ASP.NET Core IsAuthenticated is always false after successful login

brinkley · June 17, 2020, 2:30am

Hi okta support,
I have an ASP.NET Core application which uses OpenId Connect for user authentication. After browser redirect to the OKTA login page and enter correct credentials, the ASP.NET Core User Identity IsAuthenticated is always false.

Does anyone know how to fix this?

Startup.cs

		public void ConfigureServices(IServiceCollection services)
		{
			services.AddAuthentication(options =>
			 {
				 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
				 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
			 })
			.AddCookie(setup =>
			{
				setup.Cookie.Name = "MyCookie";
				setup.SlidingExpiration = false;
				setup.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
				setup.Cookie.SameSite = SameSiteMode.None;
			})
			.AddOpenIdConnect(options =>
			{
				options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
				options.Authority = "https://xxxx.okta.com/oauth2/1234567abcdefg";
				options.ClientId = Configuration["Okta: ClientId"];
				options.ClientSecret = Configuration["Okta:ClientSecret"];
				options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
				options.GetClaimsFromUserInfoEndpoint = true;
				options.Scope.Add(OpenIdConnectScope.OpenId);
				options.SaveTokens = true;
				options.Events.OnRedirectToIdentityProvider = context =>
				{
					context.ProtocolMessage.RedirectUri = "https://localhost:9999/dotnetcore";

					return Task.FromResult(0);
				};
			});

			services.AddAuthorization();
			services.AddControllersWithViews();
		}
		public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
		{
			if (env.IsDevelopment())
			{
				app.UseDeveloperExceptionPage();
			}
			else
			{
				app.UseExceptionHandler("/Home/Error");
				// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
				app.UseHsts();
			}

			app.UseHttpsRedirection();
			app.UseStaticFiles();

			app.UseRouting();
			
			app.UseAuthentication();
			app.UseAuthorization();

			app.UseEndpoints(endpoints =>
			{
				endpoints.MapControllerRoute(
					name: "default",
					pattern: "{controller=Home}/{action=Index}/{id?}");
			});
		}

HomeController

		public IActionResult Index()
		{
			// IsAuthenticated always false 
			if (!HttpContext.User.Identity.IsAuthenticated)
			{
				return Challenge(new AuthenticationProperties { RedirectUri = "https://localhost:9999/dotnetcore" },
					OpenIdConnectDefaults.AuthenticationScheme);
				
			}
			return View();
		}

brinkley · June 17, 2020, 8:06am

Hi okta support,
Could someone take a look at this issue?

workhardnorest · August 8, 2023, 12:53am

@brinkley do you have answer now? I have the same problem, although in MVC 5.

Sherry · August 9, 2023, 3:19pm

This might be related to an issue with the cookies being set by OWIN. Did you try adding the following to Startup.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});

System.Web response cookie integration issues · aspnet/AspNetKatana Wiki · GitHub.

system · February 13, 2024, 12:31am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.