What is difference between these two cookie configurations for cookie-based authentication?
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
// Configure cookie based authentication:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(opt =>
{
/* validation rules */
});
}
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity<AppUser, AppRole>(opt =>
{
/* validation rules */
});
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/User/Login");
options.Cookie = new CookieBuilder
{
Name = "AspNetCoreIdentityExampleCookie",
HttpOnly = false,
SameSite = SameSiteMode.Lax,
SecurePolicy = CookieSecurePolicy.Always
};
options.ExpireTimeSpan = TimeSpan.FromMinutes(2);
options.SlidingExpiration = true;
});
}
I can't understand the difference, I will be glad for hearing any help.
Variant one involves configuring cookie-based authentication manually, without utilizing the provided Identity framework. On the other hand, Variant two involves calling AddIdentity
, which automatically adds cookie-based authentication and allows for customization of the configuration using ConfigureApplicationCookie
.