C
C#2w ago
prodijay

Unable to get logged in user when using React SPA

I'm trying to get the logged in user so that I can add them to my Study model instances, to then add to my database. I get the logged in user in my controller like so: var user = await _userManager.GetUserAsync(HttpContext.User); When accessing my controller via Swagger, user correctly returns the logged in user. However when accessing my controller via my React SPA (after logging in and returning a cookie), it returns null. Is there something I'm missing? For context, I am currently using cookie-based authentication with my React SPA. My fetch requests look like this: Login fetch; query is required to set useCookies to true. 
export async function fetchWithQuery(endpoint, method, data, query) {
  try {
    const response = await fetch(
      `${import.meta.env.VITE_BACKEND_DOMAIN}${endpoint}?${new URLSearchParams(
        query
      ).toString()}`,
      {
        method,
        body: data,
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
    return response;
  } catch (err) {
    if (err) return err;
  }
}
export async function fetchWithQuery(endpoint, method, data, query) {
  try {
    const response = await fetch(
      `${import.meta.env.VITE_BACKEND_DOMAIN}${endpoint}?${new URLSearchParams(
        query
      ).toString()}`,
      {
        method,
        body: data,
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
    return response;
  } catch (err) {
    if (err) return err;
  }
}
Fetch function used to get all studies made by a user. 
export async function getDataFromFetch(endpoint) {
  try {
    const response = await fetch(
      `${import.meta.env.VITE_BACKEND_DOMAIN}${endpoint}`,
      {
        mode: "cors",
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
    return response;
  } catch (err) {
    if (err) return err;
  }
}
export async function getDataFromFetch(endpoint) {
  try {
    const response = await fetch(
      `${import.meta.env.VITE_BACKEND_DOMAIN}${endpoint}`,
      {
        mode: "cors",
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
        },
      }
    );
    return response;
  } catch (err) {
    if (err) return err;
  }
}
I think I've set up CORS correctly, as when I login from the React SPA a cookie is set. 
c#
builder.Services.AddCors(options =>
{
  options.AddPolicy(
    name: MyAllowSpecificOrigins,
    policy =>
    {
      policy.WithOrigins(["http://localhost:5173"])
      .AllowAnyHeader()
      .AllowAnyMethod()
      .AllowCredentials();
    });
});
c#
builder.Services.AddCors(options =>
{
  options.AddPolicy(
    name: MyAllowSpecificOrigins,
    policy =>
    {
      policy.WithOrigins(["http://localhost:5173"])
      .AllowAnyHeader()
      .AllowAnyMethod()
      .AllowCredentials();
    });
});
The repo for the backend code: https://github.com/jasonHYLam/csharp-test
GitHub
GitHub - jasonHYLam/csharp-test
Contribute to jasonHYLam/csharp-test development by creating an account on GitHub.
7 Replies
prodijay
prodijay2w ago
StudyController.cs (https://github.com/jasonHYLam/csharp-test/blob/main/Controllers/StudyController.cs) 
c#
[ApiController]
[Route("[controller]")]
public class StudyController : ControllerBase
{
  private readonly Cloudinary _cloudinary;
  private readonly UserManager<User> _userManager;
  private readonly ApplicationDbContext _context;

  public StudyController(
    ApplicationDbContext context,
    UserManager<User> userManager,
    Cloudinary cloudinary
    )
  {
    _context = context;
    _userManager = userManager;
    _cloudinary = cloudinary;
  }

\\ ... 

  [HttpGet("allStudies")]
  public async Task<ActionResult<IEnumerable<StudyPreviewDTO>>> GetAllStudies()
  {

    var user = await _userManager.GetUserAsync(HttpContext.User);
    Console.WriteLine("checking user"); 
    Console.WriteLine(HttpContext.User);  // returns null
c#
[ApiController]
[Route("[controller]")]
public class StudyController : ControllerBase
{
  private readonly Cloudinary _cloudinary;
  private readonly UserManager<User> _userManager;
  private readonly ApplicationDbContext _context;

  public StudyController(
    ApplicationDbContext context,
    UserManager<User> userManager,
    Cloudinary cloudinary
    )
  {
    _context = context;
    _userManager = userManager;
    _cloudinary = cloudinary;
  }

\\ ... 

