From e6397091e08b2dceb8da8399511ada9b7ec3b70e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 18:23:42 +0000 Subject: [PATCH 01/12] Initial plan From 3aff0c8dbe0a2e46a9a8d73c6d7155aae22ddfe5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 18:35:49 +0000 Subject: [PATCH 02/12] Fix Cookie Authentication guide flow with complete Cookie Policy Middleware examples Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 33 ++++--------- .../samples/3.x/CookieSample/Startup.cs | 13 ++++- .../samples/6.x/CookieSample/Program.cs | 49 ++++++++++++++++++- 3 files changed, 69 insertions(+), 26 deletions(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index 9766dc32b1ba..ecd1b1e3b5ec 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -1,10 +1,11 @@ --- title: Use cookie authentication without ASP.NET Core Identity +ai-usage: ai-assisted author: wadepickett description: Learn how to use cookie authentication without ASP.NET Core Identity. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett -ms.date: 1/1/2022 +ms.date: 09/12/2024 uid: security/authentication/cookie --- # Use cookie authentication without ASP.NET Core Identity @@ -46,22 +47,15 @@ Configure enables cookie policy capabilities. Middleware is processed in the order it's added: - -```csharp -app.UseCookiePolicy(cookiePolicyOptions); -``` +[Cookie Policy Middleware (GitHub Source)](https://github.com/dotnet/aspnetcore/blob/main/src/Security/CookiePolicy/src/CookiePolicyMiddleware.cs) enables cookie policy capabilities. Middleware is processed in the order it's added, and Cookie Policy Middleware should be added before cookie authentication middleware. Use provided to the Cookie Policy Middleware to control global characteristics of cookie processing and hook into cookie processing handlers when cookies are appended or deleted. The default value is `SameSiteMode.Lax` to permit OAuth2 authentication. To strictly enforce a same-site policy of `SameSiteMode.Strict`, set the `MinimumSameSitePolicy`. Although this setting breaks OAuth2 and other cross-origin authentication schemes, it elevates the level of cookie security for other types of apps that don't rely on cross-origin request processing. -```csharp -var cookiePolicyOptions = new CookiePolicyOptions -{ - MinimumSameSitePolicy = SameSiteMode.Strict, -}; -``` +The following example shows how to configure cookie authentication with Cookie Policy Middleware: + +[!code-csharp[](cookie/samples/6.x/CookieSample/Program.cs?name=snippet_policy&highlight=27-32,35)] The Cookie Policy Middleware setting for `MinimumSameSitePolicy` can affect the setting of `Cookie.SameSite` in `CookieAuthenticationOptions` settings according to the matrix below. @@ -223,22 +217,15 @@ services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) ## Cookie Policy Middleware -[Cookie Policy Middleware](xref:Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware) enables cookie policy capabilities. Adding the middleware to the app processing pipeline is order sensitive—it only affects downstream components registered in the pipeline. - -```csharp -app.UseCookiePolicy(cookiePolicyOptions); -``` +[Cookie Policy Middleware](xref:Microsoft.AspNetCore.CookiePolicy.CookiePolicyMiddleware) enables cookie policy capabilities. Adding the middleware to the app processing pipeline is order sensitive—it only affects downstream components registered in the pipeline, and Cookie Policy Middleware should be added before cookie authentication middleware. Use provided to the Cookie Policy Middleware to control global characteristics of cookie processing and hook into cookie processing handlers when cookies are appended or deleted. The default value is `SameSiteMode.Lax` to permit OAuth2 authentication. To strictly enforce a same-site policy of `SameSiteMode.Strict`, set the `MinimumSameSitePolicy`. Although this setting breaks OAuth2 and other cross-origin authentication schemes, it elevates the level of cookie security for other types of apps that don't rely on cross-origin request processing. -```csharp -var cookiePolicyOptions = new CookiePolicyOptions -{ - MinimumSameSitePolicy = SameSiteMode.Strict, -}; -``` +The following example shows how to configure cookie authentication with Cookie Policy Middleware: + +[!code-csharp[](cookie/samples/3.x/CookieSample/Startup.cs?name=snippet_policy&highlight=9-14,17)] The Cookie Policy Middleware setting for `MinimumSameSitePolicy` can affect the setting of `Cookie.SameSite` in `CookieAuthenticationOptions` settings according to the matrix below. diff --git a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs index ed6c1507fb77..cc624dd074b7 100644 --- a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs +++ b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs @@ -24,6 +24,7 @@ public void ConfigureServices(IServiceCollection services) services.AddSingleton(); } + #region snippet_policy public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) @@ -40,7 +41,15 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseStaticFiles(); app.UseRouting(); - #region snippet2 + // Configure cookie policy options + var cookiePolicyOptions = new CookiePolicyOptions + { + MinimumSameSitePolicy = SameSiteMode.Strict, + }; + + // Add Cookie Policy Middleware + app.UseCookiePolicy(cookiePolicyOptions); + app.UseAuthentication(); app.UseAuthorization(); @@ -49,7 +58,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) endpoints.MapControllers(); endpoints.MapRazorPages(); }); - #endregion } + #endregion } } diff --git a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs index 066a9b96fc65..163146f1429e 100644 --- a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs +++ b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs @@ -1,4 +1,4 @@ -#define FIRST // FIRST SECOND CC +#define FIRST // FIRST SECOND POLICY CC #if NEVER #elif FIRST #region snippet1 @@ -69,6 +69,53 @@ app.MapRazorPages(); app.MapDefaultControllerRoute(); +app.Run(); +#endregion +#elif POLICY +#region snippet_policy +using Microsoft.AspNetCore.Authentication.Cookies; + +var builder = WebApplication.CreateBuilder(args); + +builder.Services.AddRazorPages(); +builder.Services.AddControllersWithViews(); + +builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) + .AddCookie(options => + { + options.ExpireTimeSpan = TimeSpan.FromMinutes(20); + options.SlidingExpiration = true; + options.AccessDeniedPath = "/Forbidden/"; + }); + +builder.Services.AddHttpContextAccessor(); + +var app = builder.Build(); + +if (!app.Environment.IsDevelopment()) +{ + app.UseExceptionHandler("/Error"); + app.UseHsts(); +} + +app.UseHttpsRedirection(); +app.UseStaticFiles(); + +// Configure cookie policy options +var cookiePolicyOptions = new CookiePolicyOptions +{ + MinimumSameSitePolicy = SameSiteMode.Strict, +}; + +// Add Cookie Policy Middleware +app.UseCookiePolicy(cookiePolicyOptions); + +app.UseAuthentication(); +app.UseAuthorization(); + +app.MapRazorPages(); +app.MapDefaultControllerRoute(); + app.Run(); #endregion #elif CC From 56c35343f35117cf408393604035382c11e327da Mon Sep 17 00:00:00 2001 From: Wade Pickett Date: Fri, 12 Sep 2025 11:43:23 -0700 Subject: [PATCH 03/12] Update aspnetcore/security/authentication/cookie.md Fixing Copilot mistake on ms.date. It claims it is 2024 currently. --- aspnetcore/security/authentication/cookie.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index ecd1b1e3b5ec..da53d72d7d0a 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -5,7 +5,7 @@ author: wadepickett description: Learn how to use cookie authentication without ASP.NET Core Identity. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett -ms.date: 09/12/2024 +ms.date: 09/12/2025 uid: security/authentication/cookie --- # Use cookie authentication without ASP.NET Core Identity From be802316d58ceed8e44175ce284a13cc017b4ada Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 19:04:48 +0000 Subject: [PATCH 04/12] Fix code snippet syntax according to copilot-instructions.md guidelines Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 4 +- .../cookie/snippets/3.x/Startup.cs | 60 +++++++++++++++++++ .../cookie/snippets/6.0/Program.cs | 44 ++++++++++++++ 3 files changed, 106 insertions(+), 2 deletions(-) create mode 100644 aspnetcore/security/authentication/cookie/snippets/3.x/Startup.cs create mode 100644 aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index da53d72d7d0a..c9c21e48dc52 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -55,7 +55,7 @@ The default + { + options.Conventions.AuthorizePage("/Contact"); + }); + + services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) + .AddCookie(); + + services.AddSingleton(); + } + + public void Configure(IApplicationBuilder app, IWebHostEnvironment env) + { + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + } + else + { + app.UseExceptionHandler("/Error"); + app.UseHsts(); + } + + app.UseHttpsRedirection(); + app.UseStaticFiles(); + app.UseRouting(); + + // Configure cookie policy options + var cookiePolicyOptions = new CookiePolicyOptions + { + MinimumSameSitePolicy = SameSiteMode.Strict, + }; + + // Add Cookie Policy Middleware + app.UseCookiePolicy(cookiePolicyOptions); + + app.UseAuthentication(); + app.UseAuthorization(); + + app.UseEndpoints(endpoints => + { + endpoints.MapControllers(); + endpoints.MapRazorPages(); + }); + } + } +} \ No newline at end of file diff --git a/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs new file mode 100644 index 000000000000..673aa1ba1681 --- /dev/null +++ b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs @@ -0,0 +1,44 @@ +using Microsoft.AspNetCore.Authentication.Cookies; + +var builder = WebApplication.CreateBuilder(args); + +builder.Services.AddRazorPages(); +builder.Services.AddControllersWithViews(); + +builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) + .AddCookie(options => + { + options.ExpireTimeSpan = TimeSpan.FromMinutes(20); + options.SlidingExpiration = true; + options.AccessDeniedPath = "/Forbidden/"; + }); + +builder.Services.AddHttpContextAccessor(); + +var app = builder.Build(); + +if (!app.Environment.IsDevelopment()) +{ + app.UseExceptionHandler("/Error"); + app.UseHsts(); +} + +app.UseHttpsRedirection(); +app.UseStaticFiles(); + +// Configure cookie policy options +var cookiePolicyOptions = new CookiePolicyOptions +{ + MinimumSameSitePolicy = SameSiteMode.Strict, +}; + +// Add Cookie Policy Middleware +app.UseCookiePolicy(cookiePolicyOptions); + +app.UseAuthentication(); +app.UseAuthorization(); + +app.MapRazorPages(); +app.MapDefaultControllerRoute(); + +app.Run(); \ No newline at end of file From 04d53c431f748f36b5032f92b407cb6f83a3ad36 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 19:22:26 +0000 Subject: [PATCH 05/12] Replace highlight syntax with named snippet markers using // <snippet_name> format Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 4 ++-- .../security/authentication/cookie/snippets/3.x/Startup.cs | 2 ++ .../security/authentication/cookie/snippets/6.0/Program.cs | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index c9c21e48dc52..1afc0402bbcd 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -55,7 +55,7 @@ The default // Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { @@ -46,6 +47,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) // Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); + // app.UseAuthentication(); app.UseAuthorization(); diff --git a/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs index 673aa1ba1681..b3c9529c8550 100644 --- a/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs +++ b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs @@ -26,6 +26,7 @@ app.UseHttpsRedirection(); app.UseStaticFiles(); +// // Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { @@ -34,6 +35,7 @@ // Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); +// app.UseAuthentication(); app.UseAuthorization(); From 73e9d1326814d3930d3f8a6d0a0037a1266fcd04 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 19:31:58 +0000 Subject: [PATCH 06/12] Restore line highlighting using correct triple-colon syntax with name and highlight attributes Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index 1afc0402bbcd..ae96fd669756 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -55,7 +55,7 @@ The default Date: Fri, 12 Sep 2025 19:53:41 +0000 Subject: [PATCH 07/12] Fix code snippet syntax by removing unsupported name attribute and using correct range/highlight syntax Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index ae96fd669756..6df2d0e7c477 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -55,7 +55,7 @@ The default Date: Fri, 12 Sep 2025 20:32:00 +0000 Subject: [PATCH 08/12] Fix code snippet syntax to use id attribute instead of range according to copilot-instructions.md Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- aspnetcore/security/authentication/cookie.