TokenNotFound about aspnetcore-connect-sample HOT 6 CLOSED

@Mrcl1450 sorry for not getting back to you earlier!
Let me understand your problem!

When you restart the running app (restart the webserver, restart your computer, etc.) the server's working memory gets deleted. The users' authentication tokens are stored in this memory. If the user's browser thinks he is still logged in (the token in the user's browser is not yet expired) it won't want to re-authenticate as it thinks the token cache still contains the user's token (but it doesn't as it was cleared when the app was restarted). That's when this error gets throwed. AFAIK I have implemented that when the app gets this error, it'll automatically redirect you to the login page and re-authenticate.

What do you mean by this:

Since yesterday I can only login 1 time after restart the computer.

Mark

from aspnetcore-connect-sample.

Hey, thanks for answering.
That's exacly what happens but it doesn't redirect to the login page, this occur only on debug even disabling the exceptions.

Basically I mean what you said, only redirects after restart, after stopping debugging/start again it throws the error.
The only change I've done in your code was
options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}/v2.0";

Maybe I'm missing here something simple, I'll test in a fresh project as soon as I can.

from aspnetcore-connect-sample.

Ok, I'll have a look on this on the weekend. What you need to know is, that 1. this server restarting thing should not happen in production, so this is more like a dev-only problem and 2. It's recommended to use some kind of persistent storage for storing the auth tokens (like an SQL server).

from aspnetcore-connect-sample.

Hi Mark,

I am also experiencing the same issue and it is something that would like to resolve. I understand the cause of the issue and how it is more likely to happen in development but wouldn't it also happen after a publish to azure?

I would be happy if it would just redirect to login again when the error happens. Is it this line that is meant to be responsible for this?

await httpContext.ChallengeAsync();

I guess persisting the auth tokens would be another solution. Are there any examples for this? I have not been able to find any.

cheers

from aspnetcore-connect-sample.

Hi @timmynz
I've just re-checked and I was right, this was fixed in 41e6cfe
It should catch this exception and re-authenticate (redirect to login page).

case "TokenNotFound":
   await httpContext.ChallengeAsync();
   break; 

You can use an SQL server or basically any other database as a persistent storage. Just store the tokens in a new table (or collection if you are using some kind of NoSQL).

I'll close this now, but please reopen if you need more assistance from our end! :)

from aspnetcore-connect-sample.

Hi @mark-szabo , when I challenge the user they get stuck in a loop. I am thinking the authentication thinks the cookies the user has are valid so it is just redirecting them back, but the cookies aren't in the cache so then it challenges the user again etc. Any ideas?

from aspnetcore-connect-sample.