  [HttpGet("allStudies")]
  public async Task<ActionResult<IEnumerable<StudyPreviewDTO>>> GetAllStudies()
  {

    var user = await _userManager.GetUserAsync(HttpContext.User);
    Console.WriteLine("checking user"); 
    Console.WriteLine(HttpContext.User);  // returns null
Do HttpContext.User and _userManager work differently when using a SPA? Thank you!
tera
tera2w ago
did you verify cookie is actually sent? either debug backend app or check requests in browser devtools network tab
prodijay
prodijay2w ago
Yes a cookie is being sent when I login through my React SPA which fetches the backend "/login" endpoint.
No description
tera
tera2w ago
network tab > specific request > check headers also you should take look at official auth (middleware) docs. most likely you want to add [Authorize] to all endpoints/controllers that require authenticated users. so you don't check if user is auth'd yourself in each one manually
prodijay
prodijay2w ago
This is what I see for the login request's response header.
No description
prodijay
prodijay2w ago
I've read through the ASPNET Core Identity docs a few times already: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-8.0&tabs=visual-studio Is there something specifically I should be looking for? I've added the useCookies and useSessionCookies query strings to the login request because of that, but that still didn't solve my issue of not getting the logged in user. Actually I notice the yellow warning symbol, let me investigate that. It's complaining about the sameSite=lax not agreeing with the cross site response. I think I managed to fix it! I think it was due to an error with my cookie; the SameSite property was set to lax, which works for when testing with Swagger, but not with React because SameSite needs to be set to none when working with cross-site responses. Specifically configuring the cookie policy such that SameSite=none and Secure=true allowed me to get the logged in user in the corresponding backend controller action. Thank you for pointing me in that direction. If you hadn't told me to check the cookie again I would have missed the detail about SameSite needing to be none. By the way did you have that in mind when you read through my problem? Did you know that there was an issue with my cookies? I seriously doubt I would have found this solution on my own, and I don't think the docs would necessarily help in this situation either.
tera
tera2w ago
i meant request (not response) headers for the request you were having issues with (not login request as you said that was ok) yea i had some suspicion but wasn't too sure that's why i go: is the client sending what it should? is the server receiving it? then middleware troubleshooting next mozilla docs has some good pointers about cookie flags and in general might be useful to go over some of the settings might only be needed in local dev... different than e.g. when you deploy and have API and SPA behind a reverse proxy on same domain
Want results from more Discord servers?
Add your server
More Posts
Docker non-root access volume for runtime imageI have this `Dockerfile` ```bash FROM mcr.microsoft.com/dotnet/runtime:8.0 AS base USER app RUN mkStateHasChanged not working in timers.Hello, am trying to make a countdown timer to a specific date, it all works but for some reason even✅ how to write web.config for IIS deployI wanted to deploy an ASP.NET Core application to IIS, but when I created the site and configured itThe generated C# executable does not run on empty computers.I have a project that is based on: * A backend, generated with c# with the .net6.0 SDK. * A frontenLibraryImport examples, especially on LinuxHas anyone got examples of usage of the newer LibraryImport infrastructure (?) as opposed to DllImpo✅ Namespace errorThe type or namespace name 'Game' does not exist in the namespace 'Rhythm_Flow' (are you missing an method with object lists errorHey all, new to C# and am trying to learn some basics, so im starting by making a trivia game, howev✅ The code doesnt work as intendedThe user is suppoed to write how many points(poäng) the user have, for example 100 points, and the phttps://github.com/Sudhanshu-GIT-00/.Net_Microservices.githai my problem is when we try the new register login the giving the error but the data is come in i migrating from sqlserver to mongo db but in login the page throeing an errror ExpressionNotSupportwhen i click on the login button it throws me an error ExpressionNotSupportedException: Expression n