DEV Community

Sardar Mudassar Ali Khan
Sardar Mudassar Ali Khan

Posted on

3

Https Session Authentication in asp.net Core

In ASP.NET Core, you can implement session-based authentication using the built-in session middleware and cookie authentication. Here's a step-by-step guide on how to set it up:

Step 1: Configure session services
In your Startup.cs file, configure the session services by adding the following code inside the ConfigureServices method:

public void ConfigureServices(IServiceCollection services)
{
    services.AddSession(options =>
    {
        // Configure session options
        options.Cookie.Name = "YourCookieName";
        options.IdleTimeout = TimeSpan.FromMinutes(30);
        options.Cookie.IsEssential = true;
    });

    services.AddControllers();
    // other services...
}
Enter fullscreen mode Exit fullscreen mode

Step 2: Enable session middleware
Inside the Configure method in Startup.cs, add the session middleware after the authentication middleware:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // other middleware...

    app.UseAuthentication();
    app.UseAuthorization();
    app.UseSession();

    // other configuration...
}
Enter fullscreen mode Exit fullscreen mode

Step 3: Configure authentication
Configure cookie authentication by adding the following code inside the ConfigureServices method in Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    // other services...

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.Cookie.Name = "YourCookieName";
            options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
            options.SlidingExpiration = true;
        });

    // other services...
}
Enter fullscreen mode Exit fullscreen mode

Step 4: Authenticate the user
Inside your controller or action method, you can use the HttpContext.Session property to access the session and perform authentication checks. Here's an example:

public class YourController : ControllerBase
{
    public IActionResult Authenticate(string username, string password)
    {
        // Perform your authentication logic here
        if (IsValidUser(username, password))
        {
            HttpContext.Session.SetString("Username", username);
            return Ok();
        }

        return Unauthorized();
    }

    private bool IsValidUser(string username, string password)
    {
        // Your authentication logic here
    }
}
Enter fullscreen mode Exit fullscreen mode

Step 5: Restrict access to authenticated users
You can apply the [Authorize] attribute to your controller or specific action methods to restrict access to authenticated users only:

[ApiController]
[Route("api/[controller]")]
[Authorize]
public class YourController : ControllerBase
{
    // Actions...
}
Enter fullscreen mode Exit fullscreen mode

These steps outline how to implement session-based authentication using cookies in ASP.NET Core. Remember to adjust the configuration and authentication logic based on your specific requirements.

Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

Top comments (2)

Collapse
 
inukollu profile image
Sreenivasa Reddy Inukollu

does this really work? it looks too simple

there is no mention of any authentication handler

Collapse
 
muhyilmaz profile image
MUHAMMED YILMAZ

it did not work for me.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more