DEV Community

Cover image for ASP.Net 9.0: Authentication Enhancements
Sukhpinder Singh
Sukhpinder Singh

Posted on • Updated on • Originally published at Medium

ASP.Net 9.0: Authentication Enhancements

The article demonstrates new features related to authentication and authorization. These enhancements aim to improve security and streamline the process of verifying user identities and granting access.

OIDC and OAuth Parameter Customization

The OAuth and OpenID Connect (OIDC) authentication handlers now offer an AdditionalAuthorizationParameters option. This feature simplifies the customization of authorization message parameters typically included in the redirect query string. Previously, achieving this level of customization required implementing a custom OnRedirectToIdentityProvider callback or overriding the BuildChallengeUrl method within a custom handler. However, with the latest improvements, developers can achieve the same result more succinctly.

Example

In previous versions of .NET, achieving custom parameter customization looked like this:

    builder.Services.AddAuthentication().AddOpenIdConnect(options =>
    {
        options.Events.OnRedirectToIdentityProvider = context =>
        {
            context.ProtocolMessage.SetParameter("prompt", "login");
            context.ProtocolMessage.SetParameter("audience", "https://api.example.com");
            return Task.CompletedTask;
        };
    });

Enter fullscreen mode Exit fullscreen mode

Now, with the simplified approach, you can achieve the same result as follows

    builder.Services.AddAuthentication().AddOpenIdConnect(options =>
    {
        options.AdditionalAuthorizationParameters.Add("prompt", "login");
        options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
    });
Enter fullscreen mode Exit fullscreen mode

Configuring HTTP.sys Extended Authentication Flags

Windows authentication via HTTP.sys can now be fine-tuned using the EnableKerberosCredentialCaching and CaptureCredentials properties. These properties allow developers to optimize how HTTP.sys handles authentication. Specifically, you can configure the following flags:

  1. HTTP_AUTH_EX_FLAG_ENABLE_KERBEROS_CREDENTIAL_CACHING: Enables Kerberos credential caching for improved performance.

  2. HTTP_AUTH_EX_FLAG_CAPTURE_CREDENTIAL: Captures user credentials during the authentication process.

Example:

    webBuilder.UseHttpSys(options =>
    {
        options.Authentication.Schemes = AuthenticationSchemes.Negotiate;
        options.Authentication.EnableKerberosCredentialCaching = true;
        options.Authentication.CaptureCredentials = true;
    });
Enter fullscreen mode Exit fullscreen mode

C# ProgrammingšŸš€

Thank you for being a part of the C# community! Before you leave:

If youā€™ve made it this far, please show your appreciation with a clap and follow the author! šŸ‘ļøļø

Follow us: X | LinkedIn | Dev.to | Hashnode | Newsletter | Tumblr

Visit our other platforms: GitHub | Instagram | Tiktok | Quora | Daily.dev

More content at C# Programming

Top comments (2)

Collapse
 
jangelodev profile image
JoĆ£o Angelo

Hi Sukhpinder Singh,
Your tips are very useful
Thanks for sharing

Collapse
 
ssukhpinder profile image
Sukhpinder Singh

You're welcome! Glad they were helpful.