I am having a dual authentication scheme configure with ASP.Net Identity to use with MVC and JWT where the user initially logs in via Cookie authentication and then within the application CRUD operations are working with JWT.
How this works is that, when the user logs in successfully, a JWT token is also generated and passed to the client as a cookie. At the client, it picks the cookie and uses it for web API calls. So, Web API controllers have the below attribute specified.
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
However I noticed that after successful login and a call is made to a controller (MVC or Webapi) claims are duplicated in the ClaimsPrincipal. I can't figure out at which point this happens because the only time I generate claims is the time user authentication happens.
I think some middleware in the Framework is doing something which I can't figure out. The question at Duplicate claims doesn't apply to me because I am not using OpenIdConnect options.
What can be the issue here?
Update - My login code is below.
var signInResult = await _signInManager.PasswordSignInAsync(model.LoginId, model.Password, model.RememberMe, lockoutOnFailure: false);
if (signInResult.Succeeded)
{
_logger.LogInformation($"User {model.LoginId} logged in.");
var claims = await CS.Mediator.Send(new GetUserClaimsQuery { RequestData = user });
await _signInManager.SignInWithClaimsAsync(user, false, claims);
var result = (JwtAuthResult)await _jwtAuthManager.GetTokenAsync(user, claims, CS.CurrentTenant.Secret);
HttpContext.Response.Cookies.Append("token", JsonSerializer.Serialize(result));
return RedirectToAction("Index", "Home");
}
