Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Arjan H. 221 posts 457 karma points c-trib
    Jun 10, 2022 @ 13:55
    Arjan H.
    1

    Keep being logged out after each build (v10)

    I keep being logged out of the backoffice after every single build action in Visual Studio which is pretty annoying when developing backoffice extensions. I'm developing an Umbraco 10.0.0-rc5 website using local IIS based on the following profile in launchSettings.json:

    "IIS": {
      "commandName": "IIS",
      "launchBrowser": false,
      "launchUrl": "https://example.local",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    

    The following appsettings don't help:

    Umbraco:Cms:Timeout = 01:00:01
    Umbraco:Cms:Security:KeepUserLoggedIn = true
    

    The UMB_UCONTEXT cookie is still available after each build and the expiration date is still in the future, but it looks like the authentication cookie is somehow being invalidated after a build action.

    I can start debugging and use the Hot Reload feature, but that's not a perfect solution either.

    Does anyone know how to prevent from being logged out after each build?

  • CookieTractor 1 post 81 karma points
    Jun 13, 2022 @ 10:29
    CookieTractor
    0

    Hi!

    If you are using IIS, then you need to configure the APP Pool to "Load User Profile", this is so that .NET Core can store the encryption keys in the User Profile for the APP Pool. This has solved similar issues for me.

    Let me know if it works for you.

    Cheers!

  • Arjan H. 221 posts 457 karma points c-trib
    Jun 13, 2022 @ 16:34
    Arjan H.
    0

    Thanks for the tip. However, the Load User Profile setting was already set to True for the application pool.

    enter image description here

    I've also tried creating a Local User through lusrmgr.msc. Added that user to the IIS_IUSRS group and configured the application pool to use this Identity instead of the built-in ApplicationPoolIdentity. But the authentication cookie is still being invalidated after each build / application pool recycle.

  • Arjan H. 221 posts 457 karma points c-trib
    Jun 13, 2022 @ 18:28
    Arjan H.
    1

    It turns out the setProfileEnvironment attribute was set to false in my local applicationHost.config. After setting this value to true I was able to (re)build my project in Visual Studio or recycle the application pool without being logged out of the backoffice, running on local IIS.

    https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/advanced?view=aspnetcore-6.0#data-protection

    Another option would be to configure the location where the DataProtection keys should be persisted to. By default the keys are persisted to the %LOCALAPPDATA%\ASP.NET\DataProtection-Keys folder.

    https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings?view=aspnetcore-6.0

    This could be customized using the following code in Startup.cs:

    services.AddDataProtection()
            // This helps surviving a restart: a same app will find back its keys. Just ensure to create the folder.
            .PersistKeysToFileSystem(new DirectoryInfo("\\MyKeys\\"))
            // This helps surviving a site update: each app has its own store, building the site creates a new app
            .SetApplicationName("MyWebsite")
            .SetDefaultKeyLifetime(TimeSpan.FromDays(90));
    
Please Sign in or register to post replies

Write your reply to:

Draft