ASP.NET Core 8.0 - Cookie Authentication

This article will describe the implementation of a simple cookie authentication scheme. It will describe the default configuration and overriding some of the options. You should review the introduction article of the Cookies And Claims Project series. Registered users can download the ASP.NET Core 8.0 - Cookies And Claims Project for free.

Cookies And Claims Project and Article Series

Free project download for registered users!

I developed the Cookies And Claims Project (CACP) to demonstrate a simple cookie authentication scheme and claim-based authorization with a clear and modifiable design. The CACP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The CACP implements utilities like an AES Cipher, Password Hasher, native JavaScript client form validation, password requirements UI, Bootstrap Native message modal generator, loading/spinner generator, SignalR online user count, and an automatic idle logout for users with administration permissions.

Updated as the articles become published.

The authentication configuration defaults should work for most cases as long as the paths to key pages match. The default paths are: LoginPath = "/account/login", LogoutPath = "/account/logout", and AccessDeniedPath = "/account/accessdenied". The CACP implements these paths so there is no need to override these defaults. I do recommend overriding the CookieAuthenticationDefaults. AuthenticationScheme name which is "Cookies". A unique name helps with multiple schemes and debugging multiple projects. The CACP implements a static class named AppSettings.cs for global project settings. The CACP AppSettings. ApplicationScheme = "CACP.Authentication". The CACP implements cookie authentication with just a few lines of code. Setting the Cookie Name removes the .AspNet prefix from the browser's cookie name.

Program.cs:
builder.Services.AddAuthentication()
    .AddCookie(AppSettings.ApplicationScheme, options => { options.Cookie.Name = AppSettings.ApplicationScheme; });
Cookies In Use.

The Authentication middleware is added in Program.cs by calling UseAuthentication. Calling UseAuthentication registers the middleware that uses the previously registered authentication schemes. Call UseAuthentication before any middleware that depends on users being authenticated. See MS - Use cookie authentication without ASP.NET Core Identity.

app.UseAuthentication();

You can override a few more default cookie options but most are superseded by AuthenticationProperties used when the user logs in. See the Remember Me Or Not article.

Ken Haggerty
Created 07/17/24
Updated 08/29/24 16:15 GMT

Log In or Reset Quota to read more.

Article Tags:

Authentication
Successfully completed. Thank you for contributing.
Contribute to enjoy content without advertisments.
Something went wrong. Please try again.

Comments(0)

Loading...
Loading...

Not accepting new comments.

Submit your comment. Comments are moderated.

User Image.
DisplayedName - Member Since ?