can't re-login with asp.net core identity

Question

I have an Angular app with ASP.NET Core backend. I manage user accounts with Identity. At fresh start, everything works fine, I can log in. Then I log out and want to log in once again. But this time, I get a 400 bad request code. The api path is correct (otherwise I couldn't log in the first time), as the login datas are. And on third try I can log in again. I think, it must be something with the tokens. I get this after a successful login:

And this after re-login:

In the Startup.cs I have this (ConfigureServices):

services.AddAntiforgery(options => { options.HeaderName = "X-XSRF-TOKEN"; });

And this (Configure):

app.Use(nextDelegate => context =>
            {
                string path = context.Request.Path.Value;
                string[] directUrls = { "/masterdata", "/production", "/forecast", "/planning", "/admin" };
                if (path.StartsWith("/api") || string.Equals("/", path) || directUrls.Any(url => path.StartsWith(url)))
                {
                    var tokens = antiforgery.GetAndStoreTokens(context);
                    context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions()
                    {
                        HttpOnly = false,
                        Secure = false,
                        IsEssential = true
                    });
                }
                return nextDelegate(context);
            });

This are the involved methods in the AccountController.cs:

private async Task<bool> DoLoginUser(LoginModel LoginUser)
        {
            AppUser User = await UserManager.FindByNameAsync(LoginUser.UserName);
            if (User != null)
            {
                await SignInManager.SignOutAsync();
                Microsoft.AspNetCore.Identity.SignInResult Result = await SignInManager.PasswordSignInAsync(User, LoginUser.Password, false, false);
                return Result.Succeeded;
            }
            return false;
        }

[AllowAnonymous]
        [HttpPost("api/account/login")]
        public async Task<IActionResult> LoginUser([FromBody] LoginModel LoginUser)
        {
            if (ModelState.IsValid && await DoLoginUser(LoginUser))
            {
                AppUser User = await UserManager.FindByNameAsync(LoginUser.UserName);
                User.RoleName = UserManager.GetRolesAsync(User).Result.FirstOrDefault();
                return Json(new
                {
                    User.Id,
                    User.UserName,
                    User.RealName,
                    Email = "",
                    Password = "",
                    User.RoleName,
                    User.AppTheme
                });
            }
            return Json(false);
        }

[HttpPost("api/account/logout")]
        public async Task<IActionResult> LogoutUser()
        {
            await SignInManager.SignOutAsync();
            return Ok();
        }

And on the client side:

  login() {
    this.authenticated = false;
    return this.service.login(this.name, this.password).pipe(
      map(response => {
        if (response) {
          this.authenticated = true;
          this.password = null;
          this.user = <User>response;
          this.cookieService.set("userName", this.user.userName);
          this.cookieService.set("userRealName", this.user.realName);
          this.cookieService.set("userRoleName", this.user.roleName);
          this.cookieService.set("userId", this.user.id.toString());
          return this.user;
        }
        return this.authenticated;
      }),
      catchError(e => {
        this.authenticated = false;
        return of(false);
      }));
  }

  logout() {
    this.authenticated = false;
    this.cookieService.deleteAll();
    this.service.logout();
    this.router.navigateByUrl("/");
  }

Why is this?

Thanks.

question from:https://stackoverflow.com/questions/65943723/cant-re-login-with-asp-net-core-identity

Answer 1

Waitting for answers