Asp.net core Identity successful login redirecting back to login page

In order to get the ASP.NET Core pipeline to recognise that a user is signed in, a call to UseAuthentication is required in the Configure method of your Startup class, like so:

app.UseAuthentication();
app.UseMvc(); // Order here is important (explained below).

Using the Cookies authentication scheme, the use of UseAuthentication loosely performs the following:

  • Reads the content of the .AspNetCore.Identity.Application cookie from the request, which represents the identity of the user making the request.
  • Populates the User property of HttpContext with a ClaimsPrincipal that represents said user.

This is a simplified explanation of what happens, but it highlights the important job that the authentication middleware performs. Without the authentication middleware, the .AspNetCore.Identity.Application will not be used for authenticating the user and therefore the user will not be authenticated. In your case, although the user has signed in (i.e. the cookie is being set), the pipeline middleware (e.g. MVC) does not see this user (i.e. the cookie is not being read) and so sees an unauthenticated request and redirects again for login.

Given that the authentication middleware reads the cookie and subsequently populates the ClaimsPrincipal, it should be clear that the UseAuthentication call must also be before the UseMvc call in order for this to occur in the correct order. Otherwise, the MVC middleware runs before the Authentication middleware and will not be working with a populated ClaimsPrincipal.

Why is it failing to login if you don't add the middleware that handles the login?!?

The middleware doesn't handle the login - it handles the authentication process. The user has logged in, which is confirmed by the presence of the .AspNetCore.Identity.Application cookie. What is failing here is the reading of said cookie.


Note that the order is IMPORTANT. I had these reversed and experienced the exact same problem the original poster experienced. Hours wasted before I figured this out...

    app.UseAuthentication();
    app.UseAuthorization();