AppStd/DigitalData.UserManager
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(startup): remove cookie-based authentication configuration

Browse Source
This commit is contained in:
tekh 2025-07-22 13:13:52 +02:00
parent 437f33a323
commit 06303ec2b5
1 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
DigitalData.UserManager.API/Program.cs
View File

@ -60,16 +60,6 @@ try {
.AndIf(c => !config.GetValue<bool>("UseEncryptor")));
});
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
options.LoginPath = "/api/auth/login";
options.LogoutPath = "/api/auth/logout";
});
// Once the app is built, the password will be decrypted with Encryptor. lazy loading also acts as a call back method.
Lazy<string>? cnn_str = null;