ASP.NET UseAuthentication
last modified April 3, 2025
In this article, we explore the UseAuthentication middleware in ASP.NET 8. This middleware is essential for implementing authentication in web applications.
ASP.NET provides a robust authentication system that supports various providers. UseAuthentication enables the authentication middleware in the request pipeline.
Basic Definition
UseAuthentication is a middleware component in ASP.NET that enables authentication functionality. It must be called before any middleware that depends on users being authenticated.
Authentication is the process of determining a user's identity. ASP.NET supports cookie-based authentication, JWT, OAuth, and other authentication schemes.
UseAuthentication works with authentication services registered via AddAuthentication. It examines each request for authentication credentials.
ASP.NET UseAuthentication Example
The following example demonstrates cookie-based authentication using UseAuthentication.
var builder = WebApplication.CreateBuilder(args);
// Add authentication services
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/AccessDenied";
});
builder.Services.AddControllersWithViews();
var app = builder.Build();
app.UseStaticFiles();
app.UseRouting();
// Enable authentication middleware
app.UseAuthentication();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();
This sets up cookie authentication with custom paths for login and access denied. The UseAuthentication middleware is placed after routing but before authorization.
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
public class AccountController : Controller
{
[HttpGet]
public IActionResult Login(string returnUrl = "/")
{
ViewData["ReturnUrl"] = returnUrl;
return View();
}
[HttpPost]
public async Task<IActionResult> Login(string username, string password, string returnUrl)
{
if (username == "admin" && password == "password")
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.Role, "Administrator")
};
var claimsIdentity = new ClaimsIdentity(
claims, CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity));
return LocalRedirect(returnUrl);
}
ViewData["ReturnUrl"] = returnUrl;
ModelState.AddModelError("", "Invalid username or password");
return View();
}
[HttpPost]
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync(
CookieAuthenticationDefaults.AuthenticationScheme);
return RedirectToAction("Index", "Home");
}
}
The AccountController handles login and logout operations. The Login action validates credentials and creates a cookie with claims. The Logout action removes the authentication cookie.
@{
ViewData["Title"] = "Login";
}
<h2>Login</h2>
<form method="post">
<div>
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
</div>
<input type="hidden" name="returnUrl" value="@ViewData["ReturnUrl"]" />
<button type="submit">Login</button>
</form>
@if (ViewData.ModelState[""]?.Errors.Count > 0)
{
<div class="error">
@Html.ValidationSummary()
</div>
}
This simple login view collects username and password. It includes validation messages and preserves the return URL for redirecting after successful login.
The example demonstrates a complete authentication flow. UseAuthentication middleware processes the authentication cookie on each request. The [Authorize] attribute can protect controller actions.
Source
Microsoft ASP.NET Authentication Documentation
In this article, we have explored the UseAuthentication middleware in ASP.NET 8. This essential component enables secure authentication in web applications.
Author
List all ASP.NET tutorials.