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnetcore/security/authentication/cookie.md b/aspnetcore/security/authentication/cookie.md index 6df2d0e7c477..909083f8677c 100644 --- a/aspnetcore/security/authentication/cookie.md +++ b/aspnetcore/security/authentication/cookie.md @@ -55,7 +55,7 @@ The default Date: Fri, 12 Sep 2025 20:49:46 +0000 Subject: [PATCH 09/12] Replace #region syntax with // <snippet_name> format in sample files according to copilot-instructions.md Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- .../authentication/cookie/samples/3.x/CookieSample/Startup.cs | 4 ++-- .../authentication/cookie/samples/6.x/CookieSample/Program.cs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs index cc624dd074b7..3a33d099ec02 100644 --- a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs +++ b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs @@ -24,7 +24,7 @@ public void ConfigureServices(IServiceCollection services) services.AddSingleton(); } - #region snippet_policy + // public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) @@ -59,6 +59,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) endpoints.MapRazorPages(); }); } - #endregion + // } } diff --git a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs index 163146f1429e..ded70e139292 100644 --- a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs +++ b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs @@ -72,7 +72,7 @@ app.Run(); #endregion #elif POLICY -#region snippet_policy +// using Microsoft.AspNetCore.Authentication.Cookies; var builder = WebApplication.CreateBuilder(args); @@ -117,7 +117,7 @@ app.MapDefaultControllerRoute(); app.Run(); -#endregion +// #elif CC #region snippet_cc using Microsoft.AspNetCore.Authentication.Cookies; From 88f2d215a313b18672cac0abfef7b3104c7e8fa7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 21:14:47 +0000 Subject: [PATCH 10/12] Remove #region syntax and added comments from .cs files per copilot-instructions.md Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- .../cookie/samples/3.x/CookieSample/Startup.cs | 6 ++---- .../cookie/samples/6.x/CookieSample/Program.cs | 14 ++++++-------- .../authentication/cookie/snippets/3.x/Startup.cs | 2 -- .../authentication/cookie/snippets/6.0/Program.cs | 2 -- 4 files changed, 8 insertions(+), 16 deletions(-) diff --git a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs index 3a33d099ec02..57b4647e2c01 100644 --- a/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs +++ b/aspnetcore/security/authentication/cookie/samples/3.x/CookieSample/Startup.cs @@ -16,10 +16,10 @@ public void ConfigureServices(IServiceCollection services) options.Conventions.AuthorizePage("/Contact"); }); - #region snippet1 + // services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(); - #endregion + // services.AddSingleton(); } @@ -41,13 +41,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseStaticFiles(); app.UseRouting(); - // Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Strict, }; - // Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); app.UseAuthentication(); diff --git a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs index ded70e139292..33fd8db08e03 100644 --- a/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs +++ b/aspnetcore/security/authentication/cookie/samples/6.x/CookieSample/Program.cs @@ -1,7 +1,7 @@ #define FIRST // FIRST SECOND POLICY CC #if NEVER #elif FIRST -#region snippet1 +// using Microsoft.AspNetCore.Authentication.Cookies; var builder = WebApplication.CreateBuilder(args); @@ -32,9 +32,9 @@ app.MapDefaultControllerRoute(); app.Run(); -#endregion +// #elif SECOND -#region snippet2 +// using Microsoft.AspNetCore.Authentication.Cookies; var builder = WebApplication.CreateBuilder(args); @@ -70,7 +70,7 @@ app.MapDefaultControllerRoute(); app.Run(); -#endregion +// #elif POLICY // using Microsoft.AspNetCore.Authentication.Cookies; @@ -101,13 +101,11 @@ app.UseHttpsRedirection(); app.UseStaticFiles(); -// Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Strict, }; -// Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); app.UseAuthentication(); @@ -119,7 +117,7 @@ app.Run(); // #elif CC -#region snippet_cc +// using Microsoft.AspNetCore.Authentication.Cookies; var builder = WebApplication.CreateBuilder(args); @@ -153,5 +151,5 @@ app.MapDefaultControllerRoute(); app.Run(); -#endregion +// #endif \ No newline at end of file diff --git a/aspnetcore/security/authentication/cookie/snippets/3.x/Startup.cs b/aspnetcore/security/authentication/cookie/snippets/3.x/Startup.cs index bc6868ed8aab..5b9e1ca187a3 100644 --- a/aspnetcore/security/authentication/cookie/snippets/3.x/Startup.cs +++ b/aspnetcore/security/authentication/cookie/snippets/3.x/Startup.cs @@ -39,13 +39,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseRouting(); // - // Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Strict, }; - // Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); // diff --git a/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs index b3c9529c8550..cdf60d469d47 100644 --- a/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs +++ b/aspnetcore/security/authentication/cookie/snippets/6.0/Program.cs @@ -27,13 +27,11 @@ app.UseStaticFiles(); // -// Configure cookie policy options var cookiePolicyOptions = new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Strict, }; -// Add Cookie Policy Middleware app.UseCookiePolicy(cookiePolicyOptions); // From bb7cf0fda2a67da0fb6eb15cbd73d34b7e8391ea Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 22:27:11 +0000 Subject: [PATCH 11/12] Add comprehensive Copilot PR Success Checklist based on #35782 feedback Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- .github/copilot-instructions.md | 87 +++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 761400b478f5..05184d99cce4 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -145,6 +145,93 @@ When creating a PR for an issue: Console | console | 2 Text | - | 2 +## Copilot PR Success Checklist + +**Use this checklist for every PR to ensure first-commit success and avoid common mistakes:** + +### 1. PR Description Requirements +- [ ] **ALWAYS** include "Fixes #[issue-number]" in the PR description to link back to the original issue +- [ ] Include a clear summary of changes made +- [ ] List all files that were modified with brief descriptions + +### 2. Metadata and Date Requirements +- [ ] **CRITICAL**: Set `ms.date` to the actual current date in MM/DD/YYYY format (GitHub Copilot often uses incorrect future dates) +- [ ] Add `ai-usage: ai-assisted` metadata if any AI assistance was used +- [ ] Place `title` metadata first, followed by remaining metadata in alphabetical order +- [ ] Update `ms.date` if more than 50 characters are changed in existing files + +### 3. Code Snippets - Triple-Colon Syntax Requirements +- [ ] **NEVER** use `[!code-csharp[]]` syntax - this is incorrect and will cause build errors +- [ ] **ALWAYS** use triple-colon syntax: `:::code language="csharp" source="path" id="snippet_name" highlight="lines":::` +- [ ] **NEVER** use `name="snippet_name"` attribute - this is unsupported and causes build errors +- [ ] **ALWAYS** use `id="snippet_name"` to reference named snippets +- [ ] Use `highlight="3-5,9"` for line highlighting (relative to snippet content, not absolute file line numbers) +- [ ] Example of correct syntax: + ```markdown + :::code language="csharp" source="~/path/to/file.cs" id="snippet_policy" highlight="3-5,9"::: + ``` + +### 4. Code Snippet Folder Structure Requirements +- [ ] For code snippets longer than 6 lines, create proper folder structure: + - `article-name/snippets/version/filename.cs` (e.g., `cookie/snippets/6.0/Program.cs`) +- [ ] Create version-specific subfolders: `3.x`, `6.0`, `8.0`, `9.0`, etc. +- [ ] Use file-relative paths for snippets in same article folder +- [ ] Use repository root-relative paths (`~/`) for shared snippets + +### 5. Code Snippet Markers in .cs Files - CRITICAL +- [ ] **NEVER** use `#region snippet_name` and `#endregion` syntax in .cs files +- [ ] **ALWAYS** use `// ` and `// ` format (all lowercase) +- [ ] Examples of correct .cs file snippet markers: + ```csharp + // + var cookiePolicyOptions = new CookiePolicyOptions + { + MinimumSameSitePolicy = SameSiteMode.Strict, + }; + app.UseCookiePolicy(cookiePolicyOptions); + // + ``` +- [ ] **INCORRECT** format to avoid: + ```csharp + #region snippet_policy + // code here + #endregion + ``` + +### 6. Code Comments and Localization +- [ ] **NEVER** add explanatory code comments like `// Configure cookie policy options` in .cs snippet files +- [ ] **NEVER** add comments like `// Add Cookie Policy Middleware` - these prevent proper localization +- [ ] Rely on markdown prose before/after code snippets for explanations instead of inline comments +- [ ] Only keep comments that are essential to the code's functionality + +### 7. Build Validation Requirements +- [ ] **ALWAYS** validate code snippet syntax by checking build logs for errors +- [ ] Watch for "unexpected attribute" errors indicating incorrect syntax usage +- [ ] Test that snippet references resolve correctly (no broken id references) +- [ ] Verify that highlight line numbers are relative to snippet content, not absolute file lines + +### 8. Common Syntax Errors to Avoid +- [ ] Using `range="5-10"` instead of `id="snippet_name"` +- [ ] Using `name="snippet_name"` instead of `id="snippet_name"` +- [ ] Mixing old `[!code-csharp[]]` syntax with new triple-colon syntax +- [ ] Using absolute line numbers in `highlight=""` instead of relative to snippet +- [ ] Using `#region`/`#endregion` in .cs files instead of `// ` format + +### 9. Version-Specific Considerations +- [ ] Create separate snippet files for different .NET versions (3.x, 6.0, 8.0, 9.0+) +- [ ] Ensure examples use appropriate syntax for the target version +- [ ] Reference the correct version-specific snippet file in markdown + +### 10. Final Validation Checklist +- [ ] Verify all triple-colon code references use correct `id=""` syntax +- [ ] Confirm all .cs files use `// ` markers (never #region) +- [ ] Check that no explanatory comments were added to .cs files +- [ ] Validate `ms.date` is set to actual current date (not a future date) +- [ ] Ensure "Fixes #[issue-number]" is in PR description +- [ ] Test build passes without warnings related to your changes + +**Note**: These issues frequently recur due to GitHub Copilot's tendency to use outdated or incorrect syntax patterns. Following this checklist systematically will prevent the iterative correction cycles seen in issue #35782. + ### ASP.NET Core Specific Guidelines - Use the latest supported version for examples unless otherwise specified - Title and section header casing is sentence case (capitalize the first word and any proper nouns) From 577ab8743cf2c169039577ee5befd8f100301e34 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 12 Sep 2025 22:47:45 +0000 Subject: [PATCH 12/12] Remove Copilot PR Success Checklist from .github/copilot-instructions.md file per user request Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com> --- .github/copilot-instructions.md | 87 --------------------------------- 1 file changed, 87 deletions(-) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 05184d99cce4..761400b478f5 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -145,93 +145,6 @@ When creating a PR for an issue: Console | console | 2 Text | - | 2 -## Copilot PR Success Checklist - -**Use this checklist for every PR to ensure first-commit success and avoid common mistakes:** - -### 1. PR Description Requirements -- [ ] **ALWAYS** include "Fixes #[issue-number]" in the PR description to link back to the original issue -- [ ] Include a clear summary of changes made -- [ ] List all files that were modified with brief descriptions - -### 2. Metadata and Date Requirements -- [ ] **CRITICAL**: Set `ms.date` to the actual current date in MM/DD/YYYY format (GitHub Copilot often uses incorrect future dates) -- [ ] Add `ai-usage: ai-assisted` metadata if any AI assistance was used -- [ ] Place `title` metadata first, followed by remaining metadata in alphabetical order -- [ ] Update `ms.date` if more than 50 characters are changed in existing files - -### 3. Code Snippets - Triple-Colon Syntax Requirements -- [ ] **NEVER** use `[!code-csharp[]]` syntax - this is incorrect and will cause build errors -- [ ] **ALWAYS** use triple-colon syntax: `:::code language="csharp" source="path" id="snippet_name" highlight="lines":::` -- [ ] **NEVER** use `name="snippet_name"` attribute - this is unsupported and causes build errors -- [ ] **ALWAYS** use `id="snippet_name"` to reference named snippets -- [ ] Use `highlight="3-5,9"` for line highlighting (relative to snippet content, not absolute file line numbers) -- [ ] Example of correct syntax: - ```markdown - :::code language="csharp" source="~/path/to/file.cs" id="snippet_policy" highlight="3-5,9"::: - ``` - -### 4. Code Snippet Folder Structure Requirements -- [ ] For code snippets longer than 6 lines, create proper folder structure: - - `article-name/snippets/version/filename.cs` (e.g., `cookie/snippets/6.0/Program.cs`) -- [ ] Create version-specific subfolders: `3.x`, `6.0`, `8.0`, `9.0`, etc. -- [ ] Use file-relative paths for snippets in same article folder -- [ ] Use repository root-relative paths (`~/`) for shared snippets - -### 5. Code Snippet Markers in .cs Files - CRITICAL -- [ ] **NEVER** use `#region snippet_name` and `#endregion` syntax in .cs files -- [