Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Asp.Net Core - simplest possible forms authentication

I have this old MVC5 application that uses forms authentication in the simplest possible form. There is only one account stored in web.config, there are no roles etc.

<authentication mode="Forms">
  <forms loginUrl="~/Login/Index" timeout="30">
    <credentials passwordFormat="Clear">
      <user name="some-user" password="some-password" />
    </credentials>
  </forms>
</authentication>

The login routine just calls

FormsAuthentication.Authenticate(name, password);

And that's it. Is there something similar (in terms of simplicity) in asp.net core?

like image 732
Pelle Avatar asked May 17 '17 07:05

Pelle


People also ask

How many types of authentication are there in ASP.NET Core?

Implementing security in a site has the following aspects: Authentication : It is the process of ensuring the user's identity and authenticity. ASP.NET allows four types of authentications: Windows Authentication.

How do I authenticate in .NET core?

Authentication is the process of determining a user's identity. Authorization is the process of determining whether a user has access to a resource. In ASP.NET Core, authentication is handled by the authentication service, IAuthenticationService, which is used by authentication middleware.

What are the three forms of authentication available for securing an ASP.NET website?

ASP.NET supports Forms Authentication, Passport Authentication, and Windows authentication providers.

What is form authentication in ASP.NET with example?

Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application.


2 Answers

It is not that simple :)

  1. In the Startup.cs, configure method.

    app.UseCookieAuthentication(options =>
    {
      options.AutomaticAuthenticate = true;
      options.AutomaticChallenge = true;
      options.LoginPath = "/Home/Login";
    });
    
  2. Add Authorize attribute to protect the resources you want to secure.

    [Authorize]
    public IActionResult Index()
    {
      return View();
    }
    
  3. In the Home Controller, Login Post action method, write the following method.

    var username = Configuration["username"];
    var password = Configuration["password"];
    if (authUser.Username == username && authUser.Password == password)
    {
      var identity = new ClaimsIdentity(claims, 
          CookieAuthenticationDefaults.AuthenticationScheme);
    
      HttpContext.Authentication.SignInAsync(
        CookieAuthenticationDefaults.AuthenticationScheme,
        new ClaimsPrincipal(identity));
    
      return Redirect("~/Home/Index");
    }
    else
    {
      ModelState.AddModelError("","Login failed. Please check Username and/or password");
    }
    

Here is the github repo for your reference : https://github.com/anuraj/CookieAuthMVCSample

like image 169
Anuraj Avatar answered Oct 16 '22 18:10

Anuraj


To add to Anuraj's answer - a number of classes have been deprecated for .Net Core 2. FYI:

Startup.cs - In ConfigureServices:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(o => o.LoginPath = new PathString("/account/login"));

Startup.cs - In Configure:

app.UseAuthentication();

In your account/login controller method/wherever you're doing your authentication:

var claims = new[] { new Claim(ClaimTypes.Name, "MyUserNameOrID"),
    new Claim(ClaimTypes.Role, "SomeRoleName") };

var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

await context.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme, 
    new ClaimsPrincipal(identity));
// Do your redirect here

Sources: https://github.com/aspnet/Announcements/issues/232

https://github.com/aspnet/Security/issues/1310

like image 38
AndyP9 Avatar answered Oct 16 '22 18:10

AndyP9