As I know in a standard ASP.NET application, an auth cookie should be set in order to say to ASP.NET that this user is authenticated.
If I create a new application with Visual Studio 2015, it generate a "Login method" template as follow:
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
There is no other code.
My question is: WHERE is the authentication cookie set?
Thanks a lot!
in the new identity system it uses owin cookie middleware , for you to configure it you can open up the startup.auth.cs from the app_start folder, this is the code i'm referring to :
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
this is the configuration that the SignInManager class uses if you are familiar with the forms authentication and its cookie system that's now obsolete for further reading you can read this blog post: http://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/
