AspNetCore.Docs icon indicating copy to clipboard operation
AspNetCore.Docs copied to clipboard
verified publisher icon dotnet

[Cookies] Sudden code change in Guide, not marked in diff and not told about

Open DevTKSS opened this issue 5 months ago • 2 comments

Description

in this section: https://learn.microsoft.com/de-de/aspnet/core/security/authentication/cookie?view=aspnetcore-9.0#add-cookie-authentication

I as beginner with asp net core do not know what the HttpContextAcceccor is for and dont know if there is any Information about this to be known, for what you are using this or whats the difference to consider, when to use the Generic registration and when the default one is enough:

marking this in the following two snippet you provided as 1st and 2nd sample on the linked page (updated version to current net10.0 I am now using:

using Microsoft.AspNetCore.Authentication.Cookies;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie();

+ builder.Services.AddHttpContextAccessor(); // Default method (?) and *below* the cookie auth

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorPages();
app.MapDefaultControllerRoute();

app.Run();

and now notice this:

using Microsoft.AspNetCore.Authentication.Cookies;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.AddControllersWithViews();

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options.ExpireTimeSpan = TimeSpan.FromMinutes(20);
        options.SlidingExpiration = true;
        options.AccessDeniedPath = "/Forbidden/";
    });

+ builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); // suddenly we are using generic? Reason? Do we maybe need this?

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthentication();
app.UseAuthorization();

app.MapRazorPages();
app.MapDefaultControllerRoute();

app.Run();

I would like the docs to somewhere tell us the difference between these ways of definition. the only resource I found so far is: https://stackoverflow.com/questions/55247071/cookiepolicyoptions-or-cookieauthenticationoptions but its not getting completly clear to me.

Checking the markdown source for this page, I eventually have the point that's causing this problem, so you might be able to tackle this, beside the fact that you should at least add a small note when you change something in code, so we can learn when we should do this 👍

  1. Here we see HttpContext.User, without any remark about its relation to builder.Services.AddHttpContextAccessor();

https://github.com/dotnet/AspNetCore.Docs/blob/bce9940f93520e4981be9a8fed348b390a839b1d/aspnetcore/security/authentication/cookie.md?plain=1#L31

  1. And here, potentially coming from the MS Docs engine, we only see SignInAsync() but not that it is coming from the .AuthenticationHttpContextExtensions.SignInAsync()

https://github.com/dotnet/AspNetCore.Docs/blob/bce9940f93520e4981be9a8fed348b390a839b1d/aspnetcore/security/authentication/cookie.md?plain=1#L72

  1. Same here with SignInAsync()

https://github.com/dotnet/AspNetCore.Docs/blob/bce9940f93520e4981be9a8fed348b390a839b1d/aspnetcore/security/authentication/cookie.md?plain=1#L86

So my question as User would be: Do I need this Registration of HttpContextAccessor() or not? I did not see it mentioned elsewere, not sure if its still up to date or anything special you could potentially add a small link for us to lookup if we dont know it already?

Page URL

https://learn.microsoft.com/de-de/aspnet/core/security/authentication/cookie?view=aspnetcore-10.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/cookie.md

Document ID

b18a015b-914d-f014-f711-120d208904d9

Platform Id

65dc346c-b9fc-27d6-5769-bf45e510ebae

Article author

@Rick-Anderson

Metadata

  • ID: d2229fc6-f8c8-952e-e567-b1d5a463055a
  • PlatformId: 65dc346c-b9fc-27d6-5769-bf45e510ebae
  • Service: aspnet-core
  • Sub-service: security

Related Issues

DevTKSS avatar Jul 20 '25 12:07 DevTKSS

@wadepickett could this be a good candidate for using Copilot to start the PR?

cmastr avatar Sep 12 '25 17:09 cmastr

@cmastr I updated the OP with net10.0 specific information and tryed to investigate whats up with this, to potentially help you understand my problem with this a bit better and hopefully bring some light into the darkness 👍 Looking forward to any response or/and fix for this 🚀

DevTKSS avatar Dec 02 '25 13:12 DevTKSS