Stack Overflow
Stack Overflow

Questions tagged [cookie-authentication]

100 questions
12
votes
0 answers

How to properly set session timeout using .netcore 2.0 identity and cookie authentication

I'm trying to use identity with cookie authentication in an asp.netcore 2.0 MVC app. I want to set session timeout to something like 150 days, so users that log in don't need to log in again during a big period of time. I set options.ExpireTimeSpan…
alesvi
  • 147
  • 1
  • 1
  • 9
11
votes
4 answers

Cookie.ExpireTimeSpan ignored and set to Session in CookieAuthentication

I'm having an issue while trying to set the expire time of a cookie in my CookieAuthentication, it seems that ExpireTimeSpan is just ignored and when i get the cookie in the browser it's expire time is set to Session.. I'm using c# 8.0 w/ .NET Core…
NiceToMytyuk
  • 3,644
  • 3
  • 39
  • 100
6
votes
2 answers

Set a custom SessionStore for ConfigureApplicationCookie without BuildServiceProvider()

I have a .NET Core 3 project (recently upgraded from 2.2) that uses a Redis distributed cache and cookie authentication. It currently looks something like this: public void ConfigureServices(IServiceCollection services) { // Set up Redis…
Keith
  • 150,284
  • 78
  • 298
  • 434
6
votes
1 answer

ASP.Net Core Cookie Authentication is not persistant

I started developing websites using ASP.Net Core 2.2. I'm implementing login/logout by a custom cookie authentication (not Identity). Please see or clone the repo: git clone https://github.com/mrmowji/aspcore-custom-cookie-authentication.git . ...…
mrmowji
  • 934
  • 8
  • 29
4
votes
1 answer

ASP.NET Core with Cookie and Windows Authentication

I implemented ASP.NET Core Windows Authentication supporting Cookie In Startup.cs services.AddAuthentication(IISDefaults.AuthenticationScheme); services.AddAuthentication("CookieAuthenticationScheme") …
Nghia Le
  • 535
  • 2
  • 6
  • 16
4
votes
3 answers

Scope of cookies in OpenID connect

During authentication to Azure AD B2C with OpenID Connect, what is the role of cookies there? Is it necessary to use cookie? Are there implicit use of cookies in the OpenID Connect pipeline? Is there any documentation which complies with the role of…
Prasanth V M
  • 493
  • 1
  • 5
  • 10
3
votes
1 answer

In ASP.NET Core, where do you configure redirect to login?

I'm working through the example provided here: Use cookie authentication without ASP.NET Core Identity AspNetCore.Docs/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/ And I'm trying to implement something similar in my own app.…
Jeff Dege
  • 11,190
  • 22
  • 96
  • 165
3
votes
0 answers

Cookie Authentication via chrome extension

I'm trying to Authenticate to my web application via a chrome extension, at the moment the data is being sent fine but the authentication cookie is not being created / persisting. Not sure what I'm doing wrong / if I want to gather information…
RobertWelting
  • 33
  • 4
3
votes
0 answers

ASP.Net Cookie Authentication expiration during POST with a model

I have an ASP.net app that is using cookie authentication that passes the return URL to the my authentication controller when the cookie expires and needs revalidation. After revalidation, the controller redirects to where ever the return url…
Talon
  • 811
  • 7
  • 22
2
votes
1 answer

ASP.Net Identity SecurityStampValidator is not called if using custom CookieAuthenticationEvents

Using Microsoft.AspNetCore.Identity (.net 7 at time of writing), the default security stamp validation is not done anymore if I use a custom CookieAuthenticationEvents. Configuring the SecurityStampValidatorOptions has no effect either. Why is this…
JGH
  • 15,928
  • 4
  • 31
  • 48
2
votes
1 answer

ASP.NET Core MVC - cookie authentication: can a malicious user edit their cookie to give themselves more permissions?

TL;DR Can a malicious user modify their cookie so they have claims they should not, or is the cookie string encrypted or protected in some way? I've implemented cookie authentication in my ASP.NET Core 6.0 MVC…
AlwaysNeedingHelp
  • 1,851
  • 3
  • 21
  • 29
2
votes
1 answer

How to refresh ASPNET claims in cookie after updating a role using userManager.AddToRoleAsync?

I am using QuickStart UI for Identity Server to login users from multiple mvc clients. The users then have the ability to switch their role based on a dropdown using userManager.AddToRoleAsync(roleName). I would like to refresh the cookie and use…
Gil León
  • 21
  • 3
2
votes
0 answers

ASP.NET Web API using ASP.NET SignIn and UserManager (Identity) - throwing 404 when unauthenticated

I have an ASP.NET web api which uses cookie authentication with ASP.NET Identity. When an unauthorized/ unauthenticated user tries to hit secured endpoint it always shows Not found 404 instead of 401/ 403. I want the proper status codes to be shown.…
Andrеw
  • 81
  • 7
2
votes
3 answers

ASP.NET Core Sign In with JWT

im using JWT to Authentication, and I'm storing it in Cookies. I want to use HttpContext.SignInAsync to login, I saw a lot of example with basic Cookie Auth, but not with JWT. Here is my Startup.cs services.AddTransient
kajahun123
  • 71
  • 1
  • 8
2
votes
1 answer

ASP.NET Core: Cookies was not authenticated. Failure message: Unprotect ticket failed

We recently deployed our .net core app to a production environment, which is load-balanced. Users are reporting that the website dies at intermittent times -- usually after 20 - 30 minutes. The app can no longer get data from the database and the…
Jimbo
  • 73
  • 8
1
2 3 4 5 6 7