Monday, February 25, 2019
Home dotnet programming Why do we have to AuthCookieAuthentication?

Why do we have to AuthCookieAuthentication?

at 5:03 PM

TL;DR: Why do we always have to set o.DefaultAuthenticateScheme = "Cookie"; in Startup.cs?

I've created a simple asp.net core mvc application which supports logging in using Facebook, Google and Github.

This is my Startup.cs

 public void ConfigureServices(IServiceCollection services) ... services .AddAuthentication(o => { o.DefaultAuthenticateScheme = "Cookie"; o.DefaultSignInScheme = "Cookie"; }) .AddCookie("Cookie") .AddFacebook("Facebook", o => { o.ClientId = "ClientIdOfFAcebookApp"; o.ClientSecret = "ClientSecretApp"; }) .AddGoogle("Google", o => { o.ClientId = "ClientIdOfGoogleApp"; o.ClientSecret = "ClientSecretOfGoogleApp"; }) .AddOAuth("Github", o => {

There is a index.html. It shows three links for loggin in using Github, Google or Facebook

@Html.ActionLink("Log in with github", "Github") @Html.ActionLink("Log in with Google", "Google") @Html.ActionLink("Log in with Facebook", "Facebook") @Html.ActionLink("Log out", "LogOut") @if (User.Identity.IsAuthenticated) { <div>User: @User.Identity.Name</div> }

There is HomeController.cs:

public IActionResult GitHub() { return Challenge(new AuthenticationProperties() { RedirectUri = "/Home/" }, "Github"); } public IActionResult Facebook() { return Challenge(new AuthenticationProperties() { RedirectUri = "/Home/" }, "Facebook"); } public IActionResult Google() { return Challenge(new AuthenticationProperties() { RedirectUri = "/Home/" }, "Google"); } public IActionResult Logout() { HttpContext.SignOutAsync(); return Redirect("/Home/"); }

We are not allowed set o.DefaultSignInScheme = "Github" ("Facebook", "Google"), because OAuth handlers doesn't support verb SignIn

And there is a very interesting thing for me.

if we set o.DefaultAuthenticateScheme = "Github"; only authentication using Github will work

if we set o.DefaultAuthenticateScheme = "Facebook"; only authentication using Facebook will work. The same thing with Google.

BUT if we set o.DefaultAuthenticateScheme = "Cookie"; all authentications will work

What the difference between o.DefaultAuthenticateScheme = "Cookie" and o.DefaultAuthenticateScheme = "Github" (or "Facebook" or "Google")? Do you know why DefaultAuthenticateScheme = "Cookie" enables us to use any authentication?

Why do we have to AuthCookieAuthentication? Click here
Posted by Print this post
Labels:
  • Blogger Comment
  • Facebook Comment

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright © 2012 Reviews of gaming gadgets including keyboards, mouse and gaming PC All Right Reserved
The webdev Team
Back To Top