ASP.NET Core 8.0 - Cookie Authentication
This article will describe the implementation of a simple cookie authentication scheme. It will describe the default configuration and overriding some of the options. You should review the introduction article of the Cookies And Claims Project series. Registered users can download the ASP.NET Core 8.0 - Cookies And Claims Project for free.
Cookies And Claims Project and Article Series
Free project download for registered users!
I developed the Cookies And Claims Project (CACP) to demonstrate a simple cookie authentication scheme and claim-based authorization with a clear and modifiable design. The CACP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The CACP implements utilities like an AES Cipher, Password Hasher, native JavaScript client form validation, password requirements UI, Bootstrap Native message modal generator, loading/spinner generator, SignalR online user count, and an automatic idle logout for users with administration permissions.
- ASP.NET Core 8.0 - Cookies And Claims
- ASP.NET Core 8.0 - Cookie Authentication
- ASP.NET Core 8.0 - Remember Me Or Not
- ASP.NET Core 8.0 - Authorized Access
- ASP.NET Core 8.0 - Administrator Claim
- ASP.NET Core 8.0 - Admin Idle Logout
- ASP.NET Core 8.0 - Cookie Consent
- ASP.NET Core 8.0 - SignalR Online User Count
- ASP.NET Core 8.0 - AES Cipher
- ASP.NET Core 8.0 - Password Hasher
- ASP.NET Core 8.0 - Message Modal Generator
Updated as the articles become published.
The authentication configuration defaults should work for most cases as long as the paths to key pages match. The default paths are: LoginPath = "/account/login", LogoutPath = "/account/logout", and AccessDeniedPath = "/account/accessdenied". The CACP implements these paths so there is no need to override these defaults. I do recommend overriding the CookieAuthenticationDefaults. AuthenticationScheme name which is "Cookies". A unique name helps with multiple schemes and debugging multiple projects. The CACP implements a static class named AppSettings.cs for global project settings. The CACP AppSettings. ApplicationScheme = "CACP.Authentication". The CACP implements cookie authentication with just a few lines of code. Setting the Cookie Name removes the .AspNet prefix from the browser's cookie name.
Program.cs:
builder.Services.AddAuthentication() .AddCookie(AppSettings.ApplicationScheme, options => { options.Cookie.Name = AppSettings.ApplicationScheme; });
The Authentication middleware is added in Program.cs by calling UseAuthentication. Calling UseAuthentication registers the middleware that uses the previously registered authentication schemes. Call UseAuthentication before any middleware that depends on users being authenticated. See MS - Use cookie authentication without ASP.NET Core Identity.
app.UseAuthentication();
You can override a few more default cookie options but most are superseded by AuthenticationProperties used when the user logs in. See the Remember Me Or Not article.
Comments(0)