Refactor Events + Add IAuthenticationBuilder

Author: HaoK

samples/CookieSample/Startup.cs

@@ -18,9 +18,7 @@ public void ConfigureServices(IServiceCollection services)
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
+            }).AddCookie();
         }
 
         public void Configure(IApplicationBuilder app)

samples/CookieSessionSample/Startup.cs

@@ -19,9 +19,7 @@ public void ConfigureServices(IServiceCollection services)
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
+            }).AddCookie(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
         public void Configure(IApplicationBuilder app)

samples/JwtBearerSample/Startup.cs

@@ -48,9 +48,7 @@ public void ConfigureServices(IServiceCollection services)
             {
                 options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-            });
-
-            services.AddJwtBearerAuthentication(o =>
+            }).AddJwtBearer(o =>
             {
                 // You also need to update /wwwroot/app/scripts/app.js
                 o.Authority = Configuration["jwt:authority"];
@@ -59,7 +57,7 @@ public void ConfigureServices(IServiceCollection services)
                 {
                     OnAuthenticationFailed = c =>
                     {
-                        c.HandleResponse();
+                        c.NoResult();
 
                         c.Response.StatusCode = 500;
                         c.Response.ContentType = "text/plain";

samples/OpenIdConnect.AzureAdSample/Startup.cs

@@ -48,11 +48,9 @@ public void ConfigureServices(IServiceCollection services)
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
-
-            services.AddOpenIdConnectAuthentication(o =>
+            })
+                .AddCookie()
+                .AddOpenIdConnect(o =>
             {
                 o.ClientId = ClientId;
                 o.ClientSecret = ClientSecret; // for code flow

samples/OpenIdConnectSample/Startup.cs

@@ -45,11 +45,9 @@ public void ConfigureServices(IServiceCollection services)
                 sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication();
-
-            services.AddOpenIdConnectAuthentication(o =>
+            })
+                .AddCookie()
+                .AddOpenIdConnect(o =>
             {
                 o.ClientId = Configuration["oidc:clientid"];
                 o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow

samples/SocialSample/Startup.cs

@@ -55,25 +55,22 @@ public void ConfigureServices(IServiceCollection services)
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            });
-
-            services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login"));
-
-            // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
-            // https://developers.facebook.com/apps/
-            services.AddFacebookAuthentication(o =>
+            })
+                .AddCookie(o => o.LoginPath = new PathString("/login"))
+                // You must first create an app with Facebook and add its ID and Secret to your user-secrets.
+                // https://developers.facebook.com/apps/
+                .AddFacebook(o =>
             {
                 o.AppId = Configuration["facebook:appid"];
                 o.AppSecret = Configuration["facebook:appsecret"];
                 o.Scope.Add("email");
                 o.Fields.Add("name");
                 o.Fields.Add("email");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Google and add its ID and Secret to your user-secrets.
-            // https://console.developers.google.com/project
-            services.AddOAuthAuthentication("Google-AccessToken", o =>
+            })
+                // You must first create an app with Google and add its ID and Secret to your user-secrets.
+                // https://console.developers.google.com/project
+                .AddOAuth("Google-AccessToken", o =>
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
@@ -84,11 +81,10 @@ public void ConfigureServices(IServiceCollection services)
                 o.Scope.Add("profile");
                 o.Scope.Add("email");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Google and add its ID and Secret to your user-secrets.
-            // https://console.developers.google.com/project
-            services.AddGoogleAuthentication(o =>
+            })
+                // You must first create an app with Google and add its ID and Secret to your user-secrets.
+                // https://console.developers.google.com/project
+                .AddGoogle(o =>
             {
                 o.ClientId = Configuration["google:clientid"];
                 o.ClientSecret = Configuration["google:clientsecret"];
@@ -104,11 +100,10 @@ public void ConfigureServices(IServiceCollection services)
                 };
                 o.ClaimActions.MapJsonSubKey("urn:google:image", "image", "url");
                 o.ClaimActions.Remove(ClaimTypes.GivenName);
-            });
-
-            // You must first create an app with Twitter and add its key and Secret to your user-secrets.
-            // https://apps.twitter.com/
-            services.AddTwitterAuthentication(o =>
+            })
+                // You must first create an app with Twitter and add its key and Secret to your user-secrets.
+                // https://apps.twitter.com/
+                .AddTwitter(o =>
             {
                 o.ConsumerKey = Configuration["twitter:consumerkey"];
                 o.ConsumerSecret = Configuration["twitter:consumersecret"];
@@ -126,15 +121,14 @@ public void ConfigureServices(IServiceCollection services)
                         return Task.FromResult(0);
                     }
                 };
-            });
-
-            /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
-               Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
-               https://localhost:44318/
-            */
-            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
-            // https://apps.dev.microsoft.com/
-            services.AddOAuthAuthentication("Microsoft-AccessToken", o =>
+            })
+                /* Azure AD app model v2 has restrictions that prevent the use of plain HTTP for redirect URLs.
+                   Therefore, to authenticate through microsoft accounts, tryout the sample using the following URL:
+                   https://localhost:44318/
+                */
+                // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
+                // https://apps.dev.microsoft.com/
+                .AddOAuth("Microsoft-AccessToken", o =>
             {
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
@@ -143,32 +137,29 @@ public void ConfigureServices(IServiceCollection services)
                 o.TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
                 o.Scope.Add("https://graph.microsoft.com/user.read");
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
-            // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
-            services.AddMicrosoftAccountAuthentication(o =>
+            })
+                // You must first create an app with Microsoft Account and add its ID and Secret to your user-secrets.
+                // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
+                .AddMicrosoftAccount(o =>
             {
                 o.ClientId = Configuration["microsoftaccount:clientid"];
                 o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
-            // https://github.com/settings/applications/
-            services.AddOAuthAuthentication("GitHub-AccessToken", o =>
+            })
+                // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+                // https://github.com/settings/applications/
+                .AddOAuth("GitHub-AccessToken", o =>
             {
                 o.ClientId = Configuration["github-token:clientid"];
                 o.ClientSecret = Configuration["github-token:clientsecret"];
                 o.CallbackPath = new PathString("/signin-github-token");
                 o.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 o.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 o.SaveTokens = true;
-            });
-
-            // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
-            // https://github.com/settings/applications/
-            services.AddOAuthAuthentication("GitHub", o =>
+            })
+                // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
+                // https://github.com/settings/applications/
+                .AddOAuth("GitHub", o =>
             {
                 o.ClientId = Configuration["github:clientid"];
                 o.ClientSecret = Configuration["github:clientsecret"];

