Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

.NET Core Identity doesn't refresh auth cookie for static files and throws 500 error

Tags:

angular

.net-core

cookies

static-files

asp.net-core-identity

I have .NET Core Web API app with Angular 2 on client-side.
I setup .NET Core Identity with the following options in Startup.cs: 

options.Password.RequiredLength = 5;                                              
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.SecurityStampValidationInterval = TimeSpan.FromMinutes(1);
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 100;
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(14);
options.Cookies.ApplicationCookie.LoginPath = "/api/signin/signin";
options.Cookies.ApplicationCookie.LogoutPath = "/api/signin/signout";
options.User.RequireUniqueEmail = false;

So,

  1. User is logged in - auth cookie is set.

  2. 60 seconds later - calls to API/* end-points update this cookie to a new value .. so calls work

  3. However calls to HTML/JS files do not update the cookie - they continue to use the previous cookie which now is presumably not tied to the session which then means we get the 500 error as it can't do something.

  4. Loading any API/* end-point updates the cookie and HTML/JS files work again.

So in short - the issue seems to be related to auth cookie not being refreshed for all the static content. And it just works fine without any cookie, when user is logged out.

How can I fix that? Thanks in advance.

like image 994
A. Gladkiy Avatar asked Dec 08 '25 08:12

A. Gladkiy

1 Answers

According to docs section Introduction to working with static files in ASP.NET Core:

The static file module provides no authorization checks.

Solution for this (from the same article):

  • Store them outside of wwwroot and any directory accessible to the static file middleware and
  • Serve them through a controller action, returning a FileResult where authorization is applied

So basically you have to either make some requests for your API constantly to update the session or create some dummy controller for static files.

like image 182
VMAtm Avatar answered Dec 10 '25 07:12

VMAtm
Sign in to Comment

Related questions

Ng-bootstrap modal not showing
Pass an array object to ng-template from ng-for
IdentityServer4 Audience validation failed
Angular 2 TS object array only defined while subscribed to service
Angular2 Router: Cannot find the outlet XOutlet to load YComponent
Tour of Heroes tutorial issue with "angular-in-memory-web-api"
Angular2 ngModel not updated after async callback
how to use uib-tabset in angular2 using ng-bootstrap?
Angular 5 Unit testing throwing error for "components should create " test case
Angular subscribe push object to array
Angular material not loading styles correctly
Error with LoadingOption when I want set new loadingController
Single array JSON object will not print (Ionic 2)
Security in using local storage for HTML Angular 2 Project
Changing top level routes for multiple Angular apps served from single nginx server?
execute function on any key press angular

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!