Invalidate Old Session Cookie – ASP.Net Identity

Make sure you use AuthenticationManager.Signout(DefaultAuthenticationTypes.ApplicationCookie); as correctly suggested by Jamie. Being able to login with the same cookie again is by design. Identity does not create internal sessions to track all logged-in users and if OWIN gets cookie that hits all the boxes (i.e. copies from the previous session), it’ll let you login. If you … Read more

What does “Challenge” term stand for?

A ChallengeResult is an ActionResult that when executed, challenges the given authentication schemes’ handler. Or if none is specified, the default challenge scheme’s handler. Source code for ChallengeResult So for example, you can do: return Challenge(JwtBearerDefaults.AuthenticationScheme); //Can specify multiple schemes + parameters This will challenge the JWT Bearer authentication handler. In this handler’s case, it … Read more

ASP.NET Core – Add role claim to User

Well beside the answers, I just found the answer which is totally predefined in asp .net core. When you are adding claims just : var claims = new List<Claim> { new Claim(ClaimTypes.Name, UserName), new Claim(ClaimTypes.Role, “User”), new Claim(ClaimTypes.Role, “Admin”), new Claim(ClaimTypes.Role, Watever) }; after that you can just use it as said: [Authorize(Roles = “Watever”)] … Read more

ASP.NET Core Identity invalid token on confirmation email

This answer https://stackoverflow.com/a/31297879/2948212 pointed me in the right direction. But as I said it was for a different version and now it is slightly different solution. The answer is still the same: encode the token in base 64 url, and then decode it in base 64 url. That way both Angular and ASP.NET Core will … Read more

Dotnet core 2.0 authentication multiple schemas identity cookies and jwt

Asp.Net Core 2.0 definitely support multiple authentication schemes. Rather than a hacking with authenticate middleware, you can try to specify the schema in Authorize attribute: [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] I gave a try and it worked fine. Assuming you have added both Identity and JWT as below: services.AddIdentity<ApplicationUser, ApplicationRole>() services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) Since AddIdentity() already set cookie authentication … Read more

ASP.NET Core 2.1 Identity: How to remove the Default UI razor pages?

Using the article linked by Panagiotis Kanavos, I was able to reach a solution. From the ASP.NET Core 2.1.0-preview1, there was a line .AddDefaultUI(), which you didn’t have to include in Startup.cs. services.AddIdentity<IdentityUser, IdentityRole>(options => options.Stores.MaxLengthForKeys = 128) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultUI() .AddDefaultTokenProviders(); In the final release version of Core 2.1 however, the same section was simplified … Read more

JWT Authentication – UserManager.GetUserAsync returns null

UserManager.GetUserAsync internally uses UserManager.GetUserId to retrieve the user id of the user which is then used to query the object from the user store (i.e. your database). GetUserId basically looks like this: public string GetUserId(ClaimsPrincipal principal) { return principal.FindFirstValue(Options.ClaimsIdentity.UserIdClaimType); } So this returns the claim value of Options.ClaimsIdentity.UserIdClaimType. Options is the IdentityOptions object that you … Read more

How to access Facebook private information by using ASP.NET Identity (OWIN)?

Create a new Microsoft.Owin.Security.Facebook.AuthenticationOptions object in Startup.ConfigureAuth (StartupAuth.cs), passing it the FacebookAppId, FacebookAppSecret, and a new AuthenticationProvider. You will use a lambda expression to pass the OnAuthenticated method some code to add Claims to the identity which contain the values you extract from context.Identity. This will include access_token by default. You must add email to … Read more

Unable to edit db entries using EFCore, EntityState.Modified: “Database operation expected to affect 1 row(s) but actually affected 0 row(s).”

The reason is clearly stated in the exception. Check the Id on the role object as you receive it on your Edit action and try to lookup that id in the database. The exception message you see states that, it is expecting to find a row with a matching Id of the object you attached, … Read more

tech