Hello,
I'm implementing MVC with Asp.Net Identity , however, I'm having some problems ...
Scenario: I'm logging in from the HTTP protocol, everything goes in normally. When I try to access any page with HTTPS protocol, it does not see that I am logged in. But the cookie is there ... I researched what could be and found that Cookie is not specifying the Secure flag.
Objective: I need to authenticate only with a user, I can force HTTPS to log in, but if someone accesses some page through http strong> the system will not see that I am authenticated. How do I view a single authentication in both HTTP and HTTPS ?
Here is my Identity Startup class:
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromSeconds(0),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
ExpireTimeSpan = System.TimeSpan.FromDays(100),
});
}
}
I do not know where to put this configuration (forcing HTTP to see HTTPS authentication in a more general way).