New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth 2.0 Breaking Changes #232

Closed
HaoK opened this Issue Apr 21, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@HaoK
Member

HaoK commented Apr 21, 2017

Authentication has undergone some major changes for 2.0:

Auth middleware are now all services (and configured via options)

And there is now only a single authentication middleware is needed.

Old:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
   ClientId = Configuration["oidc:clientid"],
   ClientSecret = Configuration["oidc:clientsecret"]);

app.UseIdentity();

New:

// In ConfigureServices
services.AddOpenIdConnectionAuthentication(o => 
{
   o.ClientId = Configuration["oidc:clientid"];
   o.ClientSecret = Configuration["oidc:clientsecret"]);
}

// In Configure
app.UseAuthentication();

Automatic authentication/challenge have been replaced:

Previously there would be undefinied behavior when multiple auth middleware turned automatic on, we centralized the setting to be in AuthenticationOptions.Default[Authenticate|Challenge|SignIn]Scheme. Also if there's only a single auth scheme, it is considered the default.

Old:

services.AddAuthentication(sharedOptions => 
       sharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
   AutomaticChallenge = true,
   AutomaticAuthenticate = true,

New:

app.AddAuthentication(o => {
   o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
   o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
   o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

HttpContext.Authentication will be obsolete

Old:

   context.Authentication.Authenticate|Challenge|SignInAsync("scheme"); // Calls 1.0 auth stack

New:

   using Microsoft.AspNetCore.Authentication;

   context.Authenticate|Challenge|SignInAsync("scheme"); // Calls 2.0 auth stack

AuthenticationHandler base classes have changed significantly as well

For more details: see https://github.com/aspnet/Security/pull/1170/files

Main Tracking issue: aspnet/Security#1179

@HaoK HaoK added this to the 2.0.0-preview1 milestone Apr 21, 2017

@aspnet aspnet locked and limited conversation to collaborators Apr 21, 2017

@HaoK

This comment has been minimized.

Member

HaoK commented Jul 17, 2017

See #262 for the final 2.0 changes

@HaoK HaoK closed this Jul 17, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.