[Cookies] Sudden code change in Guide, not marked in diff and not told aboutΒ #35783
Description
Description
in this section: https://learn.microsoft.com/de-de/aspnet/core/security/authentication/cookie?view=aspnetcore-9.0#add-cookie-authentication
I as beginner with asp net core do not know what the HttpContextAcceccor is for and dont know if there is any Information about this to be known, for what you are using this or whats the difference to consider, when to use the Generic registration and when the default one is enough:
marking this in the following two snippet you provided as 1st and 2nd sample on the linked page (updated version to current net10.0 I am now using:
using Microsoft.AspNetCore.Authentication.Cookies;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
+ builder.Services.AddHttpContextAccessor(); // Default method (?) and *below* the cookie auth
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapDefaultControllerRoute();
app.Run();and now notice this:
using Microsoft.AspNetCore.Authentication.Cookies;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
options.SlidingExpiration = true;
options.AccessDeniedPath = "/Forbidden/";
});
+ builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); // suddenly we are using generic? Reason? Do we maybe need this?
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapDefaultControllerRoute();
app.Run();I would like the docs to somewhere tell us the difference between these ways of definition. the only resource I found so far is: https://stackoverflow.com/questions/55247071/cookiepolicyoptions-or-cookieauthenticationoptions
but its not getting completly clear to me.
Checking the markdown source for this page, I eventually have the point that's causing this problem, so you might be able to tackle this, beside the fact that you should at least add a small note when you change something in code, so we can learn when we should do this π
- Here we see
HttpContext.User, without any remark about its relation tobuilder.Services.AddHttpContextAccessor();
- And here, potentially coming from the MS Docs engine, we only see
SignInAsync()but not that it is coming from the.AuthenticationHttpContextExtensions.SignInAsync()
- Same here with
SignInAsync()
So my question as User would be: Do I need this Registration of HttpContextAccessor() or not? I did not see it mentioned elsewere, not sure if its still up to date or anything special you could potentially add a small link for us to lookup if we dont know it already?
Page URL
https://learn.microsoft.com/de-de/aspnet/core/security/authentication/cookie?view=aspnetcore-10.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/cookie.md
Document ID
b18a015b-914d-f014-f711-120d208904d9
Platform Id
65dc346c-b9fc-27d6-5769-bf45e510ebae
Article author
Metadata
- ID: d2229fc6-f8c8-952e-e567-b1d5a463055a
- PlatformId: 65dc346c-b9fc-27d6-5769-bf45e510ebae
- Service: aspnet-core
- Sub-service: security