I am interested in building my own login system, which keeps me away from the out of the box Identity
, which hides a lot of details.
I was taking a look at Authentication using cookies.
https://dotnetcoretutorials.com/2017/09/16/cookie-authentication-asp-net-core-2-0/
Talking about the details of signing process which happens behind the scenes (saving sessions, cookies, writing something to the database, etc...). I am interested to know:
What does HTTPContext.SignInAsync
function do to my HTTP request and response exactly? Or in other words, how does this function sign someone in?
SignInAsync(HttpContext, ClaimsPrincipal) Sign in a principal for the default authentication scheme. The default scheme for signing in can be configured using DefaultSignInScheme. SignInAsync(HttpContext, ClaimsPrincipal, AuthenticationProperties) Sign in a principal for the default authentication scheme.
CookieAuthenticationDefaults. AuthenticationScheme provides “Cookies” for the scheme. In AddCookie extension method, set the LoginPath property of CookieAuthenticationOptions to “/account/login”. CookieAuthenticationOptions class is used to configure the authentication provider options. In Configure method of Startup.
Note that the code has been changed, below is for version active in 2017 when the question was asked.
https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions/
https://github.com/aspnet/HttpAbstractions
New github link:
https://github.com/dotnet/aspnetcore
This is a start, from here you can follow the code depending on what you want to know.
Default AuthenticationService
in Microsoft.AspNetCore.Authentication
public virtual async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { if (principal == null) { throw new ArgumentNullException(nameof(principal)); } if (scheme == null) { var defaultScheme = await Schemes.GetDefaultSignInSchemeAsync(); scheme = defaultScheme?.Name; if (scheme == null) { throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found."); } } var handler = await Handlers.GetHandlerAsync(context, scheme); if (handler == null) { throw await CreateMissingSignInHandlerException(scheme); } var signInHandler = handler as IAuthenticationSignInHandler; if (signInHandler == null) { throw await CreateMismatchedSignInHandlerException(scheme, handler); } await signInHandler.SignInAsync(principal, properties); }
https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs#L142
Possible override from Microsoft.AspNetCore.Http.Authentication.Internal
DefaultAuthenticationManager
public override async Task SignInAsync(string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties) { if (string.IsNullOrEmpty(authenticationScheme)) { throw new ArgumentException(nameof(authenticationScheme)); } if (principal == null) { throw new ArgumentNullException(nameof(principal)); } #pragma warning disable CS0618 // Type or member is obsolete var handler = HttpAuthenticationFeature.Handler; #pragma warning restore CS0618 // Type or member is obsolete var signInContext = new SignInContext(authenticationScheme, principal, properties?.Items); if (handler != null) { await handler.SignInAsync(signInContext); } if (!signInContext.Accepted) { throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}"); } }
https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Http/Authentication/DefaultAuthenticationManager.cs#L133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With