Automatic Cookies Challenge in dotnet core not working

I recently have tested the authorization part of dotnet core. I used the version Microsoft.AspNetCore.Authorization 1.1.0.

Everything worked great until I came to the part where I implemented and tested the redirect to the login page of an unauthorized user.
When I was not logged in with a user I should have automatically been redirected to my login page stored within the ApplicationCookie.LoginPath. But all I got was a white web page.

Szenario Setup

Within the method ConfigureServices I configured the following options.

services.Configure<IdentityOptions>(options =>
            {
                options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
                options.Cookies.ApplicationCookie.LogoutPath = "/Account/Logoff";
                options.Cookies.ApplicationCookie.ReturnUrlParameter = "/App/Index";
                options.Cookies.ApplicationCookie.AutomaticChallenge = true;
                options.User.RequireUniqueEmail = true;
            });

Failure

When trying to navigate to a secured Webpage the browser showed me a white web page and within the output window the following logs were written:

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). 
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (). 
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Cookies was challenged. 
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Identity.Application was challenged. 
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyTestApp.Controllers.Web.AppController.Stuff (MyTestApp) in 53.3229ms 
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 63.5013ms 401

Instead of a 401 response I expected a 302 response for an URL redirection to my login page. After a little bit of research I found an filed issue on the github website telling me that this will be fixed in version 2.0.0 of the .Net Core framework. So I am looking forward to that. But I didn’t want to wait that long. So I tried to figure out how I could start testing the szenario.

My workaround or solution

After testing several settings I found out that the false behaviour only refers to debugging the application in IIS Express in Visual  Studio 2015. (Don’t know how this behaves on Visual Studio 2017 yet.) So you need to setup or switch you debugging settings to make the redirect work. If you switch the debugging environment to a different hosting environment than IIS Express the redirect miraculously works as expected.

Visual Studio 2015 Debug Settings
Visual Studio 2015 Debug Settings

Hope this helps to save you some time – cause I was struggling with this for a few hours.

Happy coding

Schreibe einen Kommentar