Microsoft.AspNetCore.Authentication

Extension methods to add authentication capabilities to an HTTP application pipeline.

Adds the to the specified , which enables authentication capabilities.

The to add the middleware to. A reference to this instance after the operation has completed.

Used to configure authentication

Initializes a new instance of .

The services being configured.

Adds a which can be used by .

The type to configure the handler."/>. The used to handle this scheme. The name of this scheme. The display name of this scheme. Used to configure the scheme options. The builder.

Adds a which can be used by .

The type to configure the handler."/>. The used to handle this scheme. The name of this scheme. Used to configure the scheme options. The builder.

Adds a based that supports remote authentication which can be used by .

The type to configure the handler."/>. The used to handle this scheme. The name of this scheme. The display name of this scheme. Used to configure the scheme options. The builder.

Adds a based authentication handler which can be used to redirect to other authentication schemes.

The name of this scheme. The display name of this scheme. Used to configure the scheme options. The builder.

Keeps the User and AuthenticationResult consistent with each other

An opinionated abstraction for implementing .

The type for the options used to configure the authentication handler.

Gets or sets the asssociated with this authentication handler.

Gets or sets the options associated with this authentication handler.

Gets or sets the .

Gets the associated with the current request.

Gets the path as seen by the authentication middleware.

Gets the path base as seen by the authentication middleware.

Gets the .

Gets the to detect changes to options.

The handler calls methods on the events which give the application control at certain points where processing is occurring. If it is not provided a default instance is supplied which does nothing when the methods are called.

Gets the issuer that should be used when any claims are issued.

The ClaimsIssuer configured in , if configured, otherwise .

Gets the absolute current url.

Initializes a new instance of .

The monitor for the options instance. The . The . The .

Initialize the handler, resolve the options and validate them.

Initializes the events object, called once per request by .

Creates a new instance of the events instance.

A new instance of the events instance.

Called after options/events have been initialized for the handler to finish initializing itself.

A task

Constructs an absolute url for the specified .

The path. The absolute url.

Resolves the scheme that this authentication operation is forwarded to.

The scheme to forward. One of ForwardAuthenticate, ForwardChallenge, ForwardForbid, ForwardSignIn, or ForwardSignOut. The forwarded scheme or .

Used to ensure HandleAuthenticateAsync is only invoked once. The subsequent calls will return the same authenticate result.

Used to ensure HandleAuthenticateAsync is only invoked once safely. The subsequent calls will return the same authentication result. Any exceptions will be converted into a failed authentication result containing the exception.

Allows derived types to handle authentication.

The .

Override this method to handle Forbid.

A Task.

Override this method to deal with 401 challenge concerns, if an authentication scheme in question deals an authentication interaction as part of it's request flow. (like adding a response header, or changing the 401 result to 302 of a login page or external sign-in location.)

A Task.

Middleware that performs authentication.

Initializes a new instance of .

The next item in the middleware pipeline. The .

Gets or sets the .

Invokes the middleware performing authentication.

The .

Contains the options used by the .

Check that the options are valid. Should throw an exception if things are not ok.

Checks that the options are valid for a specific scheme

The scheme being validated.

Gets or sets the issuer that should be used for any claims that are created

Instance used for events

If set, will be used as the service type to get the Events instance instead of the property.

If set, this specifies a default scheme that authentication handlers should forward all authentication operations to by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result will be used as the target scheme to forward to.

If set, this specifies the target scheme that this scheme should forward AuthenticateAsync calls to. For example Context.AuthenticateAsync("ThisScheme") => Context.AuthenticateAsync("ForwardAuthenticateValue"); Set the target to the current scheme to disable forwarding and allow normal processing.

If set, this specifies the target scheme that this scheme should forward ChallengeAsync calls to. For example Context.ChallengeAsync("ThisScheme") => Context.ChallengeAsync("ForwardChallengeValue"); Set the target to the current scheme to disable forwarding and allow normal processing.

If set, this specifies the target scheme that this scheme should forward ForbidAsync calls to. For example Context.ForbidAsync("ThisScheme") => Context.ForbidAsync("ForwardForbidValue"); Set the target to the current scheme to disable forwarding and allow normal processing.

If set, this specifies the target scheme that this scheme should forward SignInAsync calls to. For example Context.SignInAsync("ThisScheme") => Context.SignInAsync("ForwardSignInValue"); Set the target to the current scheme to disable forwarding and allow normal processing.

If set, this specifies the target scheme that this scheme should forward SignOutAsync calls to. For example Context.SignOutAsync("ThisScheme") => Context.SignOutAsync("ForwardSignOutValue"); Set the target to the current scheme to disable forwarding and allow normal processing.

