| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Adds cookie authentication to the Kestrun server. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | Configures the Kestrun server to use cookie authentication for incoming requests. |
| | | 6 | | .PARAMETER Server |
| | | 7 | | The Kestrun server instance to configure. If not specified, the current server instance is used. |
| | | 8 | | .PARAMETER AuthenticationScheme |
| | | 9 | | The name of the cookie authentication scheme. |
| | | 10 | | .PARAMETER DisplayName |
| | | 11 | | The display name for the authentication scheme. |
| | | 12 | | .PARAMETER Description |
| | | 13 | | A description of the cookie authentication scheme. |
| | | 14 | | .PARAMETER Deprecated |
| | | 15 | | If specified, marks the authentication scheme as deprecated in OpenAPI documentation. |
| | | 16 | | .PARAMETER DocId |
| | | 17 | | Documentation IDs for the authentication scheme. |
| | | 18 | | .PARAMETER Options |
| | | 19 | | The cookie authentication options to configure. If not specified, default options are used. |
| | | 20 | | .PARAMETER ClaimPolicy |
| | | 21 | | The claim policy configuration to apply to the authentication scheme. |
| | | 22 | | .PARAMETER SlidingExpiration |
| | | 23 | | Indicates whether the cookie expiration should be sliding. Defaults to false. |
| | | 24 | | .PARAMETER LoginPath |
| | | 25 | | The path to the login page. If not specified, defaults to "/Account/Login". |
| | | 26 | | .PARAMETER LogoutPath |
| | | 27 | | The path to the logout page. If not specified, defaults to "/Account/Logout". |
| | | 28 | | .PARAMETER AccessDeniedPath |
| | | 29 | | The path to the access denied page. If not specified, defaults to "/Account/AccessDenied". |
| | | 30 | | .PARAMETER ReturnUrlParameter |
| | | 31 | | The name of the query parameter used to return the URL after login. Defaults to "ReturnUrl". |
| | | 32 | | .PARAMETER ExpireTimeSpan |
| | | 33 | | The time span after which the cookie expires. Defaults to 14 days. |
| | | 34 | | .PARAMETER Cookie |
| | | 35 | | The cookie configuration to use. If not specified, default cookie settings are applied. |
| | | 36 | | Can be created with New-KrCookieBuilder and passed via pipeline. |
| | | 37 | | .PARAMETER PassThru |
| | | 38 | | If specified, the cmdlet returns the modified server instance after configuration. |
| | | 39 | | .EXAMPLE |
| | | 40 | | Add-KrCookiesAuthentication -Server $myServer -Name 'MyCookieAuth' -Options $myCookieOptions -ClaimPolicy $myClaimPo |
| | | 41 | | Adds cookie authentication to the specified Kestrun server with the provided options and claim policy. |
| | | 42 | | .EXAMPLE |
| | | 43 | | Add-KrCookiesAuthentication -AuthenticationScheme 'MyCookieAuth' -SlidingExpiration -LoginPath '/Login' -LogoutPath |
| | | 44 | | Configures cookie authentication with sliding expiration and custom paths for login, logout, and access denied |
| | | 45 | | .EXAMPLE |
| | | 46 | | $cookie = New-KrCookieBuilder -Name 'AuthCookie' -HttpOnly -SameSite Lax |
| | | 47 | | Add-KrCookiesAuthentication -AuthenticationScheme 'MyCookieAuth' -Cookie $cookie -SlidingExpiration -ExpireTimeSpan |
| | | 48 | | Configures cookie authentication using a custom cookie with HttpOnly and SameSite=Lax, along with sliding expiration |
| | | 49 | | .EXAMPLE |
| | | 50 | | New-KrCookieBuilder -Name 'AuthCookie' -HttpOnly -SameSite Lax | |
| | | 51 | | Add-KrCookiesAuthentication -AuthenticationScheme 'MyCookieAuth' -SlidingExpiration -ExpireTimeSpan (New-TimeSpa |
| | | 52 | | Configures cookie authentication using a custom cookie created via pipeline with HttpOnly and SameSite=Lax, along wi |
| | | 53 | | .NOTES |
| | | 54 | | This cmdlet is part of the Kestrun PowerShell module and is used to configure cookie authentication for Kestrun serv |
| | | 55 | | .LINK |
| | | 56 | | https://docs.kestrun.dev/docs/powershell/kestrun/authentication |
| | | 57 | | #> |
| | | 58 | | function Add-KrCookiesAuthentication { |
| | | 59 | | [KestrunRuntimeApi('Definition')] |
| | | 60 | | [CmdletBinding(defaultParameterSetName = 'Items')] |
