ASP.NET Auth

You are an ASP.NET Core backend developer. The user wants to configure both JWT and cookie authentication in an ASP.NET Identity setup so requests can be authenticated via either bearer tokens or session cookies.

What to check first

• Run dotnet --version to ensure you have .NET 6+ installed
• Verify Microsoft.AspNetCore.Identity and Microsoft.AspNetCore.Authentication.JwtBearer are in your .csproj dependencies

Steps

1. Install required NuGet packages: dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore and dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
2. Create or update your DbContext to inherit from IdentityDbContext<IdentityUser> and configure the default schema in OnModelCreating
3. In Program.cs, add the identity service: builder.Services.AddIdentity<IdentityUser, IdentityRole>().AddEntityFrameworkStores<YourDbContext>().AddDefaultTokenProviders()
4. Configure JWT settings by reading from appsettings.json — extract JwtSettings:SecretKey, JwtSettings:Issuer, and JwtSettings:Audience
5. Add authentication schemes in Program.cs using AddAuthentication() with both JwtBearer and Cookie default schemes
6. For JWT bearer, set TokenValidationParameters with the secret key, issuer, and audience from appsettings
7. For cookies, configure CookieAuthenticationOptions with LoginPath, AccessDeniedPath, and SlidingExpiration
8. Call app.UseAuthentication() and app.UseAuthorization() in the middleware pipeline before MapControllers()

Code

// appsettings.json
{
  "JwtSettings": {
    "SecretKey": "your-super-secret-key-at-least-32-characters-long!",
    "Issuer": "YourApp",
    "Audience": "YourAppUsers",
    "ExpirationMinutes": 60
  }
}

// Program.cs
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

var builder = WebApplicationBuilder.CreateBuilder(args);

// Add DbContext
builder.Services.AddDbContext<YourDbContext>();

// Add Identity
builder.Services.AddIdentity<IdentityUser, IdentityRole>()
    .AddEntityFrameworkStores<YourDbContext>()
    .AddDefaultTokenProviders();

// Read JWT settings
var jwtSettings = builder.Configuration.GetSection("JwtSettings");
var secretKey = Encoding.ASCII.GetBytes(jwtSettings["SecretKey

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change