We Keep Coding

.NetCore 5 session is not starting after publish

I'm working with .NetCore API and MVC. Everything works on the local server. But the session does not occur after publishing the site.
The operation of the project is as follows:
User come with token ID to website.
I'm parsing it and then saving important variables to session.
I'm getting values from session.
...
As you can see If I get error on session other steps will fail.
I tried too many ways but none of them worked.
I'm adding Startup.cs/ConfigureServices and Configure methods.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddRazorPages().AddRazorRuntimeCompilation();
services.AddMvc().AddControllersAsServices();
services.AddWkhtmltopdf("wkhtmltopdf");
services.AddHttpContextAccessor();
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(600);//You can set Time
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
});
services.AddAuthentication();
services.AddScoped<Business.Business, Business.Business>();
services.AddSingleton<SharedViewLocalizer>();
#region Localization and Language
services.AddLocalization(options => options.ResourcesPath = "Resources");
services.Configure<RequestLocalizationOptions>(options =>
{
var cultures = new[] {
new CultureInfo("tr-TR"),
new CultureInfo("en-US"),
new CultureInfo("de-DE"),
};
options.DefaultRequestCulture = new RequestCulture("en-US");
options.SupportedCultures = cultures;
options.SupportedUICultures = cultures;
});
#endregion
services.AddMvc(option =>
{
option.EnableEndpointRouting = false;
})
.AddViewLocalization(LanguageViewLocationExpanderFormat.Suffix,
opts => { opts.ResourcesPath = "Resources"; })
.AddDataAnnotationsLocalization();
services.AddRazorPages();
services.AddServerSideBlazor();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseDeveloperExceptionPage();
//app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
#region Language Options
var options = app.ApplicationServices.GetService<IOptions<RequestLocalizationOptions>>();
var cookieProvider = options.Value.RequestCultureProviders
.OfType<CookieRequestCultureProvider>()
.First();
var urlProvider = options.Value.RequestCultureProviders
.OfType<QueryStringRequestCultureProvider>().First();
cookieProvider.Options.DefaultRequestCulture = new RequestCulture("tr-TR");
urlProvider.Options.DefaultRequestCulture = new RequestCulture("tr-TR");
cookieProvider.CookieName = CookieRequestCultureProvider.DefaultCookieName;
options.Value.RequestCultureProviders.Clear();
options.Value.RequestCultureProviders.Add(cookieProvider);
options.Value.RequestCultureProviders.Add(urlProvider);
app.UseRequestLocalization(options.Value);
#endregion
app.UseHttpsRedirection();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseSession();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
#region Routing
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
"areas",
"{area:exists}/{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Login}/{id?}");
endpoints.MapRazorPages();
//endpoints.MapBlazorHub();
//endpoints.MapFallbackToController("Index", "Home");
});
#endregion
}

options.Cookie.SameSite = SameSiteMode.None must be used to allow cross-site cookie use.
https://learn.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-5.0
The order of middleware is important. Call UseSession after UseRouting and before UseEndpoints. See Middleware Ordering.
https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-5.0
If your production environment consists of multiple servers, the easy way out (but not the recommended way), is to enable sticky sessions in your load balancer.
Using distributed cache is the recommended way when using multiple servers. More info: https://dzone.com/articles/aspnet-core-session-storage-strategies
You should consider not to use sessions at all, that will make things a lot easier for you.

How to change ".AspNetCore.Identity.Application" cookie expiration?

I'm using ASP.NET Core with Identity Server and Open Id Connect as described here. I need to change the time of authentication cookie expiration when the Remember Me option is set (14 days by default). I can see that the cookie named ".AspNetCore.Identity.Application" is responsible for that. I'm trying to set the expiration like this:
.AddCookie(options =>
{
options.Cookie.Expiration = TimeSpan.FromDays(1);
options.ExpireTimeSpan = TimeSpan.FromDays(1);
})
But it affects another cookie named ".AspNetCore.Cookies" (containing the same token value), which has Session expiration and doesn't seem to do anything. All the ways to change expiration that I found modify only the ".AspNetCore.Cookies" cookie, I couldn't find any way to modify the ".AspNetCore.Identity.Application" cookie. (By the way, the services.ConfigureApplicationCookie method isn't triggered for me at all for some reason).
Could anyone please explain what is the difference between these two cookies and how can I modify the ".AspNetCore.Identity.Application" expiration?
My code in Startup.ConfigureServices
services.AddMvc(options =>
{
// ...
})
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyNames.UserPolicy, policyBuilder =>
{
// ...
});
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
options.AccessDeniedPath = "/AccessDenied";
options.SlidingExpiration = true;
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "<authority>";
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
// ...
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "MyCookie";
options.Cookie.Expiration = TimeSpan.FromDays(1);
options.ExpireTimeSpan = TimeSpan.FromDays(1);
});

