Menu
In ASP.NET Core 2.0 the .UseAuthentication() middleware has a breaking change that no longer allows the old syntax mentioned here to work.
The new version appears to deal with config in addAuthentication, but I can't find any details anywhere on how to change my old code that specified a custom login and logout url.
services.AddAuthentication(o =>
{
// Where can I specify this?????
var opt = new CookieAuthenticationOptions()
{
LoginPath = "/api/login",
LogoutPath = "/api/logout",
};
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
Any help would be appreciated...
358
There are 3 steps for using cookie authentication. First is to add authentication middleware with the AddAuthentication and AddCookie methods. Secondly, specify the app must use authentication & authorization. Finally apply the [Authorize] attribute on the controllers and actions that require the cookie authorization.
For example, when using ASP.NET Core Identity, AddAuthentication is called internally. The Authentication middleware is added in Startup.Configure by calling UseAuthentication. Calling UseAuthentication registers the middleware that uses the previously registered authentication schemes.
Cookies are represented as key-value pairs, and you can take advantage of the keys to read, write, or delete cookies. ASP.NET Core uses cookies to maintain session state; the cookie that contains the session ID is sent to the client with each request.
Updated as this has changed slightly again in the 2.0 RTM bits
It turns out it's a lot easier than expected, but as the official documentation hasn't been updated yet, here is exactly what works for plain Cookie auth:
Configuration:
In ConfigureServices() configure the specific Authentication mechanism:
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
o.LoginPath = "/api/login";
o.LogoutPath = "/api/logout";
// additional config options here
});
Then in Configure() to actually hook up the middleware:
app.UseAuthentication();
Using the Auth Components
Then to use the actual Auth components the logic has shifted from the HttpContext.Authentication object, down to just HttpContext in application logic like controller code:
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
or:
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With