Jul 27, 2020 02:40 PM|mgebhard|LINK
I thought about that, mgebhard. Is cookie authentication secure in .net core mvc? This is a production app and I don't want someone to be able to forge a cookie and break in.
Come on man! Identity uses the same cookie! The cookie contains a token which is just an encrypted string that has claims related to the user. the lined doc covers this...
Also, will cookie auth allow the user's username to be access on a razor page via `UserManager.GetUserName(User)`? I have a view that looks like this:
Well, no. The UserManager is an Identity API. You'll need to install Identity into you project is you wish to use Identity. From my perspective, you do not need Identity because you are authenticating with Windows atypically. You still need to persist
authentication. Cookie auth does not care about the authentication source. That's why you can use it without Identity as the link explains,
Use Identity if you need to manage roles but you should uses Identity's external login feature if you go this route.
Anyway, the official docs cover everything you need.