Share via

IsAuthenticated is always false using OpenID and ASP.NET (MVC)

cebuhax0r 66 Reputation points
2022-11-29T08:56:59.857+00:00

i am using keycloak as my provider using OpenID as such 

   app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);  
               app.UseKentorOwinCookieSaver();  
               app.UseCookieAuthentication(new CookieAuthenticationOptions  
               {  
                   AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,  
                   LoginPath = new PathString("/Account/Login"),  
                   CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()  
               });  
     
               app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions  
               {  
                   ClientId = clientId,  
                   Authority = authorityURL,  
                   RedirectUri = "http://localhost:13636/home",  
                   PostLogoutRedirectUri = "http://localhost:13636",  
                   ClientSecret = clientSecret,  
                   SignInAsAuthenticationType = "Cookies",  
                   RequireHttpsMetadata = false,  
     
                   ResponseType = OpenIdConnectResponseType.Code,  
                   Scope = "openid profile email"  
                 
               });

The integration is succesful and i can login using my Keyclock and it redirects to my /home controller.

however in my home controller, the isAuthenticated variable is set to false, so what i do is issue the challenge and redirect it back again on the same page/controller like so 

   public class HomeController : BaseController  
   {  
       public ActionResult Index()  
           {      
               if (!User.Identity.IsAuthenticated)  
               {  
                   HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties  
                   {  
                       RedirectUri = Url.Action("Index", "Home")  
                   }, OpenIdConnectAuthenticationDefaults.AuthenticationType);  
     
                   return new HttpUnauthorizedResult();  
               }  
               ViewBag.Title = "Home";  
               return View();  
           }

My problem here is isAuthenticated is always false therefore it just loops on the conditions and it is never set to true until it expires or crash.

I have been following all the threads i can find to no avail, what else Am I missing and needs to be checked? I am stuck on this issue for 2 days now..

Need help

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Developer technologies | ASP.NET | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator
    2022-12-02T05:42:10.84+00:00

    Hi @ cebuhax0r-4671,

    Apologies for misunderstood the ask.

    This is due to application is not able to sustain the cookies for the signed in user.

    Kentor.OwinCookieSaver is the legacy solution to solve the cookie issue on ASP.NET MVC. Now Microsoft recommended to use System.Web.

    Unfortunately, Cookies set by Owin using System.Web mysteriously disappear on some occasions and there are workarounds suggested here.

    Install Nuget Package:Kentor.OwinCookieSaver and add below before any cookies handling middleware will help to preserve the authentication cookies. 

    public void Configuration(IAppBuilder app)  
{    
  
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);  
app.UseKentorOwinCookieSaver();  
app.UseCookieAuthentication(new CookieAuthenticationOptions());  
///...  
}

    Hope this will help.

    Thanks,
    Shweta

    -----------------------------------------

    Please remember to "Accept Answer" if answer helped you.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.