How to Use Multiple Authentication Schemes in ASP.NET Core Web API

Glad you enjoyed it! Thank you too for watching and for the support.

You're welcome! Thank you too for all the support. It really means a lot to me.

Glad it was helpful! Thank you too for watching.

This really depends. Usually when you have apps like MVC or Razor or Blazor Server, you use cookies because your UI is connected directly to your server part of the app. When you have separate server and client apps, than JWT is usually used. Of course this doesn't have to be the rule, but it is mostly the case. Also, it depends on how you want to handle your tokens. You can have a separate Web API project, and still using the HttpOnly Cookie to transfer that token (I have a video about that as well).

Hi Rob. Thank you for the kind words and the support. Regarding your question, well it is possible, but to be honest if I make that kind of video, I will probably do only the Web API part. Including any client framework to work with that can simply invalidate the video pretty soon as those third party client libraries get replaced or obsolete pretty fast. I wrote one article for the Google Auth with Angular and .NET Web API, and never changed anything for the Web API part, but for the Aungular parth, the library was modified several times making the article invalid.

Hi. This is where you see that: czcams.com/video/0mb-wkkVMbg/video.html

Thanks for watching.

I guess it can be done, just I can't since I didn't work with Azure that much.

Hi. I am not sure I understand. Is your question related to this video? Because, as you can see, the cookie is set automatically in the Postman. It is sent with the SignInAsync method from the controller.

@@CodeMaze Sorry I forgot to mention, It's not related to this video, Actually, I am using HTTP cookie-based authentication but I'm getting false in the context.User.Identity?.IsAuthenticated.
.AddJwtBearer(cfg =>
{
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = "",
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true
};
cfg.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
string action = Convert.ToString(context.Request.RouteValues["action"]) ?? "";
if (action.Equals("RefreshToken", StringComparison.Ordinal)
&& context.Request.Cookies.ContainsKey("X-Refresh-Token"))
{
context.Token = context.Request.Cookies["X-Refresh-Token"];
}
else if (context.Request.Cookies.ContainsKey("X-Access-Token"))
{
context.Token = context.Request.Cookies["X-Access-Token"];
}
return Task.CompletedTask;
}
};
});
How do you set the HTTP cookie that I want to know?

I didn't do that for a long time and don't have any source code. What I think is that you are using JWT authentication not a cookie authentication, but want to return the token to the client as HttpOnly cookie. There are some examples on Google (I just searched) but again, didn't use it for a while, and really I am currently not sure how it exactly works. But I am definitely sure it was similar to your configuration.

@@CodeMaze Let me explore more.