ASP.Net Core 9.0: Authentication and Authorization Enhancements

The article demonstrates new features related to authentication and authorization. These enhancements aim to improve security and streamline the process of verifying user identities and granting access.

Photo by FlyD on Unsplash

OIDC and OAuth Parameter Customization

The OAuth and OpenID Connect (OIDC) authentication handlers now offer an AdditionalAuthorizationParameters option. This feature simplifies the customization of authorization message parameters typically included in the redirect query string. Previously, achieving this level of customization required implementing a custom OnRedirectToIdentityProvider callback or overriding the BuildChallengeUrl method within a custom handler. However, with the latest improvements, developers can achieve the same result more succinctly.

Example

In previous versions of .NET, achieving custom parameter customization looked like this:

builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
    options.Events.OnRedirectToIdentityProvider = context =>
    {
        context.ProtocolMessage.SetParameter("prompt", "login")…