Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more

AI OnAI Off

Upgrading AspNetIdentity to Optimizely 12 ASP.NET Core Identity

Rajveer Singh
Rajveer Singh
Vote:
 

Hi,

I am migrating my .net framework application from version 11 to 12, the application is working fine in my localhost. But when i deployed the same in DXP Intergation environement(https://intecore.connectinvest.com/ ref URL) getting below error message when i am trying to login.

Refer below error logs:

2025-02-20T12:54:22.174279598Z     fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
2025-02-20T12:54:22.174308284Z           An unhandled exception has occurred while executing the request.
2025-02-20T12:54:22.174313332Z           System.InvalidOperationException: Headers are read-only, response has already started.
2025-02-20T12:54:22.174317522Z              at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowHeadersReadOnlyException()
2025-02-20T12:54:22.174321486Z              at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_SetCookie(StringValues value)
2025-02-20T12:54:22.174325802Z              at Microsoft.AspNetCore.Http.ResponseCookies.Append(String key, String value, CookieOptions options)
2025-02-20T12:54:22.174329533Z              at Microsoft.AspNetCore.CookiePolicy.ResponseCookiesWrapper.Append(String key, String value, CookieOptions options)
2025-02-20T12:54:22.174333473Z              at EPiServer.Framework.DependencyInjection.Internal.VisitorGroupResourceFilter.OnResourceExecutionAsync(ResourceExecutingContext context, ResourceExecutionDelegate next)
2025-02-20T12:54:22.174337780Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
2025-02-20T12:54:22.174342504Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeNextResourceFilter()
2025-02-20T12:54:22.174346614Z           --- End of stack trace from previous location ---
2025-02-20T12:54:22.174350029Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
2025-02-20T12:54:22.174353530Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
2025-02-20T12:54:22.174357183Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
2025-02-20T12:54:22.174360657Z           --- End of stack trace from previous location ---
2025-02-20T12:54:22.174363902Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
2025-02-20T12:54:22.174367523Z              at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
2025-02-20T12:54:22.174372620Z              at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
2025-02-20T12:54:22.174376594Z              at UnknownActionMiddleware.InvokeAsync(HttpContext context) in C:\Tools\ConnectInvest\ConnectInvestWeb\ConnectInvest.Core.Shared\UnknownActionMiddleware.cs:line 28
2025-02-20T12:54:22.174398097Z              at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
2025-02-20T12:54:22.174401734Z              at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
2025-02-20T12:54:22.174405403Z              at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
2025-02-20T12:54:22.174408882Z              at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
2025-02-20T12:54:22.174412937Z              at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2025-02-20T12:54:22.177504246Z     fail: Microsoft.AspNetCore.Server.Kestrel[13]
2025-02-20T12:54:22.177528180Z           Connection id "0HNAHIIUQ23IE", Request id "0HNAHIIUQ23IE:00000009": An unhandled exception was thrown by the application.
2025-02-20T12:54:22.177533596Z           System.InvalidOperationException: Headers are read-only, response has already started.
2025-02-20T12:54:22.177537936Z              at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowHeadersReadOnlyException()
2025-02-20T12:54:22.177542456Z              at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_SetCookie(StringValues value)

 

And, below is my Startup configuration for Indentity:

// Configure cookie authentication
services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
    options.LoginPath = new PathString("/UserAccount/Login");
    options.LogoutPath = new PathString("/UserAccount/LogOff");
    options.Cookie.HttpOnly = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;  // Ensure cookies are only sent over HTTPS
    options.ExpireTimeSpan = TimeSpan.FromHours(5);  // Use your 'rememberMePeriod' here
    options.SlidingExpiration = false;

    // Identity validation (security stamp validation every 5 minutes)
    options.Events = new CookieAuthenticationEvents
    {
        OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync
    };
});
// Add authorization policies if needed
services.AddAuthorization(options =>
{
    options.AddPolicy("CmsAccess", policy =>
        policy.RequireRole("CmsAdmins", "CmsEditors", "WebAdmins", "WebEditors"));  // Required roles for accessing CMS
});

services
 .AddCmsAspNetIdentity<ApplicationUser>()
 .AddCms()
 .AddFind()
 .AddEmbeddedLocalization<Startup>();

// Ensure correct registration of ApplicationDbContext for Optimizely Identity
services.AddDbContext<ApplicationDbContext<ApplicationUser>>(options =>
options.UseSqlServer(Configuration.GetConnectionString("EPiServerDB")));  // Ensure your connection string is correct

Please suggest where i am missing.

Many thanks.

 

#336942
Feb 20, 2025 16:39
Johan Kronberg
Johan Kronberg
Vote:
 

Take a look into what AddCmsAspNetIdentity() does. It might already do some of the stuff you do above which causes some type of conflict.

Also compare with the Startup.cs in an Alloy site.

#337127
Mar 06, 2025 11:49
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.