CookieAuthenticationOptions.LoginPath doesn't support url fragments

aspnet / AspNetKatana

Microsoft's OWIN implementation, the Katana project

Apache License 2.0

966 stars 333 forks source link

CookieAuthenticationOptions.LoginPath doesn't support url fragments #409

Closed benherronscope closed 3 years ago

benherronscope commented 3 years ago

Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions.LoginPath requires a Microsoft.Owin.PathString which doesn't currently support url fragments which are actually valid for a url to a login page.

e.g. app.UseCookieAuthentication(new CookieAuthenticationOptions() { LoginPath = new PathString("/spa/#/login/"), });

will get the "#" encoded to "%23" when it shouldn't be.

PathString supports adding a QueryString via .Add() but does not support adding a FragmentString.

Tratcher commented 3 years ago

Correct, fragments aren't supported here, and they're unlikely to be added at this point.

The best workaround at the moment is to customize the redirect in the OnApplyRedirect event. https://github.com/aspnet/AspNetKatana/blob/d196e785e277452f1382dded08ca12974d29170e/src/Microsoft.Owin.Security.Cookies/Provider/CookieAuthenticationProvider.cs#L52

benherronscope commented 3 years ago

Thanks for the response.