As Kirk Larkin said ".AspNetCore.Identity.Application" cookie is probably set by the Identity Server application that make use of Asp.Net Identity.
So if you want to manage the user session on the IS4 app you need to configure it there.
IS4 application: ".AspNetCore.Identity.Application" cookie.
If you use Identity to configure the cookie as persistent you need to set the expiration when you sign in the user.
var props = new AuthenticationProperties {
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
await HttpContext.SignInAsync(userId, userName, props);
If you don't set IsPersistent=true then the cookie has session lifetime and you can set the contained authentication ticket expiration like this:
.AddCookie(options => {
options.Cookie.Name = "idsrv_identity";
options.ExpireTimeSpan = TimeSpan.FromHours(8);
options.SlidingExpiration = true;
});
Your client application: : ".AspNetCore.Cookies" cookie.
services.ConfigureApplicationCookie isn't called because if you use .AddCookie(...) this takes the precedence. The options are the same.
This set the app cookie as session.
.AddCookie(options => {
options.Cookie.Name = "myappcookie";
options.ExpireTimeSpan = TimeSpan.FromHours(8);
options.SlidingExpiration = true;
});
A way to make the app cookie persistent using OIDC is to set the expiration in the OnSigningIn event in AddCookie.
options.Events.OnSigningIn = (context) =>
{
context.CookieOptions.Expires = DateTimeOffset.UtcNow.AddDays(30);
return Task.CompletedTask;
};
A note about user session.
Every situation is different, so there isn't a best solution, but remember that you have to take care of two user session. One on the IS4 app and one on your client app. These can go out of sync. You need to think if a persistent user session on your client app make sense. You don't want that your user remains logged in your client app when the central SSO (single sign-on) session is expired.

After scrambled through the both AspNetCore 3.1 & IdentityServer 4.0.4 repo,
I found the working way to set default authentication cookie option .
TD;LR:
// in Startup.ConfigureService(IServiceCollection services)
services.PostConfigure<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme, option =>
{
option.Cookie.Name = "Hello"; // change cookie name
option.ExpireTimeSpan = TimeSpan.FromSeconds(30); // change cookie expire time span
});
Full Setup:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddRazorPages();
// cookie policy to deal with temporary browser incompatibilities
services.AddSameSiteCookiePolicy();
services.AddDefaultAllowAllCors();
// setting up dbcontext for stores;
services.AddDbContext<ApplicationDbContext>(ConfigureDbContext);
services
.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultUI()
.AddDefaultTokenProviders();
// read clients from https://stackoverflow.com/a/54892390/4927172
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.UserInteraction.LoginUrl = "/identity/account/login";
options.IssuerUri = _configuration.GetValue<string>("IdentityServer:IssuerUri");
})
.AddAspNetIdentity<ApplicationUser>()
.AddDeveloperSigningCredential()
.AddConfigurationStore<ApplicationConfigurationDbContext>(option => option.ConfigureDbContext = ConfigureDbContext)
.AddOperationalStore<ApplicationPersistedGrantDbContext>(option => { option.ConfigureDbContext = ConfigureDbContext; })
.AddJwtBearerClientAuthentication()
.AddProfileService<ApplicationUserProfileService>();
services.PostConfigure<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme, option =>
{
option.Cookie.Name = "Hello";
option.ExpireTimeSpan = TimeSpan.FromSeconds(30);
});
services.AddScoped<Microsoft.AspNetCore.Identity.UI.Services.IEmailSender, EmailSender>();
services.Configure<SmsOption>(_configuration);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// use this for persisted grants store
InitializeDatabase(app);
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseDefaultAllowAllCors();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseStatusCodePages(async context =>
{
var response = context.HttpContext.Response;
if (response.StatusCode == StatusCodes.Status401Unauthorized ||
response.StatusCode == StatusCodes.Status403Forbidden)
response.Redirect("/identity/account/login");
if (context.HttpContext.Request.Method == "Get" && response.StatusCode == StatusCodes.Status404NotFound)
{
response.Redirect("/index");
}
});
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
endpoints.MapRazorPages();
});
}

Adding this line before services.AddAuthentication is what worked for me eventually with IS4, taken from this github issue:
services.ConfigureApplicationCookie(x =>
{
x.ExpireTimeSpan = TimeSpan.FromDays(1);
});

