0
0 Comments

I am trying to set custom cookies during the cookie and openIdConnect authentication/authorization in asp.net core 3.1 but not having any success. I hope someone can point me in the right direction. Here is my middleware setup:

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(option => {

            option.Events = new CookieAuthenticationEvents {
                 //Tried the OnSignedIn() to set the custom cookie but no avail
            }
                
        })
        .AddOpenIdConnect("Is4", options =>
        {
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "identityserver4.url";
            options.RequireHttpsMetadata = false;
            options.ClientId = "ClientId";
            options.ClientSecret = "ClientSecret";
            options.ResponseType = OpenIdConnectResponseType.Code;
            options.UsePkce = true;
            options.ResponseMode = "form_post";
            options.CallbackPath = "/signin-oidc";
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("offline_access");
            options.Scope.Add("customer-api"); 
           
            options.SaveTokens = true; 

            options.Events = new OpenIdConnectEvents
            {
                OnUserInformationReceived = (context) =>
                {
                    var accessTokenSplit = context.ProtocolMessage.AccessToken.Split(".");

                    context.Response.Cookies.Append(
                            key: "HeaderPayload",
                            value: "{accessTokenSplit[0]}.{accessTokenSplit[1]}",                             options: new CookieOptions                             {                                 Domain = "localhost:5001",                                 SameSite = SameSiteMode.Strict,                                 Expires = DateTimeOffset.UtcNow.AddMinutes(30),                                 Secure = true,                                 HttpOnly = false                             }                         );                      context.Response.Cookies.Append(                             key: "Signature",                             value:"{accessTokenSplit[2]}",
                            options: new CookieOptions
                            {
                                Domain = "localhost:5001",
                                SameSite = SameSiteMode.Strict,
                                Expires = DateTimeOffset.UtcNow.AddMinutes(30),
                                Secure = true,
                                HttpOnly = true
                            }
                        );

                    return Task.CompletedTask;
                }
        });

The 

HeaderPayload
and 
Signature
are my custom cookies I want the browser to have at the end of the authentication workflow. Instead I only see .AspnetCore.CookiesC1 and .AspnetCore.CookiesC2. I guess the cookie authentication middleware is not aware of my custom cookie I set in one of the AddCookie() or AddopenIdConnect() events. I can however set those cookies in a custom middleware with 
context.Response.Cookies.Append(...)
to show up in the browser but I won’t have access to the JWT access token there so would rather handle it in the authentication pipeline. Any thoughts or suggestions? Thanks

Anonymous Asked question May 15, 2021