JWT and Cookie Based Authentication
In this lesson, we will learn how to configure cookie-based and JWT-based authorization schemes, and implement user login in both cases.
Cookie authorization schemes options
Cookie options can be set as shown below:
Press + to interact
using Microsoft.AspNetCore.Authentication.Cookies;...services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(o =>{o.CookieName=.......});
The main options that we might need to change in our application are listed below:
| Property | Description |
|---|---|
AuthenticationScheme |
The name of the authentication scheme. It defaults to CookieAuthenticationDefaults.AuthenticationScheme. |
ExpireTimeSpan |
A TimeSpan that encodes the duration of the cookie. |
SlidingExpiration |
If true the duration of the cookie is renewed at each request. |
CookieName |
The name of the cookie. You should not need to change the default name. |
LoginPath |
The path where the browser is redirected by the challenge action. It defaults to /Account/Login. |
AccessDeniedPath |
The path where the browser is redirected by the forbid action. It defaults to /Account/AccessDenied. |
CookieSecure |
Whether to limit the transmission of the authentication cookie only to HTTPS connections. The default is false, but if your application uses HTTPS you should set this property to true. |
ReturnUrlParameter |
The name of the query string parameter where the scheme will place the URL that |
Access this course and 1400+ top-rated courses and projects.