I followed the sample AuthSamples.Cookies of the Github aspnetcore sources.
public void ConfigureServices(IServiceCollection services)
{
...
// Example of how to customize a particular instance of cookie options and
// is able to also use other services.
services.AddSingleton<IConfigureOptions<CookieAuthenticationOptions>, ConfigureMyCookie>();
}
internal class ConfigureMyCookie : IConfigureNamedOptions<CookieAuthenticationOptions>
{
// You can inject services here
public ConfigureMyCookie()
{
}
public void Configure(string name, CookieAuthenticationOptions options)
{
// Identityserver comes with two cookies:
// Identity.Application
// Identity.External
// you can change the options here
{
options.ExpireTimeSpan = TimeSpan.FromHours(8);
}
}
public void Configure(CookieAuthenticationOptions options)
=> Configure(Options.DefaultName, options);
}

Random: Unable to bind to http://localhost:28575 on the IPv4 loopback interface: 'Error -4092 EACCES permission denied' in .Net Core

Most recently, the software is shutting down periodically, and this is usually displayed in the logs:
Unable to bind to http://localhost:28575 on the IPv4 loopback interface: 'Error -4092 EACCES permission denied'.
This port(28575) is constantly changing! Although I've used this code:
.UseUrls("http://localhost:29983")
Of course, sometimes, without recording any exception in logs, an error 403 is displayed and the software shutting down.
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection();
services.AddScoped<IUnitOfWork, UnitOfWork>();
services.AddDbContext<AppDbContext>(options => options.UseSqlServer("Server =.;Database=***;User Id=***;Password=***;MultipleActiveResultSets=true;",b=> b.UseRowNumberForPaging()));
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequiredUniqueChars = 1;
}).AddEntityFrameworkStores<AppDbContext>().AddDefaultTokenProviders();
services.AddSingleton<IUnitOfWork, UnitOfWork>();
// store cache in db :
services.AddSession();
services.AddSingleton<Microsoft.AspNetCore.Authentication.Cookies.ITicketStore, Controllers.DistributedCacheTicketStore>();
services.AddDistributedSqlServerCache(options =>
{
options.ConnectionString = #"Server =.;Database=***;User Id=***;Password=***;MultipleActiveResultSets=true;";
options.SchemaName = "dbo";
options.TableName = "AppSqlCache";
});
services.AddAuthorization(options =>
{
options.AddPolicy("myAuthorize", policy => policy.Requirements.Add(new Controllers.HasScopeRequirement("myAuthorize")));
});
services.AddSingleton<Microsoft.AspNetCore.Authorization.IAuthorizationHandler, Controllers.HasScopeHandler>();
services.AddMvcActionsDiscoveryService();
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.SessionStore = services.BuildServiceProvider().GetService<Microsoft.AspNetCore.Authentication.Cookies.ITicketStore>();
options.ExpireTimeSpan = TimeSpan.FromDays(5);
options.SlidingExpiration = true;
options.AccessDeniedPath = "/Home/AccessDenied";
options.Events.OnRedirectToLogin = context =>
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
};
});
services.AddMvc();
services.Configure<GzipCompressionProviderOptions>(options => options.Level = System.IO.Compression.CompressionLevel.Optimal);
services.AddResponseCompression();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseStatusCodePagesWithReExecute("/Home/error/{0}");
app.UseExceptionHandler("/Home/error/{0}");
app.UseStaticFiles(new StaticFileOptions
{
OnPrepareResponse = context =>
{
// Cache static file for 1 year
if (!string.IsNullOrEmpty(context.Context.Request.Query["v"]))
{
context.Context.Response.Headers.Add("cache-control", new[] { "public,max-age=2628000" }); // month=2628000, year = 31536000
context.Context.Response.Headers.Add("Expires", new[] { DateTime.UtcNow.AddMonths(1).ToString("R") }); // Format RFC1123
}
}
});
app.UseResponseCompression();
app.UseAuthentication();
app.UseSession();
app.UseMvc(routes =>
{
routes.MapRoute("AreaRoute", "{area:exists}/{controller=Account}/{action=Login}/{id?}");
routes.MapRoute("FirstPage", "{controller=Account}/{action=Login}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
SeedData.EnsurePopulated(app);
}

I got this error today. In my case there was a OS update pending on my laptop. I'm not certain why that should be preventing access to a port but a re-start did the trick for me.

Aspnet Core Identity Redirects to HTTP even UseHttpsRedirection defined in startup

Having scaffolded the Identity Area in Aspnet Core 2.1. with this startup class:
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// AppSettings.json
//
services.Configure<AppSettings>(Configuration.GetSection("ProvidersSettings"));
// IdentityUser settings
//
services.Configure<IdentityOptions>(options =>
{
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._#+";
options.User.RequireUniqueEmail = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddMvc(options =>
{
// All MvcControllers are hereby "Authorize". Use AllowAnonymous to give anon access
//
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
options.Filters.Add(new AuthorizeFilter(policy));
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});
// IdentityModel
//
services.AddSingleton<IDiscoveryCache>(r =>
{
var url = Configuration["ProvidersSettings:IdentityServerEndpoint"];
var factory = r.GetRequiredService<IHttpClientFactory>();
return new DiscoveryCache(url, () => factory.CreateClient());
});
// HttpContext injection
//
services.AddHttpContextAccessor();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, UserManager<IdentityUser> userManager, ApplicationDbContext dbContext)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
It works in development. But in production it doesn't stay on https. It redirects to http and this path:
/Identity/Account/Login?ReturnUrl=%2F
On localhost it works correctly with both IIS express and "program".
Any ideas are most helpful. Thanks.

