Login loop over HTTP with ASP.NET Core Angular template with individual auth

Miggleness commented 3 years ago

Describe the bug

Login in ASP.NET + Angular + Identity server boilerplate doesn't work over HTTP.

While one can argue that we should be using HTTPS all the time, there are cases where that is just not possible.

To Reproduce

Create new project ASP.NET Core
- .NET Core 5
- Auth Type: Individual Accounts
- Configure for HTTPS: No
Update project debug settings and uncheck Enable SSL
Start project -> Register -> Create user account
Login - you get routed back to the login page after supplying a valid username/password

Further technical details

ASP.NET Core version: 5
Include the output of dotnet --info
```
7d337295
```

.NET SDKs installed: 5.0.100-preview.6.20318.15 [C:\Program Files\dotnet\sdk] 5.0.200-preview.21077.7 [C:\Program Files\dotnet\sdk] 5.0.201 [C:\Program Files\dotnet\sdk]

.NET runtimes installed: Microsoft.AspNetCore.All 2.1.23 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.26 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.23 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.26 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.9 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.0-preview.6.20312.15 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.1.23 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.26 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.0-preview.6.20305.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.9 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.13 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.0-preview.6.20308.1 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]


- The IDE (VS / VS Code/ VS4Mac) you're running on, and its version: VS 2019 Community 16.9.2

javiercn commented 3 years ago

@Miggleness thanks for contacting us.

We don't recommend using HTTP for sensitive operations like authentication and as a result this is not something that we support out of the box nor something we have plans to support.

Miggleness commented 3 years ago

@javiercn I understand and agree with that. Could you give a hint where I need to look at to get this to work on HTTP?

TIA

javiercn commented 3 years ago

@Miggleness unfortunately is not something I can give you an answer of the top of my head, if you are running into these types of issues it likely requires debugging through the authentication flow to understand what's going on and we don't have resources for doing that given that it is not something we support.

I would suggest starting by looking at the HTTP requests and responses for auth and putting breakpoints to determine where its looping, that's the best I can suggest.

Miggleness commented 3 years ago

Thanks @javiercn

dotnet / aspnetcore