0

I am using a custom CookieAuthentication in ASP.NET Core and I have these three methods in my HomeController:

[Authorize]
public class HomeController : Controller
{
    public async Task<IActionResult> Index()
    {
        _logger.LogInformation("Index()");
        if (HttpContext.User.Identity.Name != null)
        {
            _logger.LogInformation(User.Identity.Name);
        }
        ...
    }

    [HttpGet("getlastdisposal")]
    [AllowAnonymous]
    public JsonResult GetLastDisposal()
    {
        _logger.LogInformation("GetLastDisposal()");
        if (HttpContext.User.Identity.Name != null)
        {
            _logger.LogInformation(User.Identity.Name);
        }
        else
        {
            _logger.LogInformation("IT IS NULL");
        }
        ...
    }

    [HttpGet("getchartdata")]
    public JsonResult GetChartData()
    {
        ...
    }
}

The log I am getting back is this:

...
info: Server.Controllers.HomeController[0]
      Index()
info: Server.Controllers.HomeController[0]
      admin
...
info: Server.Controllers.HomeController[0]
      GetLastDisposal()
info: Server.Controllers.HomeController[0]
      IT IS NULL
...
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[12]
      AuthenticationScheme: Cookies was challenged.

Looking at this, it seems like HttpContext.User.Identity.Name becomes null after the first successful authorization (before Index()), which makes the authorization before GetChartData() fail. Any ideas as to why this is happening and how I can fix it?

Improve this question
5
  • Not tested: try to explicity make the Method GetLastDisposal: [AllowAnonymous] as well as [Authorize] Commented Jul 21, 2017 at 9:26
  • I have tried that, I get the same error when I set it to [Authorize]. I get no errors when I set it to [AllowAnonymous] Commented Jul 21, 2017 at 10:08
  • Possible duplicate of ASP.NET Core authentication cookie only received once Commented Aug 21, 2017 at 8:04
  • @A.Savva OP made no mention of using React and your suggested duplicate's answer is regarding the use of React Commented Nov 30, 2017 at 21:00
  • @ctorx true, but in both cases it was the same issue, I forgot to include { credentials: 'same-origin' } in the client code. That does not have to do with React Commented Dec 1, 2017 at 9:42
Related questions
1
HttpContext.Current.User.Identity.Name returning null
3
HttpContext.User.Identity.Name is returning blank
1
HttpContext.User.Identity.Name is Blank inside [Authorize]
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.