Configuration
In Startup.ConfigureServices method, create identity has AddAuthentication and AddCookie method of verification middleware services:
services.AddAuthentication(Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { // Cookie settings options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(20); options.LoginPath = "/Account/Login"; options.AccessDeniedPath = "/Account/AccessDenied"; options.SlidingExpiration = true; });
AuthenticationScheme passed to the authentication scheme AddAuthentication default settings of the application. If there are multiple instances authentication cookie, and you want to use a specific program for authorization, AuthenticationScheme would be useful. The AuthenticationScheme to CookieAuthenticationDefaults. AuthenticationScheme provide value "cookie" for the program. Any string value can be provided for distinguishing scheme.
Authentication scheme applied cookie authentication scheme is different from the application. If no cookie to AddCookie identity authentication scheme, use CookieAuthenticationDefaults.AuthenticationScheme ( "Cookie").
By default, the authentication cookie IsEssential property is set to true. When a site visitor does not agree with the data collection, allowing the use of the authentication cookie.
In Startup.Configure, call UseAuthentication and UseAuthorization set HttpContext.User attribute, and authorization middleware request to run. Call call UseEndpoints before UseAuthentication and UseAuthorization method:
app.UseCookiePolicy();
app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); endpoints.MapRazorPages(); });
log in
To create a cookie to save user information, construct a ClaimsPrincipal. User information will be serialized and stored in a cookie.
Claim created using any desired ClaimsIdentity, and calls SignInAsync to log users:
var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.Email), new Claim("FullName", user.FullName), new Claim(ClaimTypes.Role, "Administrator"), }; var claimsIdentity = new ClaimsIdentity( claims, CookieAuthenticationDefaults.AuthenticationScheme); var authProperties = new AuthenticationProperties { //AllowRefresh = <bool>, // Refreshing the authentication session should be allowed. //ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10), // The time at which the authentication ticket expires. A // value set here overrides the ExpireTimeSpan option of // CookieAuthenticationOptions set with AddCookie. //IsPersistent = true, // Whether the authentication session is persisted across // multiple requests. When used with cookies, controls // whether the cookie's lifetime is absolute (matching the // lifetime of the authentication ticket) or session-based. //IssuedUtc = <DateTimeOffset>, // The time at which the authentication ticket was issued. //RedirectUri = <string> // The full path or absolute URI to be used as an http // redirect response value. }; await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
SignInAsync create an encrypted cookie, and add it to the current response. If AuthenticationScheme not specified, the default scheme.
ASP.NET Core data protection system for encryption. For hosted on multiple computer applications across applications or web farm load balancing, data protection set is configured to use the same application identifier and a key ring.
Logout
To log off the current user and delete their cookie, please call SignOutAsync:
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
If CookieAuthenticationDefaults.AuthenticationScheme (or "Cookie") is not used as solutions (for example, "ContosoCookie"), please provide configuration authentication scheme used by the provider. Otherwise, the default program.