Asp.Net Core - simplest possible forms authentication
Solution 1
It is not that simple :)
-
In the Startup.cs, configure method.
app.UseCookieAuthentication(options => { options.AutomaticAuthenticate = true; options.AutomaticChallenge = true; options.LoginPath = "/Home/Login"; });
-
Add Authorize attribute to protect the resources you want to secure.
[Authorize] public IActionResult Index() { return View(); }
-
In the Home Controller, Login Post action method, write the following method.
var username = Configuration["username"]; var password = Configuration["password"]; if (authUser.Username == username && authUser.Password == password) { var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); HttpContext.Authentication.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); return Redirect("~/Home/Index"); } else { ModelState.AddModelError("","Login failed. Please check Username and/or password"); }
Here is the github repo for your reference : https://github.com/anuraj/CookieAuthMVCSample
Solution 2
To add to Anuraj's answer - a number of classes have been deprecated for .Net Core 2. FYI:
Startup.cs - In ConfigureServices:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o => o.LoginPath = new PathString("/account/login"));
Startup.cs - In Configure:
app.UseAuthentication();
In your account/login controller method/wherever you're doing your authentication:
var claims = new[] { new Claim(ClaimTypes.Name, "MyUserNameOrID"),
new Claim(ClaimTypes.Role, "SomeRoleName") };
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
// Do your redirect here
Sources: https://github.com/aspnet/Announcements/issues/232
https://github.com/aspnet/Security/issues/1310
Pelle
a 'senior' developer/architect with a passion for agile practices
Updated on November 04, 2020Comments
-
Pelle over 3 years
I have this old MVC5 application that uses forms authentication in the simplest possible form. There is only one account stored in web.config, there are no roles etc.
<authentication mode="Forms"> <forms loginUrl="~/Login/Index" timeout="30"> <credentials passwordFormat="Clear"> <user name="some-user" password="some-password" /> </credentials> </forms> </authentication>
The login routine just calls
FormsAuthentication.Authenticate(name, password);
And that's it. Is there something similar (in terms of simplicity) in asp.net core?
-
Sanyami Vaidya almost 7 yearsI use your code but it gives an error
cannot convert lambda expression to type
in Startup.cs, configure method. -
Anuraj almost 7 years@SanyamiVaidya which version of asp.net core you're using?
-
Sanyami Vaidya almost 7 yearsI'm using 1.0.1 version of asp.net core
-
Sanyami Vaidya almost 7 yearsPlease see stackoverflow.com/questions/44277688/…
-
Rabid about 6 yearsCould you clarify what the value of variable
claims
is? It is not expressed in the scope of the step 3. snippet. -
Anuraj about 6 yearsIt is something like this - var claims = new[] { new Claim("name", authUser.Username), new Claim(ClaimTypes.Role, "Admin") };
-
Rob Koch about 5 yearsWas having issues with looping back to login form doing dual auth with jwt and cookies. Turns out changing from await context.SignInAsync(new ClaimsPrincipal(identity)); to await context.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); did the trick. Thanks @AndyP9!
-
Matt Lengenfelder almost 5 years
-
Matt Lengenfelder almost 5 years