11

In ASP.NET Core 2.0 the .UseAuthentication() middleware has a breaking change that no longer allows the old syntax mentioned here to work.

The new version appears to deal with config in addAuthentication, but I can't find any details anywhere on how to change my old code that specified a custom login and logout url.

        services.AddAuthentication(o =>
        {
            // Where can I specify this?????
            var opt = new CookieAuthenticationOptions()
            {
                LoginPath = "/api/login",
                LogoutPath = "/api/logout",
            };

           o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
           o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        });

Any help would be appreciated...

vcsjones
  • 138,677
  • 31
  • 291
  • 286
Rick Strahl
  • 17,302
  • 14
  • 89
  • 134

2 Answers2

13

Updated as this has changed slightly again in the 2.0 RTM bits

It turns out it's a lot easier than expected, but as the official documentation hasn't been updated yet, here is exactly what works for plain Cookie auth:

Configuration:

In ConfigureServices() configure the specific Authentication mechanism:

services
    .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(o =>
    {
        o.LoginPath = "/api/login";
        o.LogoutPath = "/api/logout";
        // additional config options here
    });

Then in Configure() to actually hook up the middleware:

app.UseAuthentication();

Using the Auth Components

Then to use the actual Auth components the logic has shifted from the HttpContext.Authentication object, down to just HttpContext in application logic like controller code:

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
            new ClaimsPrincipal(identity));

or:

await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
Massimiliano Kraus
  • 3,638
  • 5
  • 27
  • 47
Rick Strahl
  • 17,302
  • 14
  • 89
  • 134
  • 3
    Just a note: You need to add this nuget package: "Microsoft.AspNetCore.Authentication.Cookies" for CookieAuthenticationDefaults, ***Defaults etc. – Lost_In_Library Aug 19 '17 at 20:11
  • @Lost_In_Library - you don't need to add this if you use the ASP.NET Core meta package. You only add it if you explicitly add individual ASP.NET packages. – Rick Strahl Aug 22 '17 at 19:13
  • Another note to hopefully save someone a headache: The extension method for HttpContext.SignInAsync only shows up if you have the using import for "Microsoft.AspNetCore.Authentication" – Jason Spake Dec 14 '17 at 00:57
10

The example you posted doesn't seem to be a real code anyways (i.e. new CookieAuthenticationOptions() being inside the AddAuthentication call, rather than as argument to AddCookieAuthentication). You don't add authorizations inside the AddAuthorization call, you just setup standards middlewares here, see this announcement.

Old:

services.AddAuthentication(sharedOptions => 
       sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
   AutomaticChallenge = true,
   AutomaticAuthenticate = true,

New:

app.AddAuthentication(o => {
   o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
   o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
   o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

And the 

services.AddXxxAuthentication(new XxxOptions() { ... });

are replaced with 

services.AddXxxAuthentication(options => {
});

to be inline with all other methods which accept a configuration.

Also always worth a look at the ASP.NET Core Announcements GitHub Repository, where the ASP.NET Core Team announces breaking changes for the next version, just select a specific milestone there, i.e. 2.0.0-preview1, 2.0.0-preview2, etc.

Tseng
  • 61,549
  • 15
  • 193
  • 205
  • good post, spent half a day on this. All of what you said is visible in the basic .netcoreapp2.0 template (with local authorization) A key point to add is the section **HttpContext.Authentication will be obsolete** as the way you Authenticate\SignIn\Signout etc has changed – Nico May 16 '17 at 03:02
  • I know the Git Announcement states otherwise but in my case, `IApplicationBuilder` has no method called `Add*`, so shouldn't `app.AddAuthentication(...)` be `service.AddAuthentication(...)`? – jAC May 16 '17 at 07:24
  • @JanesAbouChleih: Yea, I guess so. Probably a typo while manually typing it in w/o an IDE – Tseng May 16 '17 at 07:57
  • Thanks Tseng. I couldn't make your code (or the code in the change log) to work because I was still running the pre-release builds. Once switching to RTM the code works. I've added another answer with the relevant code specific for Cookie auth, but your answer led me to the right place. Thanks. – Rick Strahl Aug 14 '17 at 23:15