Umbraco V10 - How to add login via Cookie Authentication

Question

So we have been migrating an umbraco project from version 8 to version 10, from .NetFramework to .NetCore 6. Most of the code has move overly nicely but one of the last things left to convert over is front end logins using Cookie Authentication.

The Cookie Authentication code implemented is the same as the .NetCore 6 documentation (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-6.0).

Startup.cs:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddCookie();

        services.AddUmbraco(_env, _config)
            .AddBackOffice()
            .AddWebsite()
            .AddComposers()
            .Build();
    }

   
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseUmbraco()
            .WithMiddleware(u =>
            {
                u.UseBackOffice();
                u.UseWebsite();
            })
            .WithEndpoints(u =>
            {
               u.UseInstallerEndpoints();
                u.UseBackOfficeEndpoints();
                u.UseWebsiteEndpoints();
            });
    }

SignIn Code

var claims = new List<Claim>
    {
        new Claim(ClaimTypes.Name, "[email protected]"),
        new Claim("FullName", "Some Name"),
        new Claim(ClaimTypes.Role, "Administrator"),
    };

var claimsIdentity = new ClaimsIdentity(
   claims, CookieAuthenticationDefaults.AuthenticationScheme);

var authProperties = new AuthenticationProperties
{
};

await Context.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme,
    new ClaimsPrincipal(claimsIdentity),
    authProperties);

This code has been added to the project which is being migrated but does not work. To test if the issue is in the code or something existing in the project being migrated, the above code has been added to a fresh new Umbraco 10 project and it still doesn't work. The same code has been added to a fresh new .NetCore 6 Web App and it does work in the .NetCore 6 Web App.

When the sign in code is ran in the umbraco version 10 projects, the relvant cookie is created and can be found in the browser but after the page is refreshed only a blank user with no claims can be found in the HttpContext.

var Context = HttpContextAccessor.HttpContext;
    if (Context == null)
        return false;
return Context.User.Identity.IsAuthenticated;

This is leading me to believe that there is something in Umbraco Version 10 which is throwing off something between the Cookie Authentation and pulling the users information through to the HttpContext, because the same code is working fine in a normal .NetCore 6 project but not in a Umbraco 10 project.

Has anyone had this issue before or has implamented Cookie Authentication in Umbraco version 10 and can point me in the right direction?

Answer 1

I was also facing the same issue and I got it working by calling .AddUmbraco before .AddAuthentication and also setting DefaultAuthenticateScheme on the AuthenticationOptions. Like this:

public void ConfigureServices(IServiceCollection services)
{
    services.AddUmbraco(_env, _config)
            .AddBackOffice()
            .AddWebsite()
            .AddComposers()
            .Build();

    services.AddAuthentication(x =>
    {
        x.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    })
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
}