huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add CookieBuilder to CookieAuthenticationOptions and obsolete the duplicated properties

This commit is contained in:
Nate McMaster 2017-06-29 17:24:23 -07:00
parent 968237d751
commit a7bf561b1c
8 changed files with 188 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Security.sln
View File

@ -1,6 +1,6 @@
Microsoft Visual Studio Solution File, Format Version 12.00 Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15 # Visual Studio 15
VisualStudioVersion = 15.0.26507.0 VisualStudioVersion = 15.0.26621.2
MinimumVisualStudioVersion = 10.0.40219.1 MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}" Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
EndProject EndProject
@ -59,6 +59,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
build\common.props = build\common.props build\common.props = build\common.props
build\dependencies.props = build\dependencies.props build\dependencies.props = build\dependencies.props
build\Key.snk = build\Key.snk build\Key.snk = build\Key.snk
NuGet.config = NuGet.config
build\repo.props = build\repo.props build\repo.props = build\repo.props
EndProjectSection EndProjectSection
EndProject EndProject
@ -484,4 +485,7 @@ Global
{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34} {51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
{58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652} {58194599-F07D-47A3-9DF2-E21A22C5EF9E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
EndGlobalSection EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {ABF8089E-43D0-4010-84A7-7A9DCFE49357}
EndGlobalSection
EndGlobal EndGlobal

39
src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
View File

@ -14,9 +14,9 @@ using Microsoft.Net.Http.Headers;
namespace Microsoft.AspNetCore.Authentication.Cookies namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
public class CookieAuthenticationHandler : public class CookieAuthenticationHandler :
AuthenticationHandler<CookieAuthenticationOptions>, AuthenticationHandler<CookieAuthenticationOptions>,
IAuthenticationSignInHandler, IAuthenticationSignInHandler,
IAuthenticationSignOutHandler IAuthenticationSignOutHandler
{ {
private const string HeaderValueNoCache = "no-cache"; private const string HeaderValueNoCache = "no-cache";
@ -37,7 +37,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ } { }
/// <summary> /// <summary>
/// The handler calls methods on the events which give the application control at certain points where processing is occurring. /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
/// If it is not provided a default instance is supplied which does nothing when the methods are called. /// If it is not provided a default instance is supplied which does nothing when the methods are called.
/// </summary> /// </summary>
protected new CookieAuthenticationEvents Events protected new CookieAuthenticationEvents Events
@ -104,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
private async Task<AuthenticateResult> ReadCookieTicket() private async Task<AuthenticateResult> ReadCookieTicket()
{ {
var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName); var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name);
if (string.IsNullOrEmpty(cookie)) if (string.IsNullOrEmpty(cookie))
{ {
return AuthenticateResult.NoResult(); return AuthenticateResult.NoResult();
@ -176,22 +176,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
private CookieOptions BuildCookieOptions() private CookieOptions BuildCookieOptions()
{ {
var cookieOptions = new CookieOptions var cookieOptions = Options.Cookie.Build(Context);
{ // ignore the 'Expires' value as this will be computed elsewhere
Domain = Options.CookieDomain, cookieOptions.Expires = null;
SameSite = Options.CookieSameSite,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? (OriginalPathBase.HasValue ? OriginalPathBase.ToString() : "/"),
};
if (Options.CookieSecure == CookieSecurePolicy.SameAsRequest)
{
cookieOptions.Secure = Request.IsHttps;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecurePolicy.Always;
}
return cookieOptions; return cookieOptions;
} }
@ -239,7 +226,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Options.CookieManager.AppendResponseCookie( Options.CookieManager.AppendResponseCookie(
Context, Context,
Options.CookieName, Options.Cookie.Name,
cookieValue, cookieValue,
cookieOptions); cookieOptions);
@ -283,14 +270,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
if (!signInContext.Properties.ExpiresUtc.HasValue) if (!signInContext.Properties.ExpiresUtc.HasValue)
{ {
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
} }
await Events.SigningIn(signInContext); await Events.SigningIn(signInContext);
if (signInContext.Properties.IsPersistent) if (signInContext.Properties.IsPersistent)
{ {
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.Cookie.Expiration ?? default(TimeSpan));
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime(); signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
} }
@ -314,7 +301,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Options.CookieManager.AppendResponseCookie( Options.CookieManager.AppendResponseCookie(
Context, Context,
Options.CookieName, Options.Cookie.Name,
cookieValue, cookieValue,
signInContext.CookieOptions); signInContext.CookieOptions);
@ -359,7 +346,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Options.CookieManager.DeleteCookie( Options.CookieManager.DeleteCookie(
Context, Context,
Options.CookieName, Options.Cookie.Name,
context.CookieOptions); context.CookieOptions);
// Only redirect on the logout path // Only redirect on the logout path

