Asp.Net Core - simplest possible forms authentication

c# asp.net-mvc asp.net-core forms-authentication

36,121

Solution 1

It is not that simple :)

In the Startup.cs, configure method.

app.UseCookieAuthentication(options =>
{
  options.AutomaticAuthenticate = true;
  options.AutomaticChallenge = true;
  options.LoginPath = "/Home/Login";
});

Add Authorize attribute to protect the resources you want to secure.
```
[Authorize]
public IActionResult Index()
{
  return View();
}
```

In the Home Controller, Login Post action method, write the following method.

var username = Configuration["username"];
var password = Configuration["password"];
if (authUser.Username == username && authUser.Password == password)
{
  var identity = new ClaimsIdentity(claims, 
      CookieAuthenticationDefaults.AuthenticationScheme);

  HttpContext.Authentication.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme,
    new ClaimsPrincipal(identity));

  return Redirect("~/Home/Index");
}
else
{
  ModelState.AddModelError("","Login failed. Please check Username and/or password");
}

Here is the github repo for your reference : https://github.com/anuraj/CookieAuthMVCSample

Solution 2

To add to Anuraj's answer - a number of classes have been deprecated for .Net Core 2. FYI:

Startup.cs - In ConfigureServices:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(o => o.LoginPath = new PathString("/account/login"));

Startup.cs - In Configure:

app.UseAuthentication();

In your account/login controller method/wherever you're doing your authentication:

var claims = new[] { new Claim(ClaimTypes.Name, "MyUserNameOrID"),
    new Claim(ClaimTypes.Role, "SomeRoleName") };

var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

await context.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme, 
    new ClaimsPrincipal(identity));
// Do your redirect here

Sources: https://github.com/aspnet/Announcements/issues/232

https://github.com/aspnet/Security/issues/1310

36,121

Author by

Pelle

a 'senior' developer/architect with a passion for agile practices

Updated on November 04, 2020

Comments

Pelle over 3 years
I have this old MVC5 application that uses forms authentication in the simplest possible form. There is only one account stored in web.config, there are no roles etc.
```
<authentication mode="Forms">
  <forms loginUrl="~/Login/Index" timeout="30">
    <credentials passwordFormat="Clear">
      <user name="some-user" password="some-password" />
    </credentials>
  </forms>
</authentication>
```
The login routine just calls
```
FormsAuthentication.Authenticate(name, password);
```
And that's it. Is there something similar (in terms of simplicity) in asp.net core?
Sanyami Vaidya almost 7 years

I use your code but it gives an error cannot convert lambda expression to type in Startup.cs, configure method.
Anuraj almost 7 years

@SanyamiVaidya which version of asp.net core you're using?
Sanyami Vaidya almost 7 years

I'm using 1.0.1 version of asp.net core
Sanyami Vaidya almost 7 years

Please see stackoverflow.com/questions/44277688/…
Rabid about 6 years

Could you clarify what the value of variable claims is? It is not expressed in the scope of the step 3. snippet.
Anuraj about 6 years

It is something like this - var claims = new[] { new Claim("name", authUser.Username), new Claim(ClaimTypes.Role, "Admin") };
Rob Koch about 5 years

Was having issues with looping back to login form doing dual auth with jwt and cookies. Turns out changing from await context.SignInAsync(new ClaimsPrincipal(identity)); to await context.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); did the trick. Thanks @AndyP9!
Matt Lengenfelder almost 5 years

docs.microsoft.com/en-us/aspnet/core/security/authentication‌/…
Matt Lengenfelder almost 5 years

see docs.microsoft.com/en-us/aspnet/core/security/authentication‌/…