Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AspNet Core CookieAuthentication with injected SessionStore

Tags:

asp.net-core-2.0

During migration of an ASPNetCore 1.1 Project to ASPNetCore 2.0, we stumbled upon a Problem with the Cookie-AuthN and its SessionStore.

ASP.NET Core 1 allowed us to do something like that:

public void ConfigureServices(...) {
    Services.AddDistributedSqlServerCache(...);
    Services.AddSingleton<DistributedCookieSessionStore>(); /// SQL based store
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory) {
    var cookieOptions = app.ApplicationServices.GetRequiredService<IOptions<CookieAuthenticationOptions>>().Value;
    cookieOptions.SessionStore = app.ApplicationServices.GetRequiredService<DistributedCookieSessionStore>();

    app.UseCookieAuthentication(cookieOptions);
}

Messy, but doing its Job.

Now with ASP.NET Core 2 app.UseAuthentication() does not have a signature allowing to modify the options, and I am not able to use DI, to get a hold of the session store.

like image 475
TGlatzer Avatar asked Aug 28 '17 07:08

TGlatzer

People also ask

What is CookieAuthenticationDefaults?

CookieAuthenticationDefaults. AuthenticationScheme provides “Cookies” for the scheme. In AddCookie extension method, set the LoginPath property of CookieAuthenticationOptions to “/account/login”. CookieAuthenticationOptions class is used to configure the authentication provider options. In Configure method of Startup.

What is ITicketStore?

The ITicketStore implementation is responsible for creating the authentication tickets. By default, these tickets are stored in a cookie which is then sent to the user.

How does cookie authentication work in net core?

ASP.NET Core provides a cookie authentication mechanism which on login serializes the user details in form of claims into an encrypted cookie and then sends this cookie back to the server on subsequent requests which gets validated to recreate the user object from claims and sets this user object in the HttpContext so ...

Does ASP.NET Core identity use cookies?

You do not need a separate CookieAuthentication middleware when you are using ASPNET identity. UseIdentity() will do that for you and generate a cookie. You can set the "cookie options" in the AddIdentity block of the application like so: services.

1 Answers

After long search I came accross this discussion https://github.com/aspnet/Security/issues/1338 where they mentioned IPostConfigureOptions interface. I put that together and this works for me:

1) Implement interface IPostConfigureOptions<CookieAuthenticationOptions>

public class PostConfigureCookieAuthenticationOptions : IPostConfigureOptions<CookieAuthenticationOptions>
{
    private readonly ITicketStore _ticketStore;

    public PostConfigureCookieAuthenticationOptions(ITicketStore ticketStore)
    {
        _ticketStore = ticketStore;
    }

    public void PostConfigure(string name, CookieAuthenticationOptions options)
    {
        options.SessionStore = _ticketStore;
    }
}

2) Register this implementation to the container in Startup.ConfigureServices method

services.AddSingleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>();

like image 118
pvasek Avatar answered Sep 28 '22 05:09

pvasek
Sign in to Comment

Related questions

Export to Excel in ASP.Net Core 2.0
Unexpected end of Stream, the content may have already been read by another component. Microsoft.AspNetCore.WebUtilities.MultipartReaderStream
Generate PDF in .Net core 2.0 using rdlc
aspnet core jwt token as get param
How to resize image after being uploaded in ASP.NET Core 2.0
HttpClientFactory - Get a named, typed client by its name
How exclude certain appsettings files from publishing
Why do I get a 404 trying to post a large file to a Core Web API
ASP.Net Core 2.0 - Referencing 'Microsoft.NET.Sdk.Web' and the 'PreserveCompilationContext' property is not set to false
Angular 4 throwing error EventSource's response has a MIME type ("text/html") that is not "text/event-stream" after migrating to .NetCore 2.0
How can we use HttpClient in ASP.Net Core?
How to include a library in .NET Core 2.0
Release of ASP.NET core App: The command "npm install" exited with code 9009
Simple way to keep Front-end Angular 5 and back-end Web API code separate?
Machine key in asp.net core 2.0?
AddEntityFrameworkStores can only be called with a role that derives from IdentityRole in .NET Core 2.0
Reference another json file in appsettings.json for ASP.NET Core configuration
The version of Microsoft.NET.Sdk used by this project is insufficient to support references to libraries targeting .NET Standard 1.5 or higher
Read appsettings.json from a class in .NET Core 2
Reading appsettings.json from .net standard library

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!