Microsoft.Owin.Security.Cookies
Default values related to cookie-based authentication middleware
The default value used for CookieAuthenticationOptions.AuthenticationType
The prefix used to provide a default CookieAuthenticationOptions.CookieName
The default value of the CookieAuthenticationOptions.ReturnUrlParameter
The default value used by UseApplicationSignInCookie for the
CookieAuthenticationOptions.LoginPath
The default value used by UseApplicationSignInCookie for the
CookieAuthenticationOptions.LogoutPath
Determines how the identity cookie's security property is set.
If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on
subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will
be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures
HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development
and for servers that do not have HTTPS support.
CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages
on the site which are HTTP also require authentication information. This setting is not recommended because
the authentication information provided with an HTTP request may be observed and used by other computers
on your local network or wireless connection.
CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages
requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
Extension methods provided by the cookies authentication middleware
Adds a cookie-based authentication middleware to your web application pipeline.
The IAppBuilder passed to your configuration method
An options class that controls the middleware behavior
The original app parameter
Contains the options used by the CookiesAuthenticationMiddleware
Create an instance of the options initialized with the default values
Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies".
This value should be changed if you change the name of the AuthenticationType, especially if your
system uses the cookie authentication middleware multiple times.
Determines the domain used to create the cookie. Is not provided by default.
Determines the path used to create the cookie. The default value is "/" for highest browser compatability.
Determines if the browser should allow the cookie to be accessed by client-side javascript. The
default is true, which means the cookie will only be passed to http requests and is not made available
to script on the page.
Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
and portions of your site are HTTP you may need to change this value.
Controls how much time the cookie will remain valid from the point it is created. The expiration
information is in the protected cookie ticket. Because of that an expired cookie will be ignored
even if it is passed to the server after the browser should have purged it
The SlidingExpiration is set to true to instruct the middleware to re-issue a new cookie with a new
expiration time any time it processes a request which is more than halfway through the expiration window.
The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status
code into a 302 redirection onto the given login path. The current url which generated the 401 is added
to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back
to the url which caused the original unauthorized status code.
If the LoginPath is null or empty, the middleware will not look for 401 Unauthorized status codes, and it will
not redirect automatically when a login occurs.
If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter.
The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware
when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query
string parameter looked for when a request arrives on the login path or logout path, in order to return to the
original url after the action is performed.
The Provider may be assigned to an instance of an object created by the application at startup time. The middleware
calls methods on the provider which give the application control at certain points where processing is occuring.
If it is not provided a default instance is supplied which does nothing when the methods are called.
The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
cookie value. If it is not provided a default data handler is created using the data protection service contained
in the IAppBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET,
and on DPAPI when running in a different process.
The SystemClock provides access to the system's current time coordinates. If it is not provided a default instance is
used which calls DateTimeOffset.UtcNow. This is typically not replaced except for unit testing.
Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
Creates a new context object.
The OWIN request context
The cookie middleware options
The initial redirect URI
Gets or Sets the URI used for the redirect operation.
This default implementation of the ICookieAuthenticationProvider may be used if the
application only needs to override a few of the interface methods. This may be used as a base class
or may be instantiated directly.
Specifies callback methods which the invokes to enable developer control over the authentication process. />
Called each time a request identity has been validated by the middleware. By implementing this method the
application may alter or reject the identity which has arrived with the request.
Contains information about the login session as well as the user .
A representing the completed operation.
Called when an endpoint has provided sign in information before it is converted into a cookie. By
implementing this method the claims and extra information that go into the ticket may be altered.
Contains information about the login session as well as the user .
Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
Contains information about the event
Create a new instance of the default provider.
Implements the interface method by invoking the related delegate method
Implements the interface method by invoking the related delegate method
Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
Contains information about the event
A delegate assigned to this property will be invoked when the related method is called
A delegate assigned to this property will be invoked when the related method is called
A delegate assigned to this property will be invoked when the related method is called
Context object passed to the ICookieAuthenticationProvider method ResponseSignIn.
Creates a new instance of the context object.
Initializes Request property
Initializes Response property
Initializes AuthenticationType property
Initializes Identity property
Initializes Extra property
Creates a new instance of the context object.
The OWIN request context
The middleware options
Initializes AuthenticationType property
Initializes Identity property
Initializes Extra property
The name of the AuthenticationType creating a cookie
Contains the claims about to be converted into the outgoing cookie.
May be replaced or altered during the ResponseSignIn call.
Contains the extra data about to be contained in the outgoing cookie.
May be replaced or altered during the ResponseSignIn call.
Context object passed to the ICookieAuthenticationProvider method ValidateIdentity.
Creates a new instance of the context object.
Contains the initial values for identity and extra data
Creates a new instance of the context object.
Contains the initial values for identity and extra data
Called to replace the claims identity. The supplied identity will replace the value of the
Identity property, which determines the identity of the authenticated request.
The identity used as the replacement
Called to reject the incoming identity. This may be done if the application has determined the
account is no longer active, and the request should be treated as if it was anonymous.
Contains the claims identity arriving with the request. May be altered to change the
details of the authenticated user.
Contains the extra metadata arriving with the request ticket. May be altered.