NET 8: Auth-Cookie and CascadingAuthenticationState

Question

NET 8: Auth-Cookie and CascadingAuthenticationState

perfect code 276

In NET 7 I saved Auth-Cookie via controller with

await HttpContext.SignInAsync(claims, authProperties);

Then included <CascadingAuthenticationState> in Routing. In Program.cs I then made a few settings for Cookie:

builder.Services.AddAuthentication("Cookies")
    .AddCookie(options =>
{
        //options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
        options.ExpireTimeSpan = TimeSpan.FromDays(30);
        //options.SlidingExpiration = true;
        //options.AccessDeniedPath = "/Forbidden/";
});

I was able to query user authentication in every page.

        [CascadingParameter]
        Task<AuthenticationState> authenticationStateTask { get; set; }

                var authState = await authenticationStateTask;
                var user = authState.User;

                // Check whether auth cookie is set/valid
                if (user.Identity.IsAuthenticated)

Everything here works without problems in several Blazor Server projects.

Now the same code no longer runs under NET 8, my user.Identity is always false. I have read in a few places that the following should be added to Program.cs:

builder.Services.AddCascadingAuthenticationState();

This allows you to eliminate CascadingAuthenticationState in the routing. On the page, the user authentication is then requested as follows:

        [Inject] 
        AuthenticationStateProvider authenticationStateProvider { get; set; }

                var authState = await authenticationStateProvider.GetAuthenticationStateAsync();
                var user = authState.User;

                if (user.Identity is not null && user.Identity.IsAuthenticated)

Source: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/server/?view=aspnetcore-8.0&tabs=visual-studio

But unfortunately, my user is always false here too! Cookie is stored on the client, I checked that first.

Is this a NET 8 problem or have I not studied the documentation carefully enough and missed something important?

Thank you in advance for any help.

pc

AgaveJoe 30,126 Reputation points

2023-12-10T20:58:16.9033333+00:00

Is this a NET 8 problem or have I not studied the documentation carefully enough and missed something important?

Both Blazor Server and Web Assemble .NET 8 individual account templates use cookie authentication. You might want to compare the .NET 8 templates with your code.
perfect code 276 Reputation points

2023-12-10T22:33:17.5333333+00:00

Do you mean that I create a new Blazor Web project in Visual Studio 2022 and activate authentication, then I get a finished app and can see how it is implemented in NET 8?

Thank you
Anonymous

2023-12-11T07:28:14.72+00:00

Hi @perfect code, do you migrate your old project to .NET 8 or create a new blazor project, if it is a new blazor project, which template do you choose when create in the visual studio.
perfect code 276 Reputation points

2023-12-12T09:18:10.3266667+00:00

(My answer was inserted twice. I am deleting them here).
perfect code 276 Reputation points

2023-12-12T09:19:41.97+00:00

@Anonymous

The answer to your question: I have created a new Blazor Web project without authentication (I create it myself via Google Account).

I have now done what AgaveJoe suggested, but because the authentication is implemented by Microsoft in the template, the code has become so confusing that it took me a long time to figure out how cookies are stored. In the end, however, I can say that it is about the same as I did in the NET 7 version.

But my problem is not to save cookies, because this is done in NET 7 project as well as in NET 8 project without any problems. The problem is that my project in NET 8 does not recognize Auth-Cookie and it looks as if the user is not logged in.

At the moment I am trying to find out in the VS template with MS authentication how the reading of cookie and forwarding of information is done, so that it is recognized via Auth-Cookie that the user is already logged in.

pc
perfect code 276 Reputation points

2023-12-12T09:42:06.73+00:00
I just realized that the example template of Blazor Web with activated authentication doesn't make any sense, because no matter if you are logged in or logged out, you see all menu options and therefore all pages!

So unfortunately I can't find out how to set and query the authentication state provider (I wonder what the colleague was thinking when he provided the example template for authentication).

In NET 7, as already written above, this worked without any problems via cascading value:

App.razor

<CascadingAuthenticationState>

Any Page

[CascadingParameter] Task<AuthenticationState> authenticationStateTask { get; set; } var authState = await authenticationStateTask; var user = authState.User; if (user.Identity.IsAuthenticated)

Why is this not working in NET 8?

pc

1 answer

Your answer

AgaveJoe 30,126 Reputation points

2023-12-10T20:58:16.9033333+00:00

Is this a NET 8 problem or have I not studied the documentation carefully enough and missed something important?

Both Blazor Server and Web Assemble .NET 8 individual account templates use cookie authentication. You might want to compare the .NET 8 templates with your code.
perfect code 276 Reputation points

2023-12-10T22:33:17.5333333+00:00

Do you mean that I create a new Blazor Web project in Visual Studio 2022 and activate authentication, then I get a finished app and can see how it is implemented in NET 8?

Thank you
Anonymous

2023-12-11T07:28:14.72+00:00

Hi @perfect code, do you migrate your old project to .NET 8 or create a new blazor project, if it is a new blazor project, which template do you choose when create in the visual studio.
perfect code 276 Reputation points

2023-12-12T09:18:10.3266667+00:00

(My answer was inserted twice. I am deleting them here).
perfect code 276 Reputation points

2023-12-12T09:19:41.97+00:00

@Anonymous

The answer to your question: I have created a new Blazor Web project without authentication (I create it myself via Google Account).

I have now done what AgaveJoe suggested, but because the authentication is implemented by Microsoft in the template, the code has become so confusing that it took me a long time to figure out how cookies are stored. In the end, however, I can say that it is about the same as I did in the NET 7 version.

But my problem is not to save cookies, because this is done in NET 7 project as well as in NET 8 project without any problems. The problem is that my project in NET 8 does not recognize Auth-Cookie and it looks as if the user is not logged in.

At the moment I am trying to find out in the VS template with MS authentication how the reading of cookie and forwarding of information is done, so that it is recognized via Auth-Cookie that the user is already logged in.

pc
perfect code 276 Reputation points

2023-12-12T09:42:06.73+00:00

I just realized that the example template of Blazor Web with activated authentication doesn't make any sense, because no matter if you are logged in or logged out, you see all menu options and therefore all pages!

So unfortunately I can't find out how to set and query the authentication state provider (I wonder what the colleague was thinking when he provided the example template for authentication).

In NET 7, as already written above, this worked without any problems via cascading value:

App.razor

<CascadingAuthenticationState>

Any Page

[CascadingParameter] Task<AuthenticationState> authenticationStateTask { get; set; } var authState = await authenticationStateTask; var user = authState.User; if (user.Identity.IsAuthenticated)

Why is this not working in NET 8?

pc

Answer 1

I came up with a solution. The following link helped me: https://www.youtube.com/watch?v=B3zvX_CWKVc

However, I have made some changes and implemented some different things than explained in the video:

I don't use controllers but a minimal API
in Routes.razor I have no <CascadingAuthenticationState>, but add in Program.cs builder.Services.AddCascadingAuthenticationState();
On the Pages I have

[Inject] 
AuthenticationStateProvider authenticationStateProvider { get; set; }

var authState = await authenticationStateProvider.GetAuthenticationStateAsync();                 bool IsAuthenticated = authState.User.Identity.IsAuthenticated;                 
var user = authState.User;                  
if (user.Identity is not null && user.Identity.IsAuthenticated)
{
...
}

pc

Share via

NET 8: Auth-Cookie and CascadingAuthenticationState

1 answer

Your answer