Owin authentication does not emit cookie

Question

I have following action in Login controller. For testing purposes Im not using a login form in Index action. Instead I create the claims identity and sign in. This action is GET not POST. It creates a claims identity and use that for AuthenticationManager.SignIn. But when I checked browser cookies I could not find the authentication cookie present. I am trying to figure out what has gone wrong.

    [AllowAnonymous]
    public ActionResult Index()
    {
        var identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "30"));
        identity.AddClaim(new Claim(ClaimTypes.Name, "JFid"));
        identity.AddClaim(new Claim(ClaimTypes.Email, "test"));

        AuthenticationManager.SignIn(new AuthenticationProperties()
        {
            IsPersistent = true,
            ExpiresUtc = DateTime.UtcNow.AddDays(7)

        }, identity);

        return View();
    }

And also I have enabled cookie authentication in OWIN.

[assembly: OwinStartup(typeof(D.Support.WebStartup))]
namespace D.Support
{
    public class WebStartup
    {
        public void Configuration(IAppBuilder app)
        {

        app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
        {
            LoginPath = new PathString("/MyLoginPath"),
            CookieName = "MyCookieName",
            CookieHttpOnly = true,

        });
        }
    }
}

Yes I have added and I debug it to Configuration method. It hit there. Is it to do with Configuration passed into UseCookieAuthentication method? — XPD, Mar 04 '18 at 18:39
Yes !. Bro you have figured it out. After I set it, it magically started to work. Put it as a answer I will accept. — XPD, Mar 04 '18 at 19:05
Why it needs to be explicitly specified? Ideally that AuthenticationType should be default set to correctly internally since its inheriting from AuthenticationOptions. — XPD, Mar 04 '18 at 19:08

score 8 · Accepted Answer · answered Mar 04 '18 at 19:07

8

You should set the ClaimsIdentity AuthenticationType as the same as CookieOption AuthenticationType

 app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
    {
        LoginPath = new PathString("/MyLoginPath"),
        CookieName = "MyCookieName",
        CookieHttpOnly = true,
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie

    });

answered Mar 04 '18 at 19:07

Kahbazi

14,331
3
45
76

1

I spent more than a day on this, until I figured out what to search on, and found your answer. Thank you! – Thomas Eyde Sep 27 '19 at 07:33

score 1 · Answer 2 · answered Oct 08 '21 at 04:22

Just to put my finding here if anyone is curious on why we need to do as the accepted answer indicated.

If you don't specify an AuthenticationType in your CookieAuthenticationOptions, the default value it ends up using is CookieAuthenticationDefaults.AuthenticationType, which has the value of "Cookies"

And the DefaultAuthenticationTypes.ApplicationCookie from Microsoft.AspNet.Identity package has a string value of "ApplicationCookie"

And in the ApplyResponseGrantAsync() method of CookieAuthenticationHandler, which is invoked to append authentication cooker to the response header, the following code is called. And if the authenticationtype is not matched with claimsidentity's, it would return null.

/// <summary>
        /// Find response sign-in details for a specific authentication middleware
        /// </summary>
        /// <param name="authenticationType">The authentication type to look for</param>
        /// <returns>The information instructing the middleware how it should behave</returns>
        public AuthenticationResponseGrant LookupSignIn(string authenticationType)
        {
            if (authenticationType == null)
            {
                throw new ArgumentNullException("authenticationType");
            }

            AuthenticationResponseGrant grant = _context.Authentication.AuthenticationResponseGrant;
            if (grant == null)
            {
                return null;
            }

            foreach (var claimsIdentity in grant.Principal.Identities)
            {
                if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
                {
                    return new AuthenticationResponseGrant(claimsIdentity, grant.Properties ?? new AuthenticationProperties());
                }
            }

            return null;
        }

Owin authentication does not emit cookie

2 Answers2