ASP.Net 9.0: Authentication Enhancements

ASP.Net 9.0: Authentication Enhancements
sunmughan sunmughan
DevelopmentInformation SecurityNews
March 16, 2024


The article demonstrates new features related to authentication and authorization. These enhancements aim to improve security and streamline the process of verifying user identities and granting access.



OIDC and OAuth Parameter Customization

The OAuth and OpenID Connect (OIDC) authentication handlers now offer an AdditionalAuthorizationParameters option. This feature simplifies the customization of authorization message parameters typically included in the redirect query string. Previously, achieving this level of customization required implementing a custom OnRedirectToIdentityProvider callback or overriding the BuildChallengeUrl method within a custom handler. However, with the latest improvements, developers can achieve the same result more succinctly.



Example

In previous versions of .NET, achieving custom parameter customization looked like this:

builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
    options.Events.OnRedirectToIdentityProvider = context =>
    {
        context.ProtocolMessage.SetParameter("prompt", "login");
        context.ProtocolMessage.SetParameter("audience", "https://api.example.com");
        return Task.CompletedTask;
    };
});
Enter fullscreen mode

Exit fullscreen mode

Now, with the simplified approach, you can achieve the same result as follows

builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
options.AdditionalAuthorizationParameters.Add("prompt", "login");
options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
});
Enter fullscreen mode

Exit fullscreen mode




Configuring HTTP.sys Extended Authentication Flags

Windows authentication via HTTP.sys can now be fine-tuned using the EnableKerberosCredentialCaching and CaptureCredentials properties. These properties allow developers to optimize how HTTP.sys handles authentication. Specifically, you can configure the following flags:

  1. HTTP_AUTH_EX_FLAG_ENABLE_KERBEROS_CREDENTIAL_CACHING: Enables Kerberos credential caching for improved performance.

  2. HTTP_AUTH_EX_FLAG_CAPTURE_CREDENTIAL: Captures user credentials during the authentication process.



Example:

webBuilder.UseHttpSys(options =>
{
options.Authentication.Schemes = AuthenticationSchemes.Negotiate;
options.Authentication.EnableKerberosCredentialCaching = true;
options.Authentication.CaptureCredentials = true;
});
Enter fullscreen mode

Exit fullscreen mode




Clap if you believe in unicorns & well-structured paragraphs!



Socials: C# Publication | LinkedIn | Instagram | Twitter | Dev.to

Buymeacoffee





Source link



Subscription Form (#8)

Subscribe To Our Blogs

 

Enter your email address to subscribe to this blog and receive notifications of every new post immediately by email.

Join our 21,000+ active readers
Receive the latest news

Subscribe To Our Newsletter

Enter your email address to subscribe

Subscription Form
ASP.net aspnet authentication coding Enhancements
0
Leave a Reply
Close
Search

Hit enter to search or ESC to close

cookie Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance. Please read our cookie policy. Close