我们有一个正常的操作方法,其中我们执行以下操作:
CookieOptions cookieOptions = new CookieOptions
{
IsEssential = true,
SameSite = SameSiteMode.None,
Secure = true,
HttpOnly = false
};
HttpContext.Response.Cookies.Append("helpmework", "1", cookieOptions);
return Challenge(authenticationProps, scheme); // Request following this call does not contain above cookie
return Ok(); // next request successfully contains cookie
基本上,如果我们通过调用 来结束该方法Challenge,则从 继续运行的部分代码Challenge不会最终获得添加的 cookie。如果我们首先添加 cookie(在单独的请求中),然后尝试使用 执行上述操作Challenge,我们就可以很好地看到 cookie。
So the problem seems to be that if I add a cookie in the same request that I wish to authorize via Challenge, the cookie is still not saved in the HttpContext following the Challenge call, which was the reason I ended up using a cookie in the first place.
I think the cookie is not saved until the actual response is sent, which might explain why this happens. Any alternatives to the issue I'm experiencing?
Which kind of Authentication method are you using? Based on your code, I have checked it in my application (JWT authentication), after running the application, when access this action, it will return a 401 error page, use F12 developer tools to check the website cookie, I can find the cookie, the screenshot like this, please check it. Besides, you could also check whether you have enabled session in your application and enabled cookies in the browser. If still not working, try to post the related code in the configure service, it might help to fix it.
@ZhiLv I'm using OpenID connect middleware for the challenge. The SignInScheme is set to use IdentityServer4's cookie scheme, but I don't think that's related.