In my path to understand the magic behind the frameworks because without knowing we are just playing blank, I have tried to follow the trail of the sign in method that Identity uses when signing in.
Note that the official repo of the asp is on https://github.com/dotnet/aspnetcore.
First step is to open the Identity project and look for the SignInManager solution
In this solution we can see that the SignInManager has the following definition for SignInAsync
Going further we can see that SignInWithClaimsAsync method creates the principal based on the User class and then calls the HttpContext extension method
To check the extension method we need to open the Http solution
Looking a bit over this extension method, we can see that it actually requests for a service that will decide how are the user authentication data will be stored:
The interface it self is pretty straight forward, it provides the Principal (user identity) and the context
The interface is implemented by the AuthenticationService
The signInHandler is a contract which demands only one method:
Well – we find out that is the interface that should handle signed-in data. Now to check an actual implementation of it, we need to open the Security project
We can trace here a base class that delegates the signinasync method to it’s children
And at the end of the journey, let’s check the cookie authentication which is added with the AddCookie extension method
This method adds the authentication handler which when signin in it creates a ticket and it stores it in the session store