| | | 61 | | [OutputType([Kestrun.Hosting.KestrunHost])] |
| | | 62 | | param( |
| | | 63 | | [Parameter(Mandatory = $false, ValueFromPipeline = $true)] |
| | | 64 | | [Kestrun.Hosting.KestrunHost]$Server, |
| | | 65 | | [Parameter()] |
| | | 66 | | [string]$AuthenticationScheme = [Kestrun.Authentication.AuthenticationDefaults]::CookiesAuthenticationSchemeName |
| | | 67 | | |
| | | 68 | | [Parameter()] |
| | | 69 | | [string]$DisplayName = [Kestrun.Authentication.AuthenticationDefaults]::CookiesDisplayName, |
| | | 70 | | |
| | | 71 | | [Parameter()] |
| | | 72 | | [string[]]$DocId = [Kestrun.OpenApi.OpenApiDocDescriptor]::DefaultDocumentationIds, |
| | | 73 | | |
| | | 74 | | [Parameter(ParameterSetName = 'Items')] |
| | | 75 | | [string] $Description, |
| | | 76 | | |
| | | 77 | | [Parameter(ParameterSetName = 'Items')] |
| | | 78 | | [string] $Deprecated, |
| | | 79 | | |
| | | 80 | | [Parameter(Mandatory = $true, ParameterSetName = 'Options')] |
| | | 81 | | [Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions]$Options, |
| | | 82 | | |
| | | 83 | | [Parameter()] |
| | | 84 | | [Kestrun.Claims.ClaimPolicyConfig]$ClaimPolicy, |
| | | 85 | | [Parameter(ParameterSetName = 'Items')] |
| | | 86 | | [switch] $SlidingExpiration, |
| | | 87 | | [Parameter(ParameterSetName = 'Items')] |
| | | 88 | | [string]$LoginPath, |
| | | 89 | | [Parameter(ParameterSetName = 'Items')] |
| | | 90 | | [string]$LogoutPath, |
| | | 91 | | [Parameter(ParameterSetName = 'Items')] |
| | | 92 | | [string]$AccessDeniedPath, |
| | | 93 | | [Parameter(ParameterSetName = 'Items')] |
| | | 94 | | [string]$ReturnUrlParameter, |
| | | 95 | | [Parameter(ParameterSetName = 'Items')] |
| | | 96 | | [timespan] $ExpireTimeSpan, |
| | | 97 | | [Parameter(ParameterSetName = 'Items', ValueFromPipeline = $true)] |
| | | 98 | | [Microsoft.AspNetCore.Http.CookieBuilder]$Cookie, |
| | | 99 | | [Parameter()] |
| | | 100 | | [switch]$PassThru |
| | | 101 | | ) |
| | | 102 | | process { |
| | | 103 | | # Ensure the server instance is resolved |
| | 0 | 104 | | $Server = Resolve-KestrunServer -Server $Server |
| | | 105 | | # Build Options only when not provided directly |
| | 0 | 106 | | if ($PSCmdlet.ParameterSetName -ne 'Options') { |
| | 0 | 107 | | $Options = [Kestrun.Authentication.CookieAuthOptions]::new() |
| | | 108 | | # Set host reference |
| | 0 | 109 | | $Options.Host = $Server |
| | 0 | 110 | | if ($PSBoundParameters.ContainsKey('SlidingExpiration')) { $Options.SlidingExpiration = $SlidingExpiration.I |
| | 0 | 111 | | if ($PSBoundParameters.ContainsKey('LoginPath')) { $Options.LoginPath = $LoginPath } |
| | 0 | 112 | | if ($PSBoundParameters.ContainsKey('LogoutPath')) { $Options.LogoutPath = $LogoutPath } |
| | 0 | 113 | | if ($PSBoundParameters.ContainsKey('AccessDeniedPath')) { $Options.AccessDeniedPath = $AccessDeniedPath } |
| | 0 | 114 | | if ($PSBoundParameters.ContainsKey('ReturnUrlParameter')) { $Options.ReturnUrlParameter = $ReturnUrlParamete |
| | 0 | 115 | | if ($PSBoundParameters.ContainsKey('ExpireTimeSpan')) { $Options.ExpireTimeSpan = $ExpireTimeSpan } |
| | 0 | 116 | | if ($PSBoundParameters.ContainsKey('Cookie')) { $Options.Cookie = $Cookie } |
| | | 117 | | |
| | 0 | 118 | | if (-not ([string]::IsNullOrWhiteSpace($Description))) { |
| | 0 | 119 | | $Options.Description = $Description |
| | | 120 | | } |
| | | 121 | | # Set the Deprecated option |
| | 0 | 122 | | $Options.Deprecated = $Deprecated.IsPresent |
| | | 123 | | |
| | | 124 | | # OpenAPI documentation IDs |
| | 0 | 125 | | $Options.DocumentationId = $DocId |
| | | 126 | | } |
| | | 127 | | # Add cookie authentication to the server |
| | 0 | 128 | | [Kestrun.Hosting.KestrunHostAuthnExtensions]::AddCookieAuthentication( |
| | 0 | 129 | | $Server, $AuthenticationScheme, $DisplayName, $Options, $ClaimPolicy) | Out-Null |
| | | 130 | | |
| | | 131 | | # Return the modified server instance if PassThru is specified |
| | 0 | 132 | | if ($PassThru.IsPresent) { |
| | 0 | 133 | | return $Server |
| | | 134 | | } |
| | | 135 | | } |
| | | 136 | | } |