I have this old MVC5 application that uses forms authentication in the simplest possible form. There is only one account stored in web.config, there are no roles etc.
<authentication mode="Forms">
<forms loginUrl="~/Login/Index" timeout="30">
<credentials passwordFormat="Clear">
<user name="some-user" password="some-password" />
</credentials>
</forms>
</authentication>
The login routine just calls
FormsAuthentication.Authenticate(name, password);
And that's it.
Is there something similar (in terms of simplicity) in asp.net core?
It is not that simple :)
In the Startup.cs, configure method.
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.LoginPath = "/Home/Login";
});
Add Authorize attribute to protect the resources you want to secure.
[Authorize]
public IActionResult Index()
{
return View();
}
In the Home Controller, Login Post action method, write the following method.
var username = Configuration["username"];
var password = Configuration["password"];
if (authUser.Username == username && authUser.Password == password)
{
var identity = new ClaimsIdentity(claims,
CookieAuthenticationDefaults.AuthenticationScheme);
HttpContext.Authentication.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
return Redirect("~/Home/Index");
}
else
{
ModelState.AddModelError("","Login failed. Please check Username and/or password");
}
Here is the github repo for your reference : https://github.com/anuraj/CookieAuthMVCSample
To add to Anuraj's answer - a number of classes have been deprecated for .Net Core 2. FYI:
Startup.cs - In ConfigureServices:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o => o.LoginPath = new PathString("/account/login"));
Startup.cs - In Configure:
app.UseAuthentication();
In your account/login controller method/wherever you're doing your authentication:
var claims = new[] { new Claim(ClaimTypes.Name, "MyUserNameOrID"),
new Claim(ClaimTypes.Role, "SomeRoleName") };
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity));
// Do your redirect here
Sources:
https://github.com/aspnet/Announcements/issues/232
https://github.com/aspnet/Security/issues/1310
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 仙女界的扛把子 的文章《Asp.Net Core - simplest possible forms authenticat》','https://www.manongdao.com/article-548443.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}