Commander
Commander
PostsComments
CC#
Created by splifeh on 3/13/2024 in #help
✅ Hey, I am getting this error in VS code whenever I am trying to use a C# file.
Did you do dotnet --info in a console? Sounds like you are missing the SDK
25 replies
CC#
Created by Commander on 3/13/2024 in #help
.NET 8 Simple Cookie Authentication
I intentionally made the key the cookie is signed with to be random each time, so I get it invalidated. I can create a cookie event, where I manually validate the cookie. But isn't there a build in way to do this? I am confused about what is the intented and proper way to validate these cookies.
3 replies
CC#
Created by Commander on 3/13/2024 in #help
.NET 8 Simple Cookie Authentication
When someone logs in, this code is executed: 
private async Task LogInAccount(UserAccount account, string activity)
{
    var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
    identity.AddClaim(new Claim(ClaimTypes.Role, account.Type.ToString()));
    identity.AddClaim(new Claim(ClaimTypes.Sid, account.GetIdAsString()));
    identity.AddClaim(new Claim(ClaimTypes.Name, account.Name));
    identity.AddClaim(new Claim(Constants.AccessTokenClaim, GetAccessToken(account.GetIdAsString())));

    var principal = new ClaimsPrincipal(identity);
    var authProperties = new AuthenticationProperties();
    authProperties.AllowRefresh = true;
    authProperties.IsPersistent = true;
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, authProperties);
}

private static string GetAccessToken(string userId)
{
    var identity = new ClaimsIdentity(new List<Claim>
    {
        new Claim(Constants.AccessTokenSubClaim, userId)
    });

    byte[] byteArray = new byte[32];
    RandomNumberGenerator.Create().GetBytes(byteArray);
    var strKey = Encoding.UTF8.GetString(byteArray);
    var bytes = Encoding.UTF8.GetBytes(strKey);
    // This is the problem here ^ i intentionally generate a random key each time, because I want to check if I will get an error

    var key = new SymmetricSecurityKey(bytes);
    var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

    var now = DateTime.UtcNow;
    var handler = new JwtSecurityTokenHandler();

    var token = handler.CreateJwtSecurityToken(
        Constants.JWTIssuer, Constants.JWTAudience, identity,
        now, now.Add(TimeSpan.FromHours(Constants.LoginTimeoutHours)),
        now, signingCredentials);

    return handler.WriteToken(token);
}
private async Task LogInAccount(UserAccount account, string activity)
{
    var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
    identity.AddClaim(new Claim(ClaimTypes.Role, account.Type.ToString()));
    identity.AddClaim(new Claim(ClaimTypes.Sid, account.GetIdAsString()));
    identity.AddClaim(new Claim(ClaimTypes.Name, account.Name));
    identity.AddClaim(new Claim(Constants.AccessTokenClaim, GetAccessToken(account.GetIdAsString())));

    var principal = new ClaimsPrincipal(identity);
    var authProperties = new AuthenticationProperties();
    authProperties.AllowRefresh = true;
    authProperties.IsPersistent = true;
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, authProperties);
}

private static string GetAccessToken(string userId)
{
    var identity = new ClaimsIdentity(new List<Claim>
    {
        new Claim(Constants.AccessTokenSubClaim, userId)
    });

    byte[] byteArray = new byte[32];
    RandomNumberGenerator.Create().GetBytes(byteArray);
    var strKey = Encoding.UTF8.GetString(byteArray);
    var bytes = Encoding.UTF8.GetBytes(strKey);
    // This is the problem here ^ i intentionally generate a random key each time, because I want to check if I will get an error

    var key = new SymmetricSecurityKey(bytes);
    var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

    var now = DateTime.UtcNow;
    var handler = new JwtSecurityTokenHandler();

    var token = handler.CreateJwtSecurityToken(
        Constants.JWTIssuer, Constants.JWTAudience, identity,
        now, now.Add(TimeSpan.FromHours(Constants.LoginTimeoutHours)),
        now, signingCredentials);

    return handler.WriteToken(token);
}
3 replies