What does `HTTPContext.SignInAsync` do behind the scenes?

by

Note that the code has been changed, below is for version active in 2017 when the question was asked.

https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions/

https://github.com/aspnet/HttpAbstractions

New github link:

https://github.com/dotnet/aspnetcore

This is a start, from here you can follow the code depending on what you want to know.

Default AuthenticationService in Microsoft.AspNetCore.Authentication

public virtual async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

    if (scheme == null)
    {
        var defaultScheme = await Schemes.GetDefaultSignInSchemeAsync();
        scheme = defaultScheme?.Name;
        if (scheme == null)
        {
            throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found.");
        }
    }

    var handler = await Handlers.GetHandlerAsync(context, scheme);
    if (handler == null)
    {
        throw await CreateMissingSignInHandlerException(scheme);
    }

    var signInHandler = handler as IAuthenticationSignInHandler;
    if (signInHandler == null)
    {
        throw await CreateMismatchedSignInHandlerException(scheme, handler);
    }

    await signInHandler.SignInAsync(principal, properties);
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs#L142

Possible override from Microsoft.AspNetCore.Http.Authentication.Internal DefaultAuthenticationManager

public override async Task SignInAsync(string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (string.IsNullOrEmpty(authenticationScheme))
    {
        throw new ArgumentException(nameof(authenticationScheme));
    }

    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

#pragma warning disable CS0618 // Type or member is obsolete
    var handler = HttpAuthenticationFeature.Handler;
#pragma warning restore CS0618 // Type or member is obsolete

    var signInContext = new SignInContext(authenticationScheme, principal, properties?.Items);
    if (handler != null)
    {
        await handler.SignInAsync(signInContext);
    }

    if (!signInContext.Accepted)
    {
        throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}");
    }
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Http/Authentication/DefaultAuthenticationManager.cs#L133

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)