diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index b056d0787b..3a8365a5b3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -145,13 +145,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
};
- if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
+ if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest)
{
cookieOptions.Secure = Request.IsHttps;
}
else
{
- cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
+ cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always;
}
return cookieOptions;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index 8a451c9c71..f9455f23a5 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -29,7 +29,7 @@ namespace Microsoft.AspNetCore.Builder
ExpireTimeSpan = TimeSpan.FromDays(14);
SlidingExpiration = true;
CookieHttpOnly = true;
- CookieSecure = CookieSecureOption.SameAsRequest;
+ CookieSecure = CookieSecurePolicy.SameAsRequest;
SystemClock = new SystemClock();
Events = new CookieAuthenticationEvents();
}
@@ -59,7 +59,7 @@ namespace Microsoft.AspNetCore.Builder
public string CookieDomain { get; set; }
///
- /// Determines the path used to create the cookie. The default value is "/" for highest browser compatability.
+ /// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
///
public string CookiePath { get; set; }
@@ -75,7 +75,7 @@ namespace Microsoft.AspNetCore.Builder
/// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
/// and portions of your site are HTTP you may need to change this value.
///
- public CookieSecureOption CookieSecure { get; set; }
+ public CookieSecurePolicy CookieSecure { get; set; }
///
/// If set this will be used by the CookieAuthenticationMiddleware for data protection.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
deleted file mode 100644
index 5a35415d1b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieSecureOption.cs
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
- ///
- /// Determines how the identity cookie's security property is set.
- ///
- public enum CookieSecureOption
- {
- ///
- /// If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on
- /// subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will
- /// be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures
- /// HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development
- /// and for servers that do not have HTTPS support.
- ///
- SameAsRequest,
-
- ///
- /// CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages
- /// on the site which are HTTP also require authentication information. This setting is not recommended because
- /// the authentication information provided with an HTTP request may be observed and used by other computers
- /// on your local network or wireless connection.
- ///
- Never,
-
- ///
- /// CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages
- /// requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls.
- ///
- Always,
- }
-}
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
index 7b52a58804..46daaad810 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -74,7 +74,7 @@ namespace Microsoft.AspNetCore.CookiePolicy
private bool PolicyRequiresCookieOptions()
{
- return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != SecurePolicy.None;
+ return Policy.HttpOnly != HttpOnlyPolicy.None || Policy.Secure != CookieSecurePolicy.None;
}
public void Append(string key, string value)
@@ -140,13 +140,13 @@ namespace Microsoft.AspNetCore.CookiePolicy
{
switch (Policy.Secure)
{
- case SecurePolicy.Always:
+ case CookieSecurePolicy.Always:
options.Secure = true;
break;
- case SecurePolicy.SameAsRequest:
+ case CookieSecurePolicy.SameAsRequest:
options.Secure = Context.Request.IsHttps;
break;
- case SecurePolicy.None:
+ case CookieSecurePolicy.None:
break;
default:
throw new InvalidOperationException();
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
index 8201b58639..6aed18bfb0 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyOptions.cs
@@ -3,6 +3,7 @@
using System;
using Microsoft.AspNetCore.CookiePolicy;
+using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Builder
{
@@ -15,10 +16,11 @@ namespace Microsoft.AspNetCore.Builder
/// Affects whether cookies must be HttpOnly.
///
public HttpOnlyPolicy HttpOnly { get; set; } = HttpOnlyPolicy.None;
+
///
/// Affects whether cookies must be Secure.
///
- public SecurePolicy Secure { get; set; } = SecurePolicy.None;
+ public CookieSecurePolicy Secure { get; set; } = CookieSecurePolicy.None;
///
/// Called when a cookie is appended.