Used to select a default scheme for the current request that authentication handlers should forward all authentication operations to by default. The default forwarding logic will check the most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut setting first, followed by checking the ForwardDefaultSelector, followed by ForwardDefault. The first non null result will be used as the target scheme to forward to.

Provides access denied failure context information to handler providers.

Initializes a new instance of .

The . The . The .

Gets or sets the endpoint path the user agent will be redirected to. By default, this property is set to .

Additional state values for the authentication session.

Gets or sets the return URL that will be flowed up to the access denied page. If is not set, this property is not used.

Gets or sets the parameter name that will be used to flow the return URL. By default, this property is set to .

Base class used by other context classes.

Constructor.

The context. The authentication scheme. The authentication options associated with the scheme.

The authentication scheme.

Gets the authentication options associated with the scheme.

The context.

The request.

The response.

Base context type for handling authentication request.

Initializes a new instance of .

The . The . The authentication scheme options.

The which is used by the handler.

Discontinue all processing for this request and return to the client. The caller is responsible for generating the full response.

Discontinue processing the request in the current handler.

Base context for authentication events which deal with a ClaimsPrincipal.

Constructor.

The context. The authentication scheme. The authentication options associated with the scheme. The authentication properties.

Gets the containing the user claims.

Base context for authentication events which contain .

Constructor.

The context. The authentication scheme. The authentication options associated with the scheme. The authentication properties.

Gets or sets the .

Context passed for redirect events.

Creates a new context object.

The HTTP request context The scheme data The handler options The initial redirect URI The .

Gets or Sets the URI used for the redirect operation.

Base context for remote authentication.

Constructor.

The context. The authentication scheme. The authentication options associated with the scheme. The authentication properties.

Gets the containing the user claims.

Gets or sets the .

Calls success creating a ticket with the and .

Indicates that authentication failed.

The exception associated with the failure.

Indicates that authentication failed.

The exception associated with the failure.

Allows subscribing to events raised during remote authentication.

Invoked when an access denied error was returned by the remote server.

Invoked when there is a remote failure.

Invoked after the remote ticket has been received.

Invoked when an access denied error was returned by the remote server.

Invoked when there is a remote failure.

Invoked after the remote ticket has been received.

Provides failure context information to handler providers.

Initializes a new instance of .

The . The . The . User friendly error message for the error.

User friendly error message for the error.

Additional state values for the authentication session.

Base context for events that produce AuthenticateResults.

Initializes a new instance of .

The context. The authentication scheme. The authentication options associated with the scheme.

Gets or sets the containing the user claims.

Gets or sets the .

Gets the result.

Calls success creating a ticket with the and .

Indicates that there was no information returned for this authentication scheme.

Indicates that there was a failure during authentication.

Provides context information to handler providers.

Initializes a new instance of .

The . The . The . The received ticket.

Gets or sets the URL to redirect to after signin.

Contains the result of an Authenticate call

Indicates that stage of authentication was directly handled by user intervention and no further processing should be attempted.

Indicates that the default authentication logic should be skipped and that the rest of the pipeline should be invoked.

Indicates that authentication was successful.

The ticket representing the authentication result. The result.

Indicates that there was a failure during authentication.

The failure exception. The result.

Indicates that there was a failure during authentication.

The failure exception. Additional state values for the authentication session. The result.

Indicates that there was a failure during authentication.

The failure message. The result.

Indicates that there was a failure during authentication.

The failure message. Additional state values for the authentication session. The result.

Discontinue all processing for this request and return to the client. The caller is responsible for generating the full response.

The result.

Discontinue processing the request in the current handler.

The result.

Indicates that there were no results produced during authentication.

The result.

Contract for serialzing authentication data.

The type of the model being serialized.

Serializes the specified .

The value to serialize. The serialized data.

Deserializes the specified as an instance of type .

The bytes being deserialized. The model.

A contract for securing data.

The type of the data to protect.

Protects the specified .

The value to protect The data protected value.

Protects the specified for the specified .

The value to protect The purpose. A data protected value.

Unprotects the specified .

The data protected value. An instance of .

Unprotects the specified using the specified .

The data protected value. The purpose. An instance of .

Abstracts the system clock to facilitate testing.

Retrieves the current system time in UTC.

Authentication extensions to .

Gets a string property value from the specified .

The . The property name. The property value.

PolicySchemes are used to redirect authentication methods to another scheme.

Initializes a new instance of .

The monitor for the options instance. The . The . The .

Contains the options used by the .

A instance to secure .

