.NET 7 - How to manage authentication ?

[KumG]

Hello,

Sorry if this isn't the right place to ask this, but I didn't find a sample or documentation to manage the authentication with .NET 6/7...

I'm trying to migrate my project from .NET 4.8 to .NET 7. (WPF client, ASP.NET web with EF 6.4, OpenRIAServices)

My current AuthenticationDomainService inherits from AuthenticationBase<User> from OpenRiaServices.Server.Authentication.AspNetMembership package.

It uses FormsAuthentication and this package is not compatible with .NET 7.

I tried to replace it with IAuthentication<User> with a login method :

public User Login(string userName, string password, bool isPersistent, string customData)
{
    var user = RetrieveUser("admin");

    // Set HttpContext current user ?

    return user;
}

In my client test application, I have this code :

DomainContext.DomainClientFactory = new BinaryHttpDomainClientFactory(new Uri("http://localhost:5241/", UriKind.Absolute), () => new HttpClient());

var webContext = new WebContext { Authentication = new FormsAuthentication { DomainContext = new AuthenticationDomainContext() } };

...

var authenticationService = WebContextBase.Current.Authentication;

authenticationService.Login(new LoginParameters("admin", "12345"), operation =>
            {
                var currentUser = WebContextBase.Current.Authentication.User;
                var otherDomainContext = new SampleDomainContext();
                var query = otherDomainContext.GetAccessProfilesQuery(false);
                otherDomainContext.Load(query, LoadBehavior.RefreshCurrent, loadOperation =>
                {

                }, null);
            }, null);

My domainContext method has [RequiresAuthentication]

Of course, I always get a UnauthorizedAccessException...

Thank you.

[Daniel-Svensson]

Server

On the server you need to setup authentication using "normal" aspnetcore practices.

It looks like you want to use cookie based authentication which is the clooses match to was AspNetMembership did, you can look into the official AspNetCore documentation in contains instruction for setup, as well as set the cookie on successfull login as well as logout code.

Client

For the client, you need to ensure that all HttpClients share the same CookieContainer and that the it is set to use to cookies (https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclienthandler.usecookies?view=net-7.0#system-net-http-httpclienthandler-usecookies), you can do something similar to https://github.com/OpenRIAServices/OpenRiaServices/blob/e32f5ca14b31bb02165e1bea00cc8aba9d70a4b5/src/Test/OpenRiaservices.EndToEnd.AspNetCore.Test/Main.cs#L29-L34

[KumG]

Thank you very much for the help.

I was able to have a working proof of concept using :

        public User Login(string userName, string password, bool isPersistent, string customData)
        {
            var user = RetrieveUser("admin");

            if (user != null)
            {
                var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.Name)};
                claims.AddRange(user.Roles.Select(role => new Claim(ClaimTypes.Role, role)));
                var claimsIdentity = new ClaimsIdentity(claims, "Forms");
                var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
                _httpContextAccessor.HttpContext.SignInAsync(claimsPrincipal).GetAwaiter().GetResult();
            }

            return user;
        }

[Daniel-Svensson]

I've started with a sample at https://github.com/OpenRIAServices/Samples/pull/16 if anybody else is interested.

The login method should probably be rewriten more similar to the above sample by @KumG

[Daniel-Svensson]

Added documentation in https://github.com/OpenRIAServices/OpenRiaServices/pull/466/files

@KumG feel free to have a look and see if there is anything important I have forgotten