Espionage
Espionage
PostsComments
CC#
Created by Espionage on 1/22/2025 in #help
✅ Identity Help
I have a React Frontend where I'm doing OAuth with Google, and I wanted to pass along this signin to my aspnetcore backend. I've implemented identity and can see during the login process that my HttpContext.User has been set correctly with its basic claims. In the logs at that time I see this: 
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
      AuthenticationScheme: Identity.Application signed in.
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
      AuthenticationScheme: Identity.Application signed in.
I check my browser, I can see the cookie has been set succesfully, when I send a new request from the frontend to a test endpoint to verify this flow, I can see the cookie is being passed back to the API in the headers, shouldnt it just work at that point? In the server logs I see the following: 
dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[9]
      AuthenticationScheme: Cookies was not authenticated.
dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[9]
      AuthenticationScheme: Cookies was not authenticated.
Any ideas on where to go next?
32 replies
CC#
Created by Espionage on 2/5/2023 in #help
❔ Moving from Development to Production
I want to be more secure in my .NET server application, atm my db connection string is just stored in the appsettings.json. What would you do to actually protect it in some way, I was thinking maybe set it as an environment variable, but I dont really understand how that would help? What strategies would you employ and why?
4 replies