Asp.Net Core 2.1.0, Individual Authentication issues after migrating from 2.0.x

Asp.Net Core 2.1.0 is here!

I’ve decided to get stuck in straight away with an application I have in active development as I would have needed to implement functionality similar to the GDPR template support anyway, which looks great.

Migration from 2.0 went almost without a hitch. I had a small issue, however, where I couldn’t seem to login. I stepped through the request/middleware/response with a debugger but couldn’t see anything glaringly obvious, until it dawned on me that this is a side-effect of the new GDPR function.

Cookies will no longer be added client-side until the user has consented to them, or unless they’re created with IsEssential set to true. My authentication uses cookies..

With a small change in my startup.cs ConfigureServices method I was all set again.

services.ConfigureApplicationCookie(options =>
{
    options.LoginPath = "/Users/Login";
    options.LogoutPath = "/Security/Logout";
    options.AccessDeniedPath = "/Security/AccessDenied";
    options.SlidingExpiration = true;
    options.Cookie = new CookieBuilder
    {
        HttpOnly = true,
        Name = ".MyApp.Security.Cookie",
        Path = "/",
        SameSite = SameSiteMode.Lax,
        SecurePolicy = CookieSecurePolicy.SameAsRequest,
        IsEssential = true
    };
});

Going forward this cookie will always be stored regardless of the user’s consent. If you’d like the user to always consent even to this cookie, you will need to implement the templates described in the article first, otherwise you’ll be unable to login – even during development.

Leave a Reply

Your email address will not be published. Required fields are marked *