c# - Login not remembered in Nancy.Authentication.Forms? -

c# - Login not remembered in Nancy.Authentication.Forms? -

messing around problem on , off lastly couple of weeks need prepare , cant seem head around it.

in short: have nancy app forms authentication enabled. works fine expect sessions not persisted between app restarts, seems. should work because forms authentication uses cookies default. guys have thought might cause behavior? here's code:

bootstrapper.cs:

protected override void requeststartup(tinyioccontainer container, ipipelines pipelines, nancycontext context) { base.requeststartup(container, pipelines, context); var formsauthconfiguration = new formsauthenticationconfiguration() { redirecturl = "~/user/login", usermapper = container.resolve<iusermapper>() }; formsauthentication.enable(pipelines, formsauthconfiguration); }

and in app startup:

protected override void applicationstartup(tinyioccontainer container, ipipelines pipelines) { base.applicationstartup(container, pipelines); nancy.session.cookiebasedsessions.enable(pipelines); //nancy.session.memorycachebasedsessions.enable(pipelines); <-- disabled sure nancy.json.jsonsettings.retaincasing = true; nancy.json.jsonsettings.maxjsonlength = int32.maxvalue; staticconfiguration.disableerrortraces = false; elmahlogging.enable(pipelines, "elmah"); //some background job initialization... }

the route in het module handling login/post request:

post["/login"] = parameters => { verifyuserviewmodel userlogindata = this.bind(); var verified = usermanager.verifyaccount(userlogindata.email, userlogindata.password); userlogindata.loginfailed = false; if (verified == false) { userlogindata.loginfailed = true; homecoming view["signin", userlogindata]; } else { var user = usermanager.getbyemail((string)request.form.email); datetime? expiry = null; if (this.request.form.rememberme.hasvalue) { expiry = datetime.now.adddays(30); } homecoming this.loginandredirect(user.guid, expiry, "/dash"); } };

finally, iusermapper implementation:

public class userdatabase : iusermapper { private readonly iusermanager _usermanager; public userdatabase(iusermanager usermanager) { _usermanager = usermanager; } public nancy.security.iuseridentity getuserfromidentifier(guid identifier, nancy.nancycontext context) { var user = (reflectuser)_usermanager.getbyguid(identifier); var identity = new reflectwebuser(); identity.map(user); homecoming identity; } }

you guys notice unusual code hinder session persistence?

please note using token based auth in app have disabled testing. also, problem nowadays before implementing token auth.

thanks!

incase link dies.

the problem nancy generates crypto key when application started, means when rebuild app during development, , re-request page, cookie check fail , removed causing user appear unauthenticated.

the same happen if iis recycled, app start again, generate new key, bam users logged out.

the solution generate specific key yourself. when configuring forms auth can create own crypto config:

var cryptographyconfiguration = new cryptographyconfiguration( new rijndaelencryptionprovider(new passphrasekeygenerator("supersecretpass", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 })), new defaulthmacprovider(new passphrasekeygenerator("ubersupersecure", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }))); var config = new formsauthenticationconfiguration() { cryptographyconfiguration = cryptographyconfiguration, redirecturl = "/login", usermapper = container.resolve<iusermapper>(), };

this persist logins during development , application recycles.

c# asp.net nancy