I have this old MVC5 application that uses forms authentication in the simplest possible form. There is only one account stored in web.config, there are no roles etc.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" timeout="30">
<credentials passwordFormat="Clear">
<user name="some-user" password="some-password" />
</credentials>
</forms>
</authentication>
The login routine just calls
FormsAuthentication.Authenticate(name, password);
And that's it. Is there something similar (in terms of simplicity) in asp.net core?
Implementing security in a site has the following aspects: Authentication : It is the process of ensuring the user's identity and authenticity. ASP.NET allows four types of authentications: Windows Authentication.
Authentication is the process of determining a user's identity. Authorization is the process of determining whether a user has access to a resource. In ASP.NET Core, authentication is handled by the authentication service, IAuthenticationService, which is used by authentication middleware.
ASP.NET supports Forms Authentication, Passport Authentication, and Windows authentication providers.
Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application.
It is not that simple :)
In the Startup.cs, configure method.
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.LoginPath = "/Home/Login";
});
Add Authorize attribute to protect the resources you want to secure.
[Authorize]
public IActionResult Index()
{
return View();
}
In the Home Controller, Login Post action method, write the following method.
var username = Configuration["username"];
var password = Configuration["password"];
if (authUser.Username == username && authUser.Password == password)
{
var identity = new ClaimsIdentity(claims,
CookieAuthenticationDefaults.AuthenticationScheme);
HttpContext.Authentication.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
return Redirect("~/Home/Index");
}
else
{
ModelState.AddModelError("","Login failed. Please check Username and/or password");
}
Here is the github repo for your reference : https://github.com/anuraj/CookieAuthMVCSample
To add to Anuraj's answer - a number of classes have been deprecated for .Net Core 2. FYI:
Startup.cs - In ConfigureServices:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o => o.LoginPath = new PathString("/account/login"));
Startup.cs - In Configure:
app.UseAuthentication();
In your account/login controller method/wherever you're doing your authentication:
var claims = new[] { new Claim(ClaimTypes.Name, "MyUserNameOrID"),
new Claim(ClaimTypes.Role, "SomeRoleName") };
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
// Do your redirect here
Sources: https://github.com/aspnet/Announcements/issues/232
https://github.com/aspnet/Security/issues/1310
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With