[.Net Core] - 当 .Net Core 版本由 1.x 升级至 2.x 后，Cookie 使用方式变更

背景

Asp.Net Core 项目升级至 2.x 版本后，Cookie 验证方式需要进行更新。

升级前：.Net Core 1.x

Startup.cs

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    // Other Options ...

// IMPORTANT: UseCookieAuthentication() MUST before UseMvc()
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationScheme = "MyCookieMiddlewareInstance",
        LoginPath = new PathString("/Home/Index/"),
        AccessDeniedPath = new PathString("/Home/AccessDenied/"),
        AutomaticAuthenticate = true,
        AutomaticChallenge = true,
        CookiePath = "/"
    });

    // Add MVC to the request pipeline.
    app.UseMvc(routes =>
    {
        routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
    });
}

Login

var claims = new List<Claim>
{
    new Claim(ClaimTypes.Email, user.Email),
    new Claim(ClaimTypes.Name, user.Name),
    new Claim(ClaimTypes.Sid, Convert.ToString(user.Gid))
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "AccountLogin"));
var property = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddHours(1) };
await HttpContext.Authentication.SignInAsync("MyCookieMiddlewareInstance", principal, property);
return RedirectToAction(nameof(LoginController.Index), "Candidate");

Logout

HttpContext.Session.Clear();
await HttpContext.Authentication.SignOutAsync("MyCookieMiddlewareInstance");
return RedirectToAction(nameof(HomeController.Index), "Home");

升级后：.Net Core 2.x

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication("MyCookieAuthenticationScheme")
            .AddCookie("MyCookieAuthenticationScheme", options => {
                options.SlidingExpiration = false;
                options.ExpireTimeSpan = TimeSpan.FromHours(1);
                options.Cookie = new CookieBuilder { HttpOnly = true, Name = "MyCookie", Path = "/" };
                options.LoginPath = "/Home/Index/";
                options.AccessDeniedPath = "/Home/AccessDenied/";
            });
    services.AddMvc();

    // Other Options ...
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    // Other Options ...

    app.UseAuthentication();

   // Add MVC to the request pipeline.
    app.UseMvc(routes =>
    {
        routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
    });
}

Login

var claims = new List<Claim>
{
    new Claim(ClaimTypes.Email, user.Email),
    new Claim(ClaimTypes.Name, user.Name),
    new Claim(ClaimTypes.Sid, Convert.ToString(user.Gid))
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "AccountLogin"));
await HttpContext.SignInAsync("MyCookieAuthenticationScheme", principal);
return RedirectToAction(nameof(CandidateController.Index), "Candidate");

Logout

HttpContext.Session.Clear();
await HttpContext.SignOutAsync("MyCookieAuthenticationScheme");
return RedirectToAction(nameof(HomeController.Index), "Home");

参考资料（了解更多细节）

https://www.cnblogs.com/tdfblog/p/aspnet-core-security-authentication-cookie.html