11

In ASP.NET Core 2.0 the .UseAuthentication() middleware has a breaking change that no longer allows the old syntax mentioned here to work.

The new version appears to deal with config in addAuthentication, but I can't find any details anywhere on how to change my old code that specified a custom login and logout url.

        services.AddAuthentication(o =>
        {
            // Where can I specify this?????
            var opt = new CookieAuthenticationOptions()
            {
                LoginPath = "/api/login",
                LogoutPath = "/api/logout",
            };

           o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
           o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        });

Any help would be appreciated...

Improve this question

2 Answers 2

Reset to default
13

Updated as this has changed slightly again in the 2.0 RTM bits

It turns out it's a lot easier than expected, but as the official documentation hasn't been updated yet, here is exactly what works for plain Cookie auth:

Configuration:

In ConfigureServices() configure the specific Authentication mechanism:

services
    .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(o =>
    {
        o.LoginPath = "/api/login";
        o.LogoutPath = "/api/logout";
        // additional config options here
    });

Then in Configure() to actually hook up the middleware:

app.UseAuthentication();

Using the Auth Components

Then to use the actual Auth components the logic has shifted from the HttpContext.Authentication object, down to just HttpContext in application logic like controller code:

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
            new ClaimsPrincipal(identity));

or:

await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Just a note: You need to add this nuget package: "Microsoft.AspNetCore.Authentication.Cookies" for CookieAuthenticationDefaults, ***Defaults etc.
@Lost_In_Library - you don't need to add this if you use the ASP.NET Core meta package. You only add it if you explicitly add individual ASP.NET packages.
Another note to hopefully save someone a headache: The extension method for HttpContext.SignInAsync only shows up if you have the using import for "Microsoft.AspNetCore.Authentication"
10

The example you posted doesn't seem to be a real code anyways (i.e. new CookieAuthenticationOptions() being inside the AddAuthentication call, rather than as argument to AddCookieAuthentication). You don't add authorizations inside the AddAuthorization call, you just setup standards middlewares here, see this announcement.

Old:

services.AddAuthentication(sharedOptions => 
       sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
   AutomaticChallenge = true,
   AutomaticAuthenticate = true,

New:

app.AddAuthentication(o => {
   o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
   o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
   o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

And the 

services.AddXxxAuthentication(new XxxOptions() { ... });

are replaced with 

services.AddXxxAuthentication(options => {
});

to be inline with all other methods which accept a configuration.

Also always worth a look at the ASP.NET Core Announcements GitHub Repository, where the ASP.NET Core Team announces breaking changes for the next version, just select a specific milestone there, i.e. 2.0.0-preview1, 2.0.0-preview2, etc.

Improve this answer

4 Comments

good post, spent half a day on this. All of what you said is visible in the basic .netcoreapp2.0 template (with local authorization) A key point to add is the section HttpContext.Authentication will be obsolete as the way you Authenticate\SignIn\Signout etc has changed
I know the Git Announcement states otherwise but in my case, IApplicationBuilder has no method called Add*, so shouldn't app.AddAuthentication(...) be service.AddAuthentication(...)?
@JanesAbouChleih: Yea, I guess so. Probably a typo while manually typing it in w/o an IDE
Thanks Tseng. I couldn't make your code (or the code in the change log) to work because I was still running the pre-release builds. Once switching to RTM the code works. I've added another answer with the relevant code specific for Cookie auth, but your answer led me to the right place. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.