JWT and Cookie Based Authentication
Explore how to implement and configure JWT and cookie-based authentication in ASP.NET Core MVC. Learn to manage authentication schemes, set cookie options, build JWTs, and handle login and logout flows securely to protect your web applications.
Cookie authorization schemes options
Cookie options can be set as shown below:
The main options that we might need to change in our application are listed below:
| Property | Description |
|---|---|
AuthenticationScheme |
The name of the authentication scheme. It defaults to CookieAuthenticationDefaults.AuthenticationScheme. |
ExpireTimeSpan |
A TimeSpan that encodes the duration of the cookie. |
SlidingExpiration |
If true the duration of the cookie is renewed at each request. |
CookieName |
The name of the cookie. You should not need to change the default name. |
LoginPath |
The path where the browser is redirected by the challenge action. It defaults to /Account/Login. |
AccessDeniedPath |
The path where the browser is redirected by the forbid action. It defaults to /Account/AccessDenied. |
CookieSecure |
Whether to limit the transmission of the authentication cookie only to HTTPS connections. The default is false, but if your application uses HTTPS you should set this property to true. |
ReturnUrlParameter |
The name of the query string parameter where the scheme will place the URL that originated the redirect to the login page if any. It defaults to “ReturnUrl”. You should redirect the browser to |