183
src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
View File

@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
using Microsoft.AspNetCore.Authentication.Internal;
using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
@ -12,7 +13,16 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// </summary> /// </summary>
public class CookieAuthenticationOptions : AuthenticationSchemeOptions public class CookieAuthenticationOptions : AuthenticationSchemeOptions
{ {
private string _cookieName; private CookieBuilder _cookieBuilder = new RequestPathBaseCookieBuilder
{
// the default name is configured in PostConfigureCookieAuthenticationOptions
// To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
SameSite = SameSiteMode.Lax,
HttpOnly = true,
SecurePolicy = CookieSecurePolicy.SameAsRequest,
Expiration = TimeSpan.FromDays(14),
};
/// <summary> /// <summary>
/// Create an instance of the options initialized with the default values /// Create an instance of the options initialized with the default values
@ -20,77 +30,52 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
public CookieAuthenticationOptions() public CookieAuthenticationOptions()
{ {
ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter; ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
ExpireTimeSpan = TimeSpan.FromDays(14);
SlidingExpiration = true; SlidingExpiration = true;
// To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
CookieSameSite = SameSiteMode.Lax;
CookieHttpOnly = true;
CookieSecure = CookieSecurePolicy.SameAsRequest;
Events = new CookieAuthenticationEvents(); Events = new CookieAuthenticationEvents();
} }
/// <summary> /// <summary>
/// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies". /// <para>
/// Determines the settings used to create the cookie.
/// </para>
/// <para>
/// <seealso cref="CookieBuilder.SameSite"/> defaults to <see cref="SameSiteMode.Lax"/>.
/// <seealso cref="CookieBuilder.HttpOnly"/> defaults to <c>true</c>.
/// <seealso cref="CookieBuilder.SecurePolicy"/> defaults to <see cref="CookieSecurePolicy.SameAsRequest"/>.
/// <seealso cref="CookieBuilder.Expiration"/> defaults to 14 days.
/// </para>
/// </summary>
/// <remarks>
/// <para>
/// The default value for cookie name is ".AspNetCore.Cookies".
/// This value should be changed if you change the name of the AuthenticationScheme, especially if your /// This value should be changed if you change the name of the AuthenticationScheme, especially if your
/// system uses the cookie authentication handler multiple times. /// system uses the cookie authentication handler multiple times.
/// </summary> /// </para>
public string CookieName /// <para>
/// <seealso cref="CookieBuilder.SameSite"/> determines if the browser should allow the cookie to be attached to same-site or cross-site requests.
/// The default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests.
/// </para>
/// <para>
/// <seealso cref="CookieBuilder.HttpOnly"/> determines if the browser should allow the cookie to be accessed by client-side javascript.
/// The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
/// </para>
/// <para>
/// <seealso cref="CookieBuilder.Expiration"/> controls how much time the cookie will remain valid from the point it is created. The expiration
/// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
/// even if it is passed to the server after the browser should have purged it
/// </para>
/// </remarks>
public CookieBuilder Cookie
{ {
get { return _cookieName; } get => _cookieBuilder;
set set => _cookieBuilder = value ?? throw new ArgumentNullException(nameof(value));
{
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
_cookieName = value;
}
} }
/// <summary>
/// Determines the domain used to create the cookie. Is not provided by default.
/// </summary>
public string CookieDomain { get; set; }
/// <summary>
/// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
/// </summary>
public string CookiePath { get; set; }
/// <summary>
/// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
/// default is Lax, which means the cookie is only allowed to be attached to cross-site requests using safe
/// HTTP methods and same-site requests.
/// </summary>
public SameSiteMode CookieSameSite { get; set; }
/// <summary>
/// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
/// default is true, which means the cookie will only be passed to http requests and is not made available
/// to script on the page.
/// </summary>
public bool CookieHttpOnly { get; set; }
/// <summary>
/// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
/// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
/// and portions of your site are HTTP you may need to change this value.
/// </summary>
public CookieSecurePolicy CookieSecure { get; set; }
/// <summary> /// <summary>
/// If set this will be used by the CookieAuthenticationHandler for data protection. /// If set this will be used by the CookieAuthenticationHandler for data protection.
/// </summary> /// </summary>
public IDataProtectionProvider DataProtectionProvider { get; set; } public IDataProtectionProvider DataProtectionProvider { get; set; }
/// <summary>
/// Controls how much time the cookie will remain valid from the point it is created. The expiration
/// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
/// even if it is passed to the server after the browser should have purged it
/// </summary>
public TimeSpan ExpireTimeSpan { get; set; }
/// <summary> /// <summary>
/// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
/// expiration time any time it processes a request which is more than halfway through the expiration window. /// expiration time any time it processes a request which is more than halfway through the expiration window.
@ -132,8 +117,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// </summary> /// </summary>
public new CookieAuthenticationEvents Events public new CookieAuthenticationEvents Events
{ {
get { return (CookieAuthenticationEvents)base.Events; } get => (CookieAuthenticationEvents)base.Events;
set { base.Events = value; } set => base.Events = value;
} }
/// <summary> /// <summary>
@ -154,5 +139,85 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// to the client. This can be used to mitigate potential problems with very large identities. /// to the client. This can be used to mitigate potential problems with very large identities.
/// </summary> /// </summary>
public ITicketStore SessionStore { get; set; } public ITicketStore SessionStore { get; set; }
#region Obsolete API
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Name"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
/// This value should be changed if you change the name of the AuthenticationScheme, especially if your
/// system uses the cookie authentication handler multiple times.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
public string CookieName { get => Cookie.Name; set => Cookie.Name = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Domain"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Determines the domain used to create the cookie. Is not provided by default.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Domain) + ".")]
public string CookieDomain { get => Cookie.Domain; set => Cookie.Domain = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Path"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Determines the path used to create the cookie. The default value is "/" for highest browser compatibility.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Path) + ".")]
public string CookiePath { get => Cookie.Path; set => Cookie.Path = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.HttpOnly"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
/// default is true, which means the cookie will only be passed to http requests and is not made available
/// to script on the page.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SameSite) + ".")]
public bool CookieHttpOnly { get => Cookie.HttpOnly; set => Cookie.HttpOnly = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.SecurePolicy"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie
/// to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page
/// and portions of your site are HTTP you may need to change this value.
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.SecurePolicy) + ".")]
public CookieSecurePolicy CookieSecure { get => Cookie.SecurePolicy; set => Cookie.SecurePolicy = value; }
/// <summary>
/// <para>
/// This property is obsolete and will be removed in a future version. The recommended alternative is <seealso cref="CookieBuilder.Expiration"/> on <see cref="Cookie"/>.
/// </para>
/// <para>
/// Controls how much time the cookie will remain valid from the point it is created. The expiration
/// information is in the protected cookie ticket. Because of that an expired cookie will be ignored
/// even if it is passed to the server after the browser should have purged it
/// </para>
/// </summary>
[Obsolete("This property is obsolete and will be removed in a future version. The recommended alternative is " + nameof(Cookie) + "." + nameof(CookieBuilder.Expiration) + ".")]
public TimeSpan ExpireTimeSpan
{
get => Cookie.Expiration ?? default(TimeSpan);
set => Cookie.Expiration = value;
}
#endregion
} }
} }

