Comments on: Cookie Authentication With ASP.NET Core and Angular

By: Marinko Spasojević

Marinko Spasojević — Tue, 30 May 2023 06:02:20 +0000

In reply to BGarcia.

This is for us to extract them and work with them. Maybe you need to check one of the claims and do something else based on the value of that claim. For that, you need to extract it using the User.Claims.

By: BGarcia

BGarcia — Mon, 29 May 2023 23:34:39 +0000

In reply to Marinko Spasojević. Ooooh I see, my bad. User is a ClaimsPrincipal object, I didn't know that. I guess that when you do User.Claims.Select it's going to take the claims you created in the SignInAsync method when the user logged in. Thanks for your response. By the way, Doesn't the method SignInAsync already includes a cookie in the response with the claims?. Do you really need the method GetUser to obtain the claims?.

By: Marinko Spasojević

Marinko Spasojević — Sun, 28 May 2023 07:04:43 +0000

In reply to BGarcia.

No. If you inspect the code, you will find the User property. On this property, you can call the Claims property. Internal authenticating mechanisms will pars all the auth data into the User property, and again, if you debug the code, you can find all the info you can extract from it.

By: BGarcia

BGarcia — Sat, 27 May 2023 19:43:15 +0000

Really good article. I'm trying to learn authentication with cookies in .Net and this is quite useful but I'm a bit confused with the GetUser method. You do this var userClaims = User.Claims.Select(x => new UserClaim(x.Type, x.Value)).ToList(); I'm confused with the User.Claims syntax. You say you're getting the users's claims. How does that work? Does this mean that when using claims on an application you can attach the ".Claims" keyword to any model you want or there are some rules to follow?.

By: Okan Sarica

Okan Sarica — Mon, 10 Apr 2023 09:27:32 +0000

How can we implement refresh logic here?

By: Marinko Spasojević

Marinko Spasojević — Wed, 18 Jan 2023 07:55:42 +0000

In reply to mrs.brightside.

Hello. We will see about the Blazor part, but to be honest, once you know the principles from one article, it isn’t hard to implement them into another framework. The API part is the main goal here, and it is already explained in this article. Blazor is just another framework on the client side so you can use this knowledge for sure. I did the same with the refresh token article that we had with Angular to create a Blazor article.

By: mrs.brightside

mrs.brightside — Tue, 17 Jan 2023 19:21:44 +0000

Thank you for this. It is hard to find tutorials for custom cookie authentication on SPA frameworks.

Could y’all do the same tutorial with Blazor WASM instead of Angular?

By: Marinko Spasojević

Marinko Spasojević — Fri, 25 Nov 2022 11:08:25 +0000

In reply to Muhammad Khoirudin.

I don’t believe it is a CORS issue. If it was CORS, you wouldn’t be able to send the sign-in request at all. It should’ve been rejected due to different URIs. Also, CORS will not return 401. 401 is Unauthorized, which means that your API returns that error when you try to access the protected action. Why is that? Well, I really don’t know, maybe something is wrong with the cookie or the auth configuration… or anything else. This is something I can’t know.

By: Muhammad Khoirudin

Muhammad Khoirudin — Fri, 25 Nov 2022 10:26:33 +0000

Thanks for your tutorial. However I get an issue, once sign in succeed, then call authorized endpoint API, in this second call I get 401. To my knowledge it’s caused by CORS mechanism. My URL API is https://localhost:7062, and client app URL is https://localhost:4200.

I have set the CORS, but after login it doesn’t set cookie in my client application yet. Can you advice me the solution. Thanks