ASP.NET Core 2.0 Cookie Authentication

using Microsoft.AspNetCore.Authentication.Cookies;using Microsoft.AspNetCore.Builder;using Microsoft.AspNetCore.Hosting;using Microsoft.AspNetCore.Http;using Microsoft.Extensions.DependencyInjection;using System;using System.Threading.Tasks;namespace Fiver.Security.Authentication{ ???public class Startup ???{ ???????public void ConfigureServices( ???????????IServiceCollection services) ???????{ ???????????services.AddAuthentication("FiverSecurityScheme") ???????????????????.AddCookie("FiverSecurityScheme", options => ???????????????????{ ???????????????????????options.AccessDeniedPath = new PathString("/Security/Access"); ???????????????????????options.Cookie = new CookieBuilder ???????????????????????{ ???????????????????????????//Domain = "", ???????????????????????????HttpOnly = true, ???????????????????????????Name = ".Fiver.Security.Cookie", ???????????????????????????Path = "/", ???????????????????????????SameSite = SameSiteMode.Lax, ???????????????????????????SecurePolicy = CookieSecurePolicy.SameAsRequest ???????????????????????}; ???????????????????????options.Events = new CookieAuthenticationEvents ???????????????????????{ ???????????????????????????OnSignedIn = context => ???????????????????????????{ ???????????????????????????????Console.WriteLine("{0} - {1}: {2}", DateTime.Now, ?????????????????????????????????"OnSignedIn", context.Principal.Identity.Name); ???????????????????????????????return Task.CompletedTask; ???????????????????????????}, ???????????????????????????OnSigningOut = context => ???????????????????????????{ ???????????????????????????????Console.WriteLine("{0} - {1}: {2}", DateTime.Now, ?????????????????????????????????"OnSigningOut", context.HttpContext.User.Identity.Name); ???????????????????????????????return Task.CompletedTask; ???????????????????????????}, ???????????????????????????OnValidatePrincipal = context => ???????????????????????????{ ???????????????????????????????Console.WriteLine("{0} - {1}: {2}", DateTime.Now, ?????????????????????????????????"OnValidatePrincipal", context.Principal.Identity.Name); ???????????????????????????????return Task.CompletedTask; ???????????????????????????} ???????????????????????}; ???????????????????????//options.ExpireTimeSpan = TimeSpan.FromMinutes(10); ???????????????????????options.LoginPath = new PathString("/Security/Login"); ???????????????????????options.ReturnUrlParameter = "RequestPath"; ???????????????????????options.SlidingExpiration = true; ???????????????????}); ???????????services.AddMvc(); ???????} ???????//public void ConfigureServices( ???????// ???IServiceCollection services) ???????//{ ???????// ???services.AddAuthentication("FiverSecurityScheme") ???????// ???????????.AddCookie("FiverSecurityScheme", options => ???????// ???????????{ ???????// ???????????????options.AccessDeniedPath = new PathString("/Security/Access"); ???????// ???????????????options.LoginPath = new PathString("/Security/Login"); ???????// ???????????}); ???????// ???services.AddMvc(); ???????//} ???????public void Configure( ???????????IApplicationBuilder app, ???????????IHostingEnvironment env) ???????{ ???????????app.UseDeveloperExceptionPage(); ???????????app.UseAuthentication(); ???????????app.UseMvcWithDefaultRoute(); ???????} ???}}

using System.Threading.Tasks;using Microsoft.AspNetCore.Mvc;using Fiver.Security.Authentication.Models.Security;using System.Security.Claims;using System.Collections.Generic;using Microsoft.AspNetCore.Authentication;using System;namespace Fiver.Security.Authentication.Controllers{ ???public class SecurityController : Controller ???{ ???????public IActionResult Login(string requestPath) ???????{ ???????????ViewBag.RequestPath = requestPath ?? "/"; ???????????return View(); ???????} ???????[HttpPost] ???????public async Task<IActionResult> Login(LoginInputModel inputModel) ???????{ ???????????if (!IsAuthentic(inputModel.Username, inputModel.Password)) ???????????????return View(); ???????????????????????// create claims ???????????List<Claim> claims = new List<Claim> ???????????{ ???????????????new Claim(ClaimTypes.Name, "Sean Connery"), ???????????????new Claim(ClaimTypes.Email, inputModel.Username) ???????????}; ???????????????????????// create identity ???????????ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie"); ???????????????????????// create principal ???????????ClaimsPrincipal principal = new ClaimsPrincipal(identity); ???????????// sign-in ???????????await HttpContext.SignInAsync( ???????????????????scheme: "FiverSecurityScheme", ???????????????????principal: principal, ???????????????????properties: new AuthenticationProperties ???????????????????{ ???????????????????????//IsPersistent = true, // for ‘remember me‘ feature ???????????????????????//ExpiresUtc = DateTime.UtcNow.AddMinutes(1) ???????????????????}); ???????????return Redirect(inputModel.RequestPath ?? "/"); ???????????//return RedirectToAction("Index", "Home"); ???????} ???????public async Task<IActionResult> Logout(string requestPath) ???????{ ???????????await HttpContext.SignOutAsync( ???????????????????scheme: "FiverSecurityScheme"); ???????????return RedirectToAction("Login"); ???????} ???????public IActionResult Access() ???????{ ???????????return View(); ???????} ???????#region " Private " ???????private bool IsAuthentic(string username, string password) ???????{ ???????????return (username == "james" && password == "bond"); ???????} ???????#endregion ???}}