❔ Whats the difference between UseCookieAuthentication and UseCookiePolicy ?
Basically what the title says, I'm working on a Blazor Server app and I'm trying to set up my cookie configuration and idk whats the difference between the two? I (think) they are both middleware which is why I'm confused as two why both of them exist. Do I need to use both of them together?
5 Replies
UseCookiePolicy is not required. It adds options for you such as setting the same site mode of the cookie which controls how the cookie is or is not sent to 3rd party navigations. You can also set the cookie to httponly so that client side scripts can not access the cookie. You can also set a Consent Cookie telling users your use of cookies and they can accept/deny this use of cookies.
However, I often do use it for httponly default is false and the SiteMode defaults to lax. HttpOnly to true shouldn't affect most web applications. SiteMode we tend to set to strict dissallowing cross-site sharing of the cookie.
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.I figured that much and read that it was for third parties. I also noticed that UseCookieAuthentication was deprecated and to use AddCookie instead. https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.cookieextensions.addcookie?view=aspnetcore-7.0
AddCookie doesnt say anything about cookies being set to third parties. Is AddCookie for internal domain/subdomain use?
CookieExtensions.AddCookie Method (Microsoft.Extensions.DependencyI...
Adds cookie authentication to AuthenticationBuilder using the default scheme. The default scheme is specified by AuthenticationScheme. Cookie authentication uses a HTTP cookie persisted in the client to perform authentication.
UseCookiePolicy is what controls/changes the 3rd party cookie sending....
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.