UseCookieAuthentication expects a CookieAuthenticationOptions object, and refuses lambda

[diddledan]

The documentation used to state (until I fixed it) that the following was acceptable for setting-up cookie authentication:

app.UseCookieAuthentication(options =>
{
    options.AuthenticationScheme = "Cookie";
    options.LoginPath = new PathString("/Account/Unauthorized/");
    options.AccessDeniedPath = new PathString("/Account/Forbidden/");
    options.AutomaticAuthenticate = false;
});

This form is in line with other middlewares such as app.UseMvc() (in Configure()) and services.AddAuthorization() (in ConfigureServices()).

However the final 1.0.0 code requires the following form:

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    AuthenticationScheme = "Cookie",
    LoginPath = new PathString("/Account/Unauthorized/"),
    AccessDeniedPath = new PathString("/Account/Forbidden/"),
    AutomaticAuthenticate = false,
});

The second, i.e. current as of 1.0.0, state seems to be inconsistent with related middleware configuration methods such as the two I mention above.

Unfortunately now the 1.0.0 version is live we cannot easily change the semantics, so I wonder about the possibility of adding an overload to accept the lambda-style instantiation as seems to have been the case in the 1.0.0rc1 days:

public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, Action<CookieAuthenticationOptions> configureOptions)
{
    if (app == null)
    {
        throw new ArgumentNullException(nameof(app));
    }

    var options = new CookieAuthenticationOptions();
    if (configureOptions != null)
    {
        configureOptions(options);
    }
    return app.UseCookieAuthentication(options);
}

[PinpointTownes]

FYI, there are already a few tickets about that (e.g #825)

[Eilon]

We are not planning on changing this pattern.