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs b/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
deleted file mode 100644
index c0dd639f1c..0000000000
--- a/src/Microsoft.AspNetCore.CookiePolicy/SecurePolicy.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.CookiePolicy
-{
- public enum SecurePolicy
- {
- None,
- Always,
- SameAsRequest
- }
-}
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
index 5049f39e55..fa4a4502ff 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
@@ -192,14 +192,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
[Theory]
- [InlineData(CookieSecureOption.Always, "http://example.com/testpath", true)]
- [InlineData(CookieSecureOption.Always, "https://example.com/testpath", true)]
- [InlineData(CookieSecureOption.Never, "http://example.com/testpath", false)]
- [InlineData(CookieSecureOption.Never, "https://example.com/testpath", false)]
- [InlineData(CookieSecureOption.SameAsRequest, "http://example.com/testpath", false)]
- [InlineData(CookieSecureOption.SameAsRequest, "https://example.com/testpath", true)]
+ [InlineData(CookieSecurePolicy.Always, "http://example.com/testpath", true)]
+ [InlineData(CookieSecurePolicy.Always, "https://example.com/testpath", true)]
+ [InlineData(CookieSecurePolicy.None, "http://example.com/testpath", false)]
+ [InlineData(CookieSecurePolicy.None, "https://example.com/testpath", false)]
+ [InlineData(CookieSecurePolicy.SameAsRequest, "http://example.com/testpath", false)]
+ [InlineData(CookieSecurePolicy.SameAsRequest, "https://example.com/testpath", true)]
public async Task SecureSignInCausesSecureOnlyCookieByDefault(
- CookieSecureOption cookieSecureOption,
+ CookieSecurePolicy cookieSecurePolicy,
string requestUri,
bool shouldBeSecureOnly)
{
@@ -207,7 +207,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{
LoginPath = new PathString("/login"),
CookieName = "TestCookie",
- CookieSecure = cookieSecureOption
+ CookieSecure = cookieSecurePolicy
}, SignInAsAlice);
var transaction = await SendAsync(server, requestUri);
@@ -231,7 +231,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
CookieName = "TestCookie",
CookiePath = "/foo",
CookieDomain = "another.com",
- CookieSecure = CookieSecureOption.Always,
+ CookieSecure = CookieSecurePolicy.Always,
CookieHttpOnly = true
}, SignInAsAlice, new Uri("http://example.com/base"));
@@ -248,7 +248,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server2 = CreateServer(new CookieAuthenticationOptions
{
CookieName = "SecondCookie",
- CookieSecure = CookieSecureOption.Never,
+ CookieSecure = CookieSecurePolicy.None,
CookieHttpOnly = false
}, SignInAsAlice, new Uri("http://example.com/base"));
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
index 307002d1f3..f08d7fef8e 100644
--- a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
+++ b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -37,18 +37,18 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
await RunTest("/secureAlways",
new CookiePolicyOptions
{
- Secure = SecurePolicy.Always
+ Secure = CookieSecurePolicy.Always
},
SecureCookieAppends,
new RequestTest("http://example.com/secureAlways",
- transaction =>
- {
- Assert.NotNull(transaction.SetCookie);
- Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
- Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
- Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
- Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
- }));
+ transaction =>
+ {
+ Assert.NotNull(transaction.SetCookie);
+ Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+ Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+ Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+ Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+ }));
}
[Fact]
@@ -57,19 +57,18 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
await RunTest("/secureNone",
new CookiePolicyOptions
{
- Secure = SecurePolicy.None
+ Secure = CookieSecurePolicy.None
},
SecureCookieAppends,
new RequestTest("http://example.com/secureNone",
- transaction =>
- {
- Assert.NotNull(transaction.SetCookie);
- Assert.NotNull(transaction.SetCookie);
- Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
- Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
- Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
- Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
- }));
+ transaction =>
+ {
+ Assert.NotNull(transaction.SetCookie);
+ Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+ Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+ Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+ Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+ }));
}
[Fact]
@@ -78,27 +77,27 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
await RunTest("/secureSame",
new CookiePolicyOptions
{
- Secure = SecurePolicy.SameAsRequest
+ Secure = CookieSecurePolicy.SameAsRequest
},
SecureCookieAppends,
new RequestTest("http://example.com/secureSame",
- transaction =>
- {
- Assert.NotNull(transaction.SetCookie);
- Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
- Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
- Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
- Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
- }),
+ transaction =>
+ {
+ Assert.NotNull(transaction.SetCookie);
+ Assert.Equal("A=A; path=/", transaction.SetCookie[0]);
+ Assert.Equal("B=B; path=/", transaction.SetCookie[1]);
+ Assert.Equal("C=C; path=/", transaction.SetCookie[2]);
+ Assert.Equal("D=D; path=/", transaction.SetCookie[3]);
+ }),
new RequestTest("https://example.com/secureSame",
- transaction =>
- {
- Assert.NotNull(transaction.SetCookie);
- Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
- Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
- Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
- Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
- }));
+ transaction =>
+ {
+ Assert.NotNull(transaction.SetCookie);
+ Assert.Equal("A=A; path=/; secure", transaction.SetCookie[0]);
+ Assert.Equal("B=B; path=/; secure", transaction.SetCookie[1]);
+ Assert.Equal("C=C; path=/; secure", transaction.SetCookie[2]);
+ Assert.Equal("D=D; path=/; secure", transaction.SetCookie[3]);
+ }));
}
[Fact]
@@ -283,13 +282,13 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
{
var builder = new WebHostBuilder()
.Configure(app =>
- {
- app.Map(path, map =>
{
- map.UseCookiePolicy(cookiePolicy);
- map.Run(configureSetup);
+ app.Map(path, map =>
+ {
+ map.UseCookiePolicy(cookiePolicy);
+ map.Run(configureSetup);
+ });
});
- });
var server = new TestServer(builder);
foreach (var test in tests)
{