Initializes a new instance of .

The .

A for .

Gets the default instance of .

An opinionated abstraction for an that performs authentication using a separately hosted provider.

The type for the options used to configure the authentication handler.

The authentication scheme used by default for signin.

Initializes a new instance of .

The monitor for the options instance. The . The . The .

Gets a value that determines if the current authentication request should be handled by .

to handle the operation, otherwise .

Handles the current authentication request.

if authentication was handled, otherwise .

Authenticate the user identity with the identity provider. The method process the request on the endpoint defined by CallbackPath.

Produces a cookie containing a nonce used to correlate the current remote authentication request.

Validates that the current request correlates wit hthe

Derived types may override this method to handle access denied errors.

The . The .

Contains the options used by the .

Initializes a new .

Checks that the options are valid for a specific scheme

The scheme being validated.

Check that the options are valid. Should throw an exception if things are not ok.

Gets or sets timeout value in milliseconds for back channel communications with the remote identity provider.

The back channel timeout.

The HttpMessageHandler used to communicate with remote identity provider. This cannot be set at the same time as BackchannelCertificateValidator unless the value can be downcast to a WebRequestHandler.

Used to communicate with the remote identity provider.

Gets or sets the type used to secure data.

The request path within the application's base path where the user-agent will be returned. The middleware will process this request when it arrives.

Gets or sets the optional path the user agent is redirected to if the user doesn't approve the authorization demand requested by the remote server. This property is not set by default. In this case, an exception is thrown if an access_denied response is returned by the remote authorization server.

Gets or sets the name of the parameter used to convey the original location of the user before the remote challenge was triggered up to the access denied page. This property is only used when the is explicitly specified.

Gets or sets the authentication scheme corresponding to the middleware responsible of persisting user's identity after a successful authentication. This value typically corresponds to a cookie middleware registered in the Startup class. When omitted, is used as a fallback value.

Gets or sets the time limit for completing the authentication flow (15 minutes by default).

Gets or sets a value that allows subscribing to remote authentication events.

Defines whether access and refresh tokens should be stored in the after a successful authorization. This property is set to false by default to reduce the size of the final authentication cookie.

Determines the settings used to create the correlation cookie before the cookie gets added to the response.

A cookie builder that sets to the request path base.

Gets an optional value that is appended to the request path base.

Configures if not explicitly configured.

An implementation for .

Initializes a new instance of .

The . The .

Adds support for SignInAsync

Initializes a new instance of .

The monitor for the options instance. The . The . The .

Override this method to handle SignIn.

A Task.

Adds support for SignOutAsync

Initializes a new instance of .

The monitor for the options instance. The . The . The .

Override this method to handle SignOut.

Provides access to the normal system clock with precision in seconds.

Retrieves the current system time in UTC.

Allows encoding and decoding base-64 url encoded text.

Encodes supplied data into Base64 and replaces any URL encodable characters into non-URL encodable characters.

Data to be encoded. Base64 encoded string modified with non-URL encodable characters

Decodes supplied string by replacing the non-URL encodable characters with URL encodable characters and then decodes the Base64 string.

The string to be decoded. The decoded data.

A instance to secure .

Initializes a new instance of .

The .

Serializes and deserializes instances.

Gets the default implementation for .

Writes the using the specified .

The . The .

Writes the specified .

The . The .

Reads an .

The . The if the format is supported, otherwise .

Reads a from a .

The . The read .

Reads a and adds it to the specified .

The . The to add the claim to. The read .

The default data protection provider may only be used when the IApplicationBuilder.Properties contains an appropriate 'host.AppName' key.

The state passed to UnhookAuthentication may only be the return value from HookAuthentication.

The AuthenticationTokenProvider's required synchronous events have not been registered.

The '{0}' option must be provided.

The SignInScheme for a remote authentication handler cannot be set to itself. If it was not explicitly set, the AuthenticationOptions.DefaultSignInScheme or DefaultScheme is used.

Extension methods for setting up authentication services in an .

Registers services required by authentication services.

The . A that can be used to further configure authentication.

Registers services required by authentication services. specifies the name of the scheme to use by default when a specific scheme isn't requested.

The . The default scheme used as a fallback for all other schemes. A that can be used to further configure authentication.

Registers services required by authentication services and configures .

The . A delegate to configure . A that can be used to further configure authentication.

Helper code used when implementing authentication middleware

Add all ClaimsIdentities from an additional ClaimPrincipal to the ClaimsPrincipal Merges a new claims principal, placing all new identities first, and eliminating any empty unauthenticated identities from context.User

The containing existing . The containing to be added.