cookies?
