ARTICLE AD BOX
I have an ASP.NET Identity set up with IdentityServer. This is my DI configuration:
services.AddDbContext<MyIdentityDbContext>((sp, options) => { options.UseSqlServer(MyConnectionString); }); services.AddIdentity<MyIdentityUser, MyIdentityRole>() .AddEntityFrameworkStores<MyIdentityDbContext>() .AddUserStore<MyUserStore>() .AddRoleStore<MyRoleStore>() .AddClaimsPrincipalFactory<MyCustomClaimsFactory>() .AddDefaultTokenProviders(); services.AddControllersWithViews() .AddApplicationPart(typeof(MyAccountController).Assembly); services.Configure<IdentityServerOptions>(conf => { conf.Authentication.CookieAuthenticationScheme = IdentityConstants.ApplicationScheme; conf.UserInteraction.LoginUrl = "/MyAccount/Login"; conf.UserInteraction.LogoutUrl = "/MyAccount/Logout"; }); services.Replace(new ServiceDescriptor(typeof(IProfileService), typeof(MyCustomProfileService), ServiceLifetime.Transient));You will probably see that I do not have .AddIdentityServer() here, and that's because I'm extending an existing application (that has a plugin architecture) that has already made calls to .AddIdentityServer() and .AddAuthentication(), which is why I can't use .AddAspNetIdentity() as I don't have access to the IdentityServerBuilder. That's why I have added my own MyCustomClaimsFactory (inherited from UserClaimsPrincipalFactory<MyIdentityUser>) to handle claims in the same way as IdentityServer.AspNetIdentity does. It's also why I replace the IProfileService instead of just adding it.
This also means that app.UseAuthentication() is called by .UseIdentityServer() which is again called by the main application, not by me. The main application also calls app.UseAuthorization().
The .Configure<IdentityServerOptions> successfully overrides the login and logout URLs, so I would expect the scheme to be overridden as well.
Now, when, inside my Login() method I can run await SignInManager.PasswordSignInAsync(username, password, true, true) and subsequent calls to User.Identity.IsAuthenticated returns true. However, any call to User.Identity.IsAuthenticated outside of Login() returns false.
I have also tried adding HttpContext.SignIn(IdentityConstants.ApplicationScheme, User) to Login(), to no effect.
I also tried overriding the AuthenticationOptions but this also had no effect:
services.Configure<Microsoft.AspNetCore.Authentication.AuthenticationOptions>(config => { config.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme; config.DefaultChallengeScheme = IdentityConstants.ApplicationScheme; config.DefaultSignInScheme = IdentityConstants.ApplicationScheme; });I have both .AspNetCore.Identity.Application and idsrv.session cookies.
With this setup I can successfully log in a user and get my id and access tokens from IdentityServer, but not check User.Identity.IsAuthenticated after login.
I feel like there's something with the authentication schemes I'm missing, but I can't for the life of me figure it out.
What am I missing or doing wrong to cause User.Identity.IsAuthenticated to always be false even though the user is successfully signed in and the cookies are in place?
