JWT and Cookie Based Authentication
In this lesson, we will learn how to configure cookie-based and JWT-based authorization schemes, and implement user login in both cases.
Cookie authorization schemes options
Cookie options can be set as shown below:
Press + to interact
using Microsoft.AspNetCore.Authentication.Cookies;...services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(o =>{o.CookieName=.......});
The main options that we might need to change in our application are listed below:
Property | Description |
---|---|
AuthenticationScheme |
The name of the authentication scheme. It defaults to CookieAuthenticationDefaults.AuthenticationScheme. |
ExpireTimeSpan |
A TimeSpan that encodes the duration of the cookie. |
SlidingExpiration |
If true the duration of the cookie is renewed at each request. |
CookieName |
The name of the cookie. You should not need to change the default name. |
LoginPath |
The path where the browser is redirected by the challenge action. It defaults to /Account/Login. |
AccessDeniedPath |
The path where the browser is redirected by the forbid action. It defaults to /Account/AccessDenied. |
CookieSecure |
Whether to limit the transmission of the authentication cookie only to HTTPS connections. The default is false, but if your application uses HTTPS you should set this property to true. |
ReturnUrlParameter |
The name of the query string parameter where the scheme will place the URL that originated the redirect to the login page if any. It defaults to “ReturnUrl”. You should redirect the browser to |