Reputation: 3660
Cookie without Identity Asp.net core
I'm currently working on a project that I don't use Identity.
The things is that this project should have a remember me option that allow user to automatically reconnect into the web site.
My problem is that I can't find any complete tutoriel to create a cookie without Identity.
If somebody have a good sample of code or tutoial :)
Thanks
Upvotes: 3
Views: 3598
Answers (3)
Reputation: 4986
I think you are asking how to make a persistent cookie when the user logs in with a "Remember Me?" checkbox selected.
All the answers are on the right path - you'll ultimately invoke HttpContext.Authentication.SignInAsync, but the cookie middleware issues a session cookie by default. You'll need to pass along authentication properties as a third parameter to make the cookie persistent, for example:
HttpContext.Authentication.SignInAsync(
Options.Cookies.ApplicationCookieAuthenticationScheme,
userPrincipal,
new AuthenticationProperties { IsPersistent = isPersistent });
Upvotes: 1
Reputation: 1435
In my project, I use AngularJS for Frontend and .Net Core API for Backend.
So, I don't need to configure pages for AccessDeniedPath, LoginPath and so on.
Here's what I do:
Configure the cookie in the startup class:
public void Configure(IApplicationBuilder app) { //... CookieAuthenticationOptions options = new CookieAuthenticationOptions(); options.AuthenticationScheme = "MyCookie"; options.AutomaticAuthenticate = true; options.CookieName = "MyCookie"; app.UseCookieAuthentication(options); //... }The login is like this:
[HttpPost, Route("Login")] public IActionResult LogIn([FromBody]LoginModel login) { //... var identity = new ClaimsIdentity("MyCookie"); //add the login as the name of the user identity.AddClaim(new Claim(ClaimTypes.Name, login.Login)); //add a list of roles foreach (Role r in someList.Roles) { identity.AddClaim(new Claim(ClaimTypes.Role, r.Name)); } var principal = new ClaimsPrincipal(identity); HttpContext.Authentication.SignInAsync("MyCookie", principal).Wait(); return Ok(); }The logout is like this:
[HttpPost, Route("Logout")] public async Task<IActionResult> LogOut() { await HttpContext.Authentication.SignOutAsync("MyCookie"); return Ok(); }Then you can use it like this:
[HttpPost] [Authorize(Roles = "Role1,Role2,Role3")] public IActionResult Post() { //... string userName = this.User.Identity.Name; //... }
*See that the method is authorized only for "Role1, Role2 and Role3". And see how to get the user name.
Upvotes: 3
Reputation: 4177
There is a pretty good article on this here: Using Cookie Middleware without ASP.NET Core Identity.
Basically what you do is set up the cookie handling middleware as if you were going to identify the user, but then you just create a ClaimsPrincipal object without asking the user to login. You pass that object to the SigninAsync method and it creates the cookie for you. If you follow this article you should be fine.
Upvotes: 0
Related Questions
- ASP.NET Core Identity & Cookies
- Create cookie with ASP.NET Core
- How to create Cookieless Session in .Net Core?
- ASP.NET Core. How can i create an auth cookie without an identity user account?
- ASP.NET Core session authentication
- Cookie Authentication ASP.NET Core
- ASP.NET core API - cookie auth
- Cookie Middleware without Identity ASP.NET Core v2
- Authentication with Cookies in ASP.NET Core
- Working with cookie in mvc