ASP.NET Core 3.1 identity persist cookie authentication after web deploy publish to remote IIS still fails

0
votes

ASP.NET Core 3.1 identity persist cookie authentication after web deploy publish to remote IIS still fails

I am usling solution from this answer https://stackoverflow.com/a/56493862/3650307

public Startup(IConfiguration configuration, IHostingEnvironment environment) {
  Configuration = configuration;
  hostingEnvironment = environment;
}

private IHostingEnvironment hostingEnvironment;

public IConfiguration Configuration { get; }

// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services) {
  // create a directory for keys if it doesn't exist
  // it'll be created in the root, beside the wwwroot directory
  var keysDirectoryName = "Keys";
  var keysDirectoryPath = Path.Combine(hostingEnvironment.ContentRootPath, keysDirectoryName);
  if (!Directory.Exists(keysDirectoryPath)) {
    Directory.CreateDirectory(keysDirectoryPath);
  }
  services.AddDataProtection()
    .PersistKeysToFileSystem(new DirectoryInfo(keysDirectoryPath))
    .SetApplicationName("CustomCookieAuthentication");

  services.Configure<CookiePolicyOptions>(options =>
  {
  ...

I have done a lot of googling and research (if this one is also relevant to asp.net core 3.1 https://stackoverflow.com/a/3516058/3650307 )

I am deploying to russian based web hosting REG.RU, after IIS Web Deploy Publish my cookie still doesnt persist, I have to login again after each redeploy.

I undestand that community will suggest me to examine extensively my remote server hosting logs, but at least help me what to look for and how generally enable and view logs on remote windows web asp.net application hosting providers (in general, REG.ru hosting uses Plesk admin panels, however I understand that logging is probably enabled in web.config or other ASP.NET application folder filer)

Has anyone else recently experienced problems with persist cookie login asp.net core 3.1 identity when publishing IIS web deploy to ASP.NET windows hostings?

May the rewriting of web.config file during publishing affect restart of the application and so the cookie no longer works even though Keys storage is considered? If yes, is there way to prevent web.config rewriting?

And yes, the Keys folder appears on FTP when I check with xml keys file

1
c#asp.netiiscookiesasp.net-identity
one developer hinted me and I got an idea to untick "Remove additional files at destination" in publishing profile options. This was both genius and easy and obvious. However now I am trying to understand how unticked "Remove additional files at destination" may affect my pulish lifecycle for when I am updating app with never builds and for example I want some files to be removed for example static img and js content, may I have to remove them manually via ftp with the remove additional files option unchecked during publish updates lifecycleuser3650307

1 Answers

0
votes

The persistence granted by IsPersistent is, only meant to imply that the authentication will persist through browsing sessions (that is, it is kept even when the browser is closed). You need a combination of Persistence and to set an expiration time for the cookie. The expiration of the cookie can be set via the CookieAuthenticationOptions, using the ExpireTimeSpan option.