Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions
Assembly: Microsoft.AspNetCore.Authentication.Cookies
Inheritance: object → AuthenticationSchemeOptions → CookieAuthenticationOptions
Configuration options for <see cref="T:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions" /> .
Properties
public
Http.CookieBuilder
Cookie
Determines the settings used to create the cookie.
Remarks <list type="bullet">
<item>
<description>The default value for cookie <see cref="P:Microsoft.AspNetCore.Http.CookieBuilder.Name" /> is <c>.AspNetCore.Cookies</c>.
This value should be changed if you change the name of the <c>AuthenticationScheme</c>, especially if your
system uses the cookie authentication handler multiple times.</description>
</item>
<item>
<description>
<see cref="P:Microsoft.AspNetCore.Http.CookieBuilder.SameSite" /> determines if the browser should allow the cookie to be attached to same-site or cross-site requests.
The default is <c>Lax</c>, which means the cookie is only allowed to be attached to cross-site requests using safe HTTP methods and same-site requests.</description>
</item>
<item>
<description>
<see cref="P:Microsoft.AspNetCore.Http.CookieBuilder.HttpOnly" /> determines if the browser should allow the cookie to be accessed by client-side JavaScript.
The default is <c>true</c>, which means the cookie will only be passed to HTTP requests and is not made available to JavaScript on the page.</description>
</item>
<item>
<description>
<see cref="P:Microsoft.AspNetCore.Http.CookieBuilder.Expiration" /> is currently ignored. Use <see cref="P:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions.ExpireTimeSpan" /> to control lifetime of cookie authentication.</description>
</item>
<item>
<description>
<see cref="P:Microsoft.AspNetCore.Http.CookieBuilder.SecurePolicy" /> defaults to <see cref="F:Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest" />.</description>
</item>
</list>
DataProtectionProvider
If set this will be used by the CookieAuthenticationHandler for data protection.
public
bool
SlidingExpiration
The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
expiration time any time it processes a request which is more than halfway through the expiration window.
public
Http.PathString
LoginPath
The LoginPath property is used by the handler for the redirection target when handling ChallengeAsync.
The current url which is added to the LoginPath as a query string parameter named by the ReturnUrlParameter.
Once a request to the LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect
the browser back to the original url.
public
Http.PathString
LogoutPath
If the LogoutPath is provided the handler then a request to that path will redirect based on the ReturnUrlParameter.
public
Http.PathString
AccessDeniedPath
The AccessDeniedPath property is used by the handler for the redirection target when handling ForbidAsync.
public
string
ReturnUrlParameter
The ReturnUrlParameter determines the name of the query string parameter which is appended by the handler
during a Challenge. This is also the query string parameter looked for when a request arrives on the login
path or logout path, in order to return to the original url after the action is performed.
public
CookieAuthenticationEvents
Events
The Provider may be assigned to an instance of an object created by the application at startup time. The handler
calls methods on the provider which give the application control at certain points where processing is occurring.
If it is not provided a default instance is supplied which does nothing when the methods are called.
public
ISecureDataFormat<AuthenticationTicket>
TicketDataFormat
The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
cookie value. If not provided one will be created using <see cref="P:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions.DataProtectionProvider" /> .
public
ICookieManager
CookieManager
The component used to get cookies from the request or set them on the response.
ChunkingCookieManager will be used by default.
public
ITicketStore
SessionStore
An optional container in which to store the identity across requests. When used, only a session identifier is sent
to the client. This can be used to mitigate potential problems with very large identities.
public
System.TimeSpan
ExpireTimeSpan
<para>
Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created.
The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored
even if it is passed to the server after the browser should have purged it.
</para> <para>
This is separate from the value of <see cref="P:Microsoft.AspNetCore.Http.CookieOptions.Expires" />, which specifies
how long the browser will keep the cookie.
</para>
public
string
ClaimsIssuer
public
object
Events
public
System.Type
EventsType
public
string
ForwardDefault
public
string
ForwardAuthenticate
public
string
ForwardChallenge
public
string
ForwardForbid
public
string
ForwardSignIn
public
string
ForwardSignOut
public
System.Func<Http.HttpContext, string>
ForwardDefaultSelector
public
System.TimeProvider
TimeProvider
Methods
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object