Asp.net Core 2 Identity Login session lost on Service Fabric Cluster multi machine

Asp.net Core 2 app hosted on Service Fabric, with 1 node type of 5 Virtual machines in a Virtual Machine Scale Set.
In local all works perfectly, but when the app is live, after the login, while browsing the pages (where the authentication is required) asks again for the login, multiple times losing the authentication session. It stops for a while after 4 or 5 logins.
Also the "remember me feature" does not work and the session last for like 10 minutes.
I think this has something to do with the app being hosted on multiple machines, it's like any single machine requires it's own login.
I did hours of researches, changing the cookie settings, using the SameSiteMode.None and Sliding expiration but couldn't figure it out, I suspect all the machines in the farm must have the same machine key for decrypting the authentication cookie.
Do I have to set a single Machine Key to make this work? How do I do that?
This is my config code in startup:
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = false;
options.Password.RequiredUniqueChars = 4;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 15;
options.Lockout.AllowedForNewUsers = true;
options.SignIn.RequireConfirmedEmail = true;
options.SignIn.RequireConfirmedPhoneNumber = false;
// User settings
options.User.RequireUniqueEmail = true;
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.Name = "LoginCookie";
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromHours(12);
options.LoginPath = "/Console/Account/Login";
options.LogoutPath = "/Console/Account/Logout";
options.AccessDeniedPath = "/Console/Account/AccessDenied";
options.SlidingExpiration = true;
});

I've analogical issue ASP.NET Core 2 mvc with identity.app hosted on shared hosting.User lost identity unexpected. Locally it works very fine. Here is my Startup:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<GanDrorIdentityDb>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), b => b.MigrationsAssembly("GanDror")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<GanDrorIdentityDb>()
.AddDefaultTokenProviders();
services.Configure<SMPTConfig>(Configuration.GetSection("SMTPConfigSection"));
// Configure Identity
services.Configure<IdentityOptions>(identityOptions =>
{
// Password settings
identityOptions.Password.RequireDigit = true;
identityOptions.Password.RequiredLength = 6;
identityOptions.Password.RequireNonAlphanumeric = false;
identityOptions.Password.RequireUppercase = false;
identityOptions.Password.RequireLowercase = false;
// // Lockout settings
identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
identityOptions.Lockout.MaxFailedAccessAttempts = 10;
// User settings
identityOptions.User.RequireUniqueEmail = true;
});
// Cookie settings
services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.Strict;
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromDays(100);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/LogOut");
.options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
});
//var environment = services.BuildServiceProvider().GetRequiredService<IHostingEnvironment>();
//services.AddDataProtection()
// .SetApplicationName($"my-app-{environment.EnvironmentName}")
// .PersistKeysToFileSystem(new System.IO.DirectoryInfo($#"{environment.ContentRootPath}\keys"));
// services.AddDataProtection();
services.AddMvc();
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});
// Add application services.
services.AddScoped<IRepository<User>, UserRepository>();
services.AddScoped<IRepository<Photo>, PhotoRepository>();
services.AddScoped<IRepository<GanActivity>, ActivityRepository>();
services.AddScoped<IRepository<CategoryActivity>, CategoryRepository>();
services.AddSingleton<IEmailSender, EmailSender>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env,IServiceProvider serviceProvider, ILoggerFactory loggerFactory)// RoleManager<ApplicationRole> roleManager, UserManager<ApplicationUser> userManager)
{
// loggerFactory.AddConsole(Configuration.GetSection("Logging"));
//loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options);
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
//app.UseMvc(routes =>
//{
// routes.MapRoute(
// name: "default",
// template: "{controller=Home}/{action=Index}/{id?}");
//});
CreateRoles(serviceProvider).Wait();
}

In your Azure load balancer configuration:
Ensure that "Client IP and protocol" is set als session persistence in the rules for your endpoints (ssl and non ssl)

I suggest to have a look on settings that are different between the ServiceFabric env and the local one.
I had similar issue which I spent hours to understand. Finally it was a ValidIssuer property that was set from a setting file (Settings.xml as a default values and ApplicationManifest.xml which is loaded only on ServiceFabric env). The default value in Settings.xml was correct but the ApplicationManifest.xml value was wrong, thus validation failed and HttpContext.User was set to anonymous unauthenticated WindowsPrincipal.