4
src/Microsoft.AspNetCore.Authentication.Cookies/Microsoft.AspNetCore.Authentication.Cookies.csproj
View File

@ -19,4 +19,8 @@
<ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" /> <ProjectReference Include="..\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj" />
</ItemGroup> </ItemGroup>
<ItemGroup>
<Folder Include="Properties\" />
</ItemGroup>
</Project> </Project>

4
src/Microsoft.AspNetCore.Authentication.Cookies/PostConfigureCookieAuthenticationOptions.cs
View File

@ -28,9 +28,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
options.DataProtectionProvider = options.DataProtectionProvider ?? _dp; options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;
if (String.IsNullOrEmpty(options.CookieName)) if (string.IsNullOrEmpty(options.Cookie.Name))
{ {
options.CookieName = CookieAuthenticationDefaults.CookiePrefix + name; options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + name;
} }
if (options.TicketDataFormat == null) if (options.TicketDataFormat == null)
{ {

62
src/Microsoft.AspNetCore.Authentication.Cookies/Properties/Resources.Designer.cs generated
View File

@ -1,62 +0,0 @@
// <auto-generated />
namespace Microsoft.AspNetCore.Authentication.Cookies
{
using System.Globalization;
using System.Reflection;
using System.Resources;
internal static class Resources
{
private static readonly ResourceManager _resourceManager
= new ResourceManager("Microsoft.AspNetCore.Authentication.Cookies.Resources", typeof(Resources).GetTypeInfo().Assembly);
/// <summary>
/// The cookie key and options are larger than ChunksSize, leaving no room for data.
/// </summary>
internal static string Exception_CookieLimitTooSmall
{
get { return GetString("Exception_CookieLimitTooSmall"); }
}
/// <summary>
/// The cookie key and options are larger than ChunksSize, leaving no room for data.
/// </summary>
internal static string FormatException_CookieLimitTooSmall()
{
return GetString("Exception_CookieLimitTooSmall");
}
/// <summary>
/// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
/// </summary>
internal static string Exception_ImcompleteChunkedCookie
{
get { return GetString("Exception_ImcompleteChunkedCookie"); }
}
/// <summary>
/// The chunked cookie is incomplete. Only {0} of the expected {1} chunks were found, totaling {2} characters. A client size limit may have been exceeded.
/// </summary>
internal static string FormatException_ImcompleteChunkedCookie(object p0, object p1, object p2)
{
return string.Format(CultureInfo.CurrentCulture, GetString("Exception_ImcompleteChunkedCookie"), p0, p1, p2);
}
private static string GetString(string name, params string[] formatterNames)
{
var value = _resourceManager.GetString(name);
System.Diagnostics.Debug.Assert(value != null);
if (formatterNames != null)
{
for (var i = 0; i < formatterNames.Length; i++)
{
value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
}
}
return value;
}
}
}

69
test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
View File

@ -18,7 +18,6 @@ using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.TestHost; using Microsoft.AspNetCore.TestHost;
using Microsoft.AspNetCore.Testing.xunit; using Microsoft.AspNetCore.Testing.xunit;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Xunit; using Xunit;
namespace Microsoft.AspNetCore.Authentication.Cookies namespace Microsoft.AspNetCore.Authentication.Cookies
@ -129,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o => var server = CreateServerWithServices(s => s.AddAuthentication().AddCookie(o =>
{ {
o.LoginPath = new PathString("/login"); o.LoginPath = new PathString("/login");
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}), SignInAsAlice); }), SignInAsAlice);
var transaction = await SendAsync(server, "http://example.com/testpath"); var transaction = await SendAsync(server, "http://example.com/testpath");
@ -150,7 +149,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.LoginPath = new PathString("/login"); o.LoginPath = new PathString("/login");
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, SignInAsWrong); }, SignInAsWrong);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath")); await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@ -162,7 +161,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.LoginPath = new PathString("/login"); o.LoginPath = new PathString("/login");
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, SignOutAsWrong); }, SignOutAsWrong);
await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath")); await Assert.ThrowsAsync<InvalidOperationException>(async () => await SendAsync(server, "http://example.com/testpath"));
@ -183,8 +182,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.LoginPath = new PathString("/login"); o.LoginPath = new PathString("/login");
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
o.CookieSecure = cookieSecurePolicy; o.Cookie.SecurePolicy = cookieSecurePolicy;
}, SignInAsAlice); }, SignInAsAlice);
var transaction = await SendAsync(server, requestUri); var transaction = await SendAsync(server, requestUri);
@ -205,12 +204,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server1 = CreateServer(o => var server1 = CreateServer(o =>
{ {
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
o.CookiePath = "/foo"; o.Cookie.Path = "/foo";
o.CookieDomain = "another.com"; o.Cookie.Domain = "another.com";
o.CookieSecure = CookieSecurePolicy.Always; o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
o.CookieSameSite = SameSiteMode.None; o.Cookie.SameSite = SameSiteMode.None;
o.CookieHttpOnly = true; o.Cookie.HttpOnly = true;
}, SignInAsAlice, baseAddress: new Uri("http://example.com/base")); }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
var transaction1 = await SendAsync(server1, "http://example.com/base/testpath"); var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
@ -226,10 +225,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server2 = CreateServer(o => var server2 = CreateServer(o =>
{ {
o.CookieName = "SecondCookie"; o.Cookie.Name = "SecondCookie";
o.CookieSecure = CookieSecurePolicy.None; o.Cookie.SecurePolicy = CookieSecurePolicy.None;
o.CookieSameSite = SameSiteMode.Strict; o.Cookie.SameSite = SameSiteMode.Strict;
o.CookieHttpOnly = false; o.Cookie.HttpOnly = false;
}, SignInAsAlice, baseAddress: new Uri("http://example.com/base")); }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
var transaction2 = await SendAsync(server2, "http://example.com/base/testpath"); var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
@ -278,7 +277,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
}, SignInAsAlice); }, SignInAsAlice);
@ -307,7 +306,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
}, },
context => context =>
@ -340,7 +339,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
OnValidatePrincipal = ctx => OnValidatePrincipal = ctx =>
@ -368,7 +367,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
@ -396,7 +395,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
@ -432,7 +431,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
@ -477,7 +476,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
OnValidatePrincipal = ctx => OnValidatePrincipal = ctx =>
@ -521,7 +520,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
@ -570,7 +569,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
DateTimeOffset? lastExpiresDate = null; DateTimeOffset? lastExpiresDate = null;
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = sliding; o.SlidingExpiration = sliding;
o.Events = new CookieAuthenticationEvents o.Events = new CookieAuthenticationEvents
{ {
@ -620,7 +619,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = false; o.SlidingExpiration = false;
o.Events = new CookieAuthenticationEvents() o.Events = new CookieAuthenticationEvents()
{ {
@ -657,7 +656,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.ExpireTimeSpan = TimeSpan.FromMinutes(10); o.Cookie.Expiration = TimeSpan.FromMinutes(10);
o.SlidingExpiration = true; o.SlidingExpiration = true;
}, },
SignInAsAlice); SignInAsAlice);
@ -825,7 +824,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
services.AddAuthentication().AddCookie(); services.AddAuthentication().AddCookie();
services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, services.Configure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme,
o => o.CookieName = "One"); o => o.Cookie.Name = "One");
}); });
var server = new TestServer(builder); var server = new TestServer(builder);
@ -848,7 +847,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
services.AddAuthentication().AddCookie("Cookie1"); services.AddAuthentication().AddCookie("Cookie1");
services.Configure<CookieAuthenticationOptions>("Cookie1", services.Configure<CookieAuthenticationOptions>("Cookie1",
o => o.CookieName = "One"); o => o.Cookie.Name = "One");
}); });
var server = new TestServer(builder); var server = new TestServer(builder);
@ -984,7 +983,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var server = CreateServer(o => var server = CreateServer(o =>
{ {
o.LoginPath = "/testpath"; o.LoginPath = "/testpath";
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, },
async context => async context =>
await context.SignInAsync( await context.SignInAsync(
@ -1006,7 +1005,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
o.LoginPath = "/testpath"; o.LoginPath = "/testpath";
o.ReturnUrlParameter = "return"; o.ReturnUrlParameter = "return";
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, },
async context => async context =>
{ {
@ -1028,7 +1027,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
o.LoginPath = "/testpath"; o.LoginPath = "/testpath";
o.ReturnUrlParameter = "return"; o.ReturnUrlParameter = "return";
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, },
async context => async context =>
{ {
@ -1049,7 +1048,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
o.LoginPath = "/testpath"; o.LoginPath = "/testpath";
o.ReturnUrlParameter = "return"; o.ReturnUrlParameter = "return";
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
}, },
async context => async context =>
{ {
@ -1102,7 +1101,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
.ConfigureServices(services => services.AddAuthentication().AddCookie(o => .ConfigureServices(services => services.AddAuthentication().AddCookie(o =>
{ {
o.TicketDataFormat = new TicketDataFormat(dp); o.TicketDataFormat = new TicketDataFormat(dp);
o.CookieName = "Cookie"; o.Cookie.Name = "Cookie";
})); }));
var server1 = new TestServer(builder1); var server1 = new TestServer(builder1);
@ -1121,7 +1120,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}) })
.ConfigureServices(services => services.AddAuthentication().AddCookie("Cookies", o => .ConfigureServices(services => services.AddAuthentication().AddCookie("Cookies", o =>
{ {
o.CookieName = "Cookie"; o.Cookie.Name = "Cookie";
o.TicketDataFormat = new TicketDataFormat(dp); o.TicketDataFormat = new TicketDataFormat(dp);
})); }));
var server2 = new TestServer(builder2); var server2 = new TestServer(builder2);

12
test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
View File

@ -314,9 +314,9 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
{ {
services.AddAuthentication().AddCookie(o => services.AddAuthentication().AddCookie(o =>
{ {
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
o.CookieHttpOnly = false; o.Cookie.HttpOnly = false;
o.CookieSecure = CookieSecurePolicy.None; o.Cookie.SecurePolicy = CookieSecurePolicy.None;
}); });
}) })
.Configure(app => .Configure(app =>
@ -354,9 +354,9 @@ namespace Microsoft.AspNetCore.CookiePolicy.Test
{ {
services.AddAuthentication().AddCookie(o => services.AddAuthentication().AddCookie(o =>
{ {
o.CookieName = "TestCookie"; o.Cookie.Name = "TestCookie";
o.CookieHttpOnly = false; o.Cookie.HttpOnly = false;
o.CookieSecure = CookieSecurePolicy.None; o.Cookie.SecurePolicy = CookieSecurePolicy.None;
}); });
}) })
.Configure(app => .Configure(app =>