Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
5448f36
WIP: Device Bound Session Credentials (DBSC) for cookie auth
javiercn Jun 3, 2026
a33d431
WIP: Add DeviceBoundSessions handler project (v2 architecture)
javiercn Jun 4, 2026
abb136c
WIP: Add v2 sample app and register project reference
javiercn Jun 4, 2026
3522b4e
Add HAR logging middleware to v1 sample (debug tool)
javiercn Jun 4, 2026
1d8f73a
Pseudo working
javiercn Jun 4, 2026
f7d4008
Remove v1 DBSC implementation from Cookies project
javiercn Jun 4, 2026
35211fa
Improve DBSC handler: time-limited challenges, IPostConfigure, Identi…
javiercn Jun 4, 2026
57cf7b7
Fix DBSC project to ship as NuGet package, not shared framework
javiercn Jun 4, 2026
ff4b72e
Use antiforgery-style claim UID for challenge binding
javiercn Jun 4, 2026
bef816c
Split challenge into registration/refresh, use non-allocating APIs
javiercn Jun 4, 2026
565190c
Use CBOR for challenge payloads, remove nonce
javiercn Jun 4, 2026
0bef89e
Simplify challenge: CBOR array, no nonce, WebEncoders for base64url
javiercn Jun 4, 2026
cc04e7e
Use bare CBOR sequence, default 10min session cookie expiry
javiercn Jun 4, 2026
ddb0618
Use existing IdentityModel package, CBOR-encode claim UIDs
javiercn Jun 4, 2026
fc9397b
One class per file, remove unused defaults
javiercn Jun 4, 2026
7c41999
Copy source cookie settings to derived schemes, singleton challenge p…
javiercn Jun 4, 2026
31330b6
Update design document with all refinements
javiercn Jun 5, 2026
3e71fd2
feat: refine DBSC challenge flow, rename session instruction DTOs, ex…
rokonec Jun 11, 2026
f2d9b2f
feat: harden Device Bound Sessions prototype and gate API as experime…
rokonec Jun 23, 2026
28610de
feat: mirror auth cookie sliding for DBSC refresh cookie
rokonec Jun 23, 2026
aad0d70
Merge branch 'main' into roman/dbsc-prototype
Copilot Jun 23, 2026
369627c
Merge branch 'main' into roman/dbsc-prototype
Copilot Jun 23, 2026
ae7947d
docs: update DBSC design doc for recent work
rokonec Jun 23, 2026
84f7b48
chore: restore DBSC sample source cookie lifetime to 7 days
rokonec Jun 23, 2026
e82aad9
fix: correct DBSC sample path in solution and drop phantom test project
rokonec Jun 23, 2026
d75a625
build: regenerate project reference lists for DBSC
rokonec Jun 23, 2026
ecd7d93
fix(dbsc): address review feedback on session instruction and cookie …
rokonec Jun 23, 2026
4039bd9
build(dbsc): version the package with ExperimentalVersionPrefix
rokonec Jun 30, 2026
d98dcb1
fix: drop accidental submodule pointer changes
rokonec Jun 30, 2026
ed9769d
refactor(dbsc): drop no-op cookie name/path save-restore
rokonec Jul 9, 2026
6207bf2
feat(dbsc): full sign-out and opt-in default scheme handling
rokonec Jul 9, 2026
785f033
feat(dbsc): add continue and allowed_refresh_initiators to session in…
rokonec Jul 9, 2026
ff0d4b2
fix(dbsc): support a non-root path base end-to-end
rokonec Jul 9, 2026
4772d25
Delete dbsc-design.md
rokonec Jul 13, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions AspNetCore.slnx
Original file line number Diff line number Diff line change
Expand Up @@ -809,6 +809,12 @@
<Project Path="src/Security/Authentication/Cookies/samples/CookieSample/CookieSample.csproj" />
<Project Path="src/Security/Authentication/Cookies/samples/CookieSessionSample/CookieSessionSample.csproj" />
</Folder>
<Folder Name="/src/Security/Authentication/DeviceBoundSessions/">
<Project Path="src/Security/Authentication/DeviceBoundSessions/src/Microsoft.AspNetCore.Authentication.DeviceBoundSessions.csproj" />
</Folder>
<Folder Name="/src/Security/Authentication/DeviceBoundSessions/samples/">
<Project Path="src/Security/Authentication/DeviceBoundSessions/samples/DbscDebugServer/DbscDebugServer.csproj" />
</Folder>
<Folder Name="/src/Security/Authentication/Core/">
<Project Path="src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj" />
</Folder>
Expand Down
1 change: 1 addition & 0 deletions docs/list-of-diagnostics.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
| __`ASP0027`__ | Unnecessary public Program class declaration |
| __`ASP0028`__ | Consider using ListenAnyIP() instead of Listen(IPAddress.Any) |
| __`ASP0029`__ | Experimental warning for validations resolver APIs |
| __`ASP0030`__ | Experimental warning for Device Bound Sessions (DBSC) APIs |

### API (`API1000-API1003`)

Expand Down
1 change: 1 addition & 0 deletions eng/ProjectReferences.props
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.Certificate" ProjectPath="$(RepoRoot)src\Security\Authentication\Certificate\src\Microsoft.AspNetCore.Authentication.Certificate.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.Cookies" ProjectPath="$(RepoRoot)src\Security\Authentication\Cookies\src\Microsoft.AspNetCore.Authentication.Cookies.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication" ProjectPath="$(RepoRoot)src\Security\Authentication\Core\src\Microsoft.AspNetCore.Authentication.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.DeviceBoundSessions" ProjectPath="$(RepoRoot)src\Security\Authentication\DeviceBoundSessions\src\Microsoft.AspNetCore.Authentication.DeviceBoundSessions.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.Facebook" ProjectPath="$(RepoRoot)src\Security\Authentication\Facebook\src\Microsoft.AspNetCore.Authentication.Facebook.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.Google" ProjectPath="$(RepoRoot)src\Security\Authentication\Google\src\Microsoft.AspNetCore.Authentication.Google.csproj" />
<ProjectReferenceProvider Include="Microsoft.AspNetCore.Authentication.JwtBearer" ProjectPath="$(RepoRoot)src\Security\Authentication\JwtBearer\src\Microsoft.AspNetCore.Authentication.JwtBearer.csproj" />
Expand Down
1 change: 1 addition & 0 deletions eng/ShippingAssemblies.props
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Identity.Specification.Tests" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Identity.UI" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Authentication.Certificate" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Authentication.DeviceBoundSessions" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Authentication.Facebook" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Authentication.Google" />
<AspNetCoreShippingAssembly Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
Expand Down
1 change: 1 addition & 0 deletions eng/TrimmableProjects.props
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.Certificate" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.Cookies" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.DeviceBoundSessions" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.Facebook" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.Google" />
<TrimmableProject Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@
<IsTrimmable>true</IsTrimmable>
</PropertyGroup>

<ItemGroup>
<InternalsVisibleTo Include="Microsoft.AspNetCore.Authentication.Test" />
</ItemGroup>

<ItemGroup>
<Compile Include="$(SharedSourceRoot)ChunkingCookieManager\**\*.cs" />
<Compile Include="$(SharedSourceRoot)ResultsHelpers\SharedUrlHelper.cs" LinkBase="Shared" />
Expand Down

Large diffs are not rendered by default.

Loading
Loading