aspnet-dual-auth
CommunitySeamless cookie + JWT auth for SPAs and APIs
Authorecnepsyroc-bot
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Many APIs must serve both same-origin SPAs that rely on secure cookies and external clients that use Bearer JWTs, but ASP.NET Core's default authentication assumes a single scheme which leads to cookies not being set, SPAs redirecting to signin, or 401 responses turning into 302 redirects.
Core Features & Use Cases
- Automatic Scheme Selection: Uses a policy scheme that inspects the request and forwards to JwtBearer when an Authorization: Bearer header is present or to Cookie authentication for same-origin SPA requests.
- Safe SPA Cookies: Recommends HttpOnly, secure cookies with SameSite=Lax and sliding expiration to preserve sessions without localStorage.
- API-Friendly Responses: Overrides cookie redirect events to return 401/403 for API calls and provides a pattern to issue both a cookie for the SPA and a JWT for external clients.
- Use Case: A React/Vue/Angular SPA served from the same origin can authenticate via an HttpOnly cookie while mobile apps or third-party services use JWTs.
Quick Start
Configure the API to use a policy selector that chooses JWT for Authorization: Bearer requests and cookies for same-origin SPA requests, set cookie options to HttpOnly, SameSite=Lax and secure, and ensure the cookie events return 401/403 for API calls.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: aspnet-dual-auth Download link: https://github.com/ecnepsyroc-bot/Dejavara/archive/main.zip#aspnet-dual-auth Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.