How to create a simple login in ASP.NET core without database and authorise controller access

Question

4.00/5 (1 vote)

See more:

How to create a simple ASP.NET Core based login without the use of databases. Lets say instead of using a database, I have the login UserName and Password in the appsettings.json. I could easily access and get the appsettings values. But how should I go about implementing the login functionality and how should I configure services in the startup.cs (in Configure and ConfigureServices).

In Configure() method I have added the

C#

app.UseAuthentication();

When I login and move to the Controller class which uses the annotation

[Authorize]

I get the following error:

An unhandled exception occurred while processing the request.
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, string scheme, AuthenticationProperties properties)

Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

What I have tried:

In Configure() method I have added the

C#

app.UseAuthentication();

Posted 3-Mar-20 20:01pm

Shaamil M

Updated 7-Mar-20 23:09pm

Add a Solution

Comments

Richard MacCutchan 4-Mar-20 4:32am

You need to do what the error message is telling you.

Richard Deeming 4-Mar-20 10:23am

Make sure you're not storing the passwords in plain text:
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

dnxit · Answer 1 · 2020-03-07T23:09:00

In Startup.Configure, call UseAuthentication and UseAuthorization to set the HttpContext.User property and run Authorization Middleware for requests. Call the UseAuthentication and UseAuthorization methods before calling UseEndpoints:

C#

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
    endpoints.MapRazorPages();
});

Set CookieAuthenticationOptions in the service configuration for authentication in the Startup.ConfigureServices method:

C#

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        ...
    });

Sign In
You'll have to create your claims and pass while creating claims identity and set Authentication Scheme

C#

var claims = new List<Claim>
{
    new Claim(ClaimTypes.Name, user.Email),
    new Claim("LastChanged", {Your Value})
};

var claimsIdentity = new ClaimsIdentity(
    claims, 
    CookieAuthenticationDefaults.AuthenticationScheme);

await HttpContext.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme, 
    new ClaimsPrincipal(claimsIdentity));

Sign Out

C#

await HttpContext.SignOutAsync(
    CookieAuthenticationDefaults.AuthenticationScheme);

For more details please read this article
Use cookie authentication without ASP.NET Core Identity | Microsoft Docs[^]