Spent many hours on this now and no avail, I want the user to have the flexibility to configure the CookieAuthenticationOptions from within the app. Most of the examples given only set the options in configure services on startup, but this is useless given the options are hard coded.
The challenge I have is finding a solution which allows these options to be configured when using the built in identity features, if the app was using cookie authentication without identity then it would probably be easier to figure out.
Two primary objectives:
- Load the CookieAuthenticationOptions on startup from the DB table.
- If the settings are changed/updated during the lifetime of the app, the cookies that have already been issues would need to be invalidated/forced to be re-created on the next page request so the cookies now have the updated parameters.
So far, my theory right or wrong is to load the options in the configure method below, however when singing in, I check the chrome debugger and find that the options like cookie name have not been set, assuming the app is simply using the default built in options. So how can I achieve objectives above? Note I'm using razor pages and page models for most of the app, also using the built in identity system from the MS user accounts template. Thx
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptions<IdentityOptions> identityOptions, IOptions<CookiePolicyOptions> cookiePolicyOptions, IOptions<CookieAuthenticationOptions> cookieOptions)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
// Added to original .net core template.
// Whenever a request is made for a page, serilog is going to log that.
app.UseSerilogRequestLogging();
app.UseRouting();
// Here I am creating a service to access the DB table and pull the options, this does work for other settings in the DB table which i have not included in this example given the focus of the topic is cookies.
using (var scope = app.ApplicationServices.CreateScope())
{
var systemSettings = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>().SystemSetting.FirstOrDefault();
if (systemSettings != null)
{
// Cookie Options
cookieOptions.Value.Cookie.Name = systemSettings.CookieName;
cookieOptions.Value.LoginPath = systemSettings.LoginPath;
// I will add the other parameters once I got the above two working...
}
}
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapHub<DataHub>("/dataHub");
endpoints.MapControllers(); // Added for use with REST API.
});
}
MS template Login Page Model uses the standard login method:
var result = await _signInManager.PasswordSignInAsync(Input.UserName, Input.Password, Input.RememberMe, lockoutOnFailure: true);
