Hi everyone, I'm working on an Umbraco 13 project and have been trying to set up Cookie based authentication (https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0) We have an external data source being used for front-end user accounts, to which all I want to do is used the Cookie based authentication to control the authentication process. I found some older code in the Umbraco forums that lead me to this current set up of code: Image1 for my AddUserCookieAuthentication builder extension Image2 for how I add this extenstion in Startup.cs Image3 for adding the use Authentication to the app in Startup.cs Image4 is where my code for logging the user in. All of this works great. I can properly check if a user is logged in and authenticated using "HttpContext.User.Identity.IsAuthenticated" and obtain the data from the Claims. I just ran into an issue where if I am logged in on the frontend, the back office is broken for me. (I can still open an incognito window and login there and everything works fine) In the console I see this error:

Possibly unhandled rejection: The user object is invalid, the remainingAuthSeconds is required.

I'm pretty sure it has to do with how I'm using the cookie authentication. Is there any way to fix this? Or is there anyway to better setup the cookie authentication than how I am doing it currently? If anymore information is needed, please let me know and I can provide it! Thank you! https://cdn.discordapp.com/attachments/1305939609548492870/1305939609758470214/image.png?ex=6734da8a&is=6733890a&hm=43e0a7c12f81eed0e65cab3da0dae71e03d4f720cf3d7ce571719b10f29483df& https://cdn.discordapp.com/attachments/1305939609548492870/1305939610261520484/image.png?ex=6734da8a&is=6733890a&hm=6d2816d406f193c1c2c9ddd794c9db2d00e3fb234e5f47c8e2277e7012ea2c26& https://cdn.discordapp.com/attachments/1305939609548492870/1305939610530086973/image.png?ex=6734da8a&is=6733890a&hm=faea64d792ab91d041149de01e37786e136a4956126bee4d6aba6b094ba5e68f& https://cdn.discordapp.com/attachments/1305939609548492870/1305939610786074714/image.png?ex=6734da8a&is=6733890a&hm=7b63405b97a65717deb380f2c7c98522505d7057ab4b134a10be884c7fc6fc86&

Hi there! I'm not sure if I can help you all the way, but there are a few things that I notice in your code that I can point out. - You do not need the call to

u.AppBuilder.UseAuthentication()

. Umbraco does that automatically for you. This could potentially be why you can't login anymore in the backoffice - If you have your own data source for user accounts, then you likely don't want to use Umbraco's member logic, as that is built upon Umbraco's built-in members. - Umbraco uses some of the default constants. I don't know if

CookieAuthenticationDefaults.AuthenticationScheme

is one of them, but you likely want to use a unique scheme for your own cookies. Notice that this constant doesn't really do any magic. It's a magic string that identifies your cookie authentication instance. You can exchange it for any other string, as long as you use the same string everywhere. - I would not use

AddMemberLogin

if you don't use Umbraco's built-in members. Just do it the plain ASP.NET way.

Thank you for these suggestions! I used all of them to move my code around, removed the "u.AppBuilder.UseAuthentication()" code, gave the authentication scheme a new unique name, and moved everything out of the AddMemberLogin to just use .NET default. I kept the setup in the same builder extension though. With all of these in place, I was able login and logout, and the issues with back office were gone. Thank you!

Hey @imadtbro Thank you for your original post! I am having similar problems getting my Umbraco 13 solution to play nicely with Asp.Net Core Cookie based authentication. Your images showing your setup was very helpful! I thought I had carried out the same steps but am still unsuccessful in getting the HttpContext.User to be authenticated. However, I can see the custom auth cookie gets created successfully. Would you please be able to show me where you had the app.UseAuthentication() and app.UseAuthorization() methods as I think this is the key to getting it set up. Thanks in advance!

Hi there! You should have no need for calls to

UseAuthentication

or

UseAuthorization

, because Umbraco already does that for you. If you find that

HttpContext.User

does not contain an authenticated user, then make sure that you have your controller or action decorated with an

Authorize

attribute. Without the attribute, ASP.NET won't populate the user property in your http context.

Hi @D_Inventor Thank you for replying so quickly last week! As suggested, I removed the UseAuthentication and UseAuthorization calls. However, I still had an issue with my code. After decorating my controller action with the [Authorize] action, I was being redirected to the default login page, which lead to me understand that my scheme was not being used, and my Context.User still not authenticated. Then after many hours scratching my head, I found the missing piece. I had not set the Default Authentication Scheme to my newly implemented scheme! This line was not needed when setting up a simple empty .Net Core web application with a simple auth example. Please see my finished result in the attached image. Thanks again!

Cool cool! Nice that you managed to make it work!