AspNet Core CookieAuthentication with injected SessionStore

Question

During migration of an ASPNetCore 1.1 Project to ASPNetCore 2.0, we stumbled upon a Problem with the Cookie-AuthN and its SessionStore.

ASP.NET Core 1 allowed us to do something like that:

public void ConfigureServices(...) {
    Services.AddDistributedSqlServerCache(...);
    Services.AddSingleton<DistributedCookieSessionStore>(); /// SQL based store
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerfactory) {
    var cookieOptions = app.ApplicationServices.GetRequiredService<IOptions<CookieAuthenticationOptions>>().Value;
    cookieOptions.SessionStore = app.ApplicationServices.GetRequiredService<DistributedCookieSessionStore>();

    app.UseCookieAuthentication(cookieOptions);
}

Messy, but doing its Job.

Now with ASP.NET Core 2 app.UseAuthentication() does not have a signature allowing to modify the options, and I am not able to use DI, to get a hold of the session store.

Answer 1

After long search I came accross this discussion https://github.com/aspnet/Security/issues/1338 where they mentioned IPostConfigureOptions interface. I put that together and this works for me:

1) Implement interface IPostConfigureOptions<CookieAuthenticationOptions>

public class PostConfigureCookieAuthenticationOptions : IPostConfigureOptions<CookieAuthenticationOptions>
{
    private readonly ITicketStore _ticketStore;

    public PostConfigureCookieAuthenticationOptions(ITicketStore ticketStore)
    {
        _ticketStore = ticketStore;
    }

    public void PostConfigure(string name, CookieAuthenticationOptions options)
    {
        options.SessionStore = _ticketStore;
    }
}

2) Register this implementation to the container in Startup.ConfigureServices method

services.AddSingleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>();