src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs

@@ -14,7 +14,10 @@
 
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
-    public class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>
+    public class CookieAuthenticationHandler : 
+        AuthenticationHandler<CookieAuthenticationOptions>, 
+        IAuthenticationSignInHandler, 
+        IAuthenticationSignOutHandler
     {
         private const string HeaderValueNoCache = "no-cache";
         private const string HeaderValueMinusOne = "-1";
@@ -104,7 +107,7 @@ private async Task<AuthenticateResult> ReadCookieTicket()
             var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
             if (string.IsNullOrEmpty(cookie))
             {
-                return AuthenticateResult.None();
+                return AuthenticateResult.NoResult();
             }
 
             var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
@@ -155,7 +158,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 return result;
             }
 
-            var context = new CookieValidatePrincipalContext(Context, Scheme, result.Ticket, Options);
+            var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket);
             await Events.ValidatePrincipal(context);
 
             if (context.Principal == null)
@@ -244,8 +247,15 @@ protected virtual async Task FinishResponseAsync()
             }
         }
 
-        protected override async Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+        public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
         {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            properties = properties ?? new AuthenticationProperties();
+
             _signInCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
@@ -284,7 +294,8 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
-            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.Scheme.Name);
+
             if (Options.SessionStore != null)
             {
                 if (_sessionKey != null)
@@ -310,20 +321,23 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
             var signedInContext = new CookieSignedInContext(
                 Context,
                 Scheme,
-                Options,
-                Scheme.Name,
                 signInContext.Principal,
-                signInContext.Properties);
+                signInContext.Properties,
+                Options);
 
             await Events.SignedIn(signedInContext);
 
             // Only redirect on the login path
             var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
             await ApplyHeaders(shouldRedirect, signedInContext.Properties);
+
+            Logger.SignedIn(Scheme.Name);
         }
 
-        protected override async Task HandleSignOutAsync(AuthenticationProperties properties)
+        public async virtual Task SignOutAsync(AuthenticationProperties properties)
         {
+            properties = properties ?? new AuthenticationProperties();
+
             _signOutCalled = true;
 
             // Process the request cookie to initialize members like _sessionKey.
@@ -351,6 +365,8 @@ protected override async Task HandleSignOutAsync(AuthenticationProperties proper
             // Only redirect on the logout path
             var shouldRedirect = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath;
             await ApplyHeaders(shouldRedirect, context.Properties);
+
+            Logger.SignedOut(Scheme.Name);
         }
 
         private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationProperties properties)
@@ -380,7 +396,7 @@ private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationPr
                 if (redirectUri != null)
                 {
                     await Events.RedirectToReturnUrl(
-                        new CookieRedirectContext(Context, Scheme, Options, redirectUri, properties));
+                        new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, redirectUri));
                 }
             }
         }
@@ -406,7 +422,7 @@ protected override async Task HandleForbiddenAsync(AuthenticationProperties prop
                 returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(accessDeniedUri), properties);
+            var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(accessDeniedUri));
             await Events.RedirectToAccessDenied(redirectContext);
         }
 
@@ -419,7 +435,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(loginUri), properties);
+            var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(loginUri));
             await Events.RedirectToLogin(redirectContext);
         }
 

src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs

@@ -2,16 +2,32 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.Extensions.Options;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
     public static class CookieExtensions
     {
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder)
+            => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme)
+            => builder.AddCookie(authenticationScheme, configureOptions: null);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions> configureOptions) 
+            => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
+        {
+            builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
+            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, configureOptions);
+        }
+
+
+        // REMOVE below once callers have been updated
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services) => services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
 
         public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme) => services.AddCookieAuthentication(authenticationScheme, configureOptions: null);