What does `HTTPContext.SignInAsync` do behind the scenes?

Question

I am interested in building my own login system, which keeps me away from the out of the box Identity, which hides a lot of details.

I was taking a look at Authentication using cookies.

https://dotnetcoretutorials.com/2017/09/16/cookie-authentication-asp-net-core-2-0/

Talking about the details of signing process which happens behind the scenes (saving sessions, cookies, writing something to the database, etc...). I am interested to know:

What does HTTPContext.SignInAsync function do to my HTTP request and response exactly? Or in other words, how does this function sign someone in?

Answer 1

Note that the code has been changed, below is for version active in 2017 when the question was asked.

https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions/

https://github.com/aspnet/HttpAbstractions

New github link:

https://github.com/dotnet/aspnetcore

This is a start, from here you can follow the code depending on what you want to know.

Default AuthenticationService in Microsoft.AspNetCore.Authentication

public virtual async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) {     if (principal == null)     {         throw new ArgumentNullException(nameof(principal));     }      if (scheme == null)     {         var defaultScheme = await Schemes.GetDefaultSignInSchemeAsync();         scheme = defaultScheme?.Name;         if (scheme == null)         {             throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found.");         }     }      var handler = await Handlers.GetHandlerAsync(context, scheme);     if (handler == null)     {         throw await CreateMissingSignInHandlerException(scheme);     }      var signInHandler = handler as IAuthenticationSignInHandler;     if (signInHandler == null)     {         throw await CreateMismatchedSignInHandlerException(scheme, handler);     }      await signInHandler.SignInAsync(principal, properties); } 

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs#L142

Possible override from Microsoft.AspNetCore.Http.Authentication.Internal DefaultAuthenticationManager

public override async Task SignInAsync(string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties) {     if (string.IsNullOrEmpty(authenticationScheme))     {         throw new ArgumentException(nameof(authenticationScheme));     }      if (principal == null)     {         throw new ArgumentNullException(nameof(principal));     }  #pragma warning disable CS0618 // Type or member is obsolete     var handler = HttpAuthenticationFeature.Handler; #pragma warning restore CS0618 // Type or member is obsolete      var signInContext = new SignInContext(authenticationScheme, principal, properties?.Items);     if (handler != null)     {         await handler.SignInAsync(signInContext);     }      if (!signInContext.Accepted)     {         throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}");     } } 

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Http/Authentication/DefaultAuthenticationManager.cs#L133