ASP.NET identity auth session and cookie works only locally

I'm using ASP.NET Identity and it works perfectly locally with regular login and external login. For some reason when I publish my project and run it on remote server I have about 1 minuet of my authorization session. After 1 minute I'm redirected to my login page. (No error message)

My startup auth config:

public partial class Startup
    {
     public void ConfigureAuth(IAppBuilder app)
        {
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                ExpireTimeSpan = TimeSpan.FromDays(2),
                Provider = new CookieAuthenticationProvider
                {
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, VisU>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });
            var googleOptions = new GoogleOAuth2AuthenticationOptions()
                   {
                       ClientId = "***",
                       ClientSecret = "***",
                       SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
                       Provider = new GoogleOAuth2AuthenticationProvider()
                       {
                           OnAuthenticated = (context) =>
                       {
                           context.Identity.AddClaim(new Claim("urn:google:name", context.Identity.FindFirstValue(ClaimTypes.Name)));
                           context.Identity.AddClaim(new Claim("urn:google:email", context.Identity.FindFirstValue(ClaimTypes.Email)));
                           context.Identity.AddClaim(new Claim("urn:google:accesstoken", context.AccessToken, ClaimValueTypes.String, "Google"));
                           return Task.FromResult(0);
                       }
                   }
               };
               app.UseGoogleAuthentication(googleOptions);
}

My Account controller:

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    return View();
}


[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<string> Login()
{
            var result = await SignInManager.PasswordSignInAsync(Request.Form["emailLogin"], Request.Form["passwordLogin"], true, shouldLockout: true);
            switch (result)
            {
                case SignInStatus.Success:
                    return ViewBag.ReturnUrl ?? "https://localhost:44300/Account";
                case SignInStatus.LockedOut:
                    return Resources.Multilang.ERRORLockedOut;
                case SignInStatus.Failure:
                    //Mail or password are incorrect
                    return Resources.Multilang.ERRORInvalidLogin;
                default:
                    return Resources.Multilang.ERRORInvalidLogin;
            }
  }

What could be a reason for this behavior?

("https://localhost:44300/" is changed to my domain name when published.)

1 answer

  • answered 2018-04-14 14:22 qingwu

    return ViewBag.ReturnUrl ?? "https://localhost:44300/Account";
    

    show the value(ViewBag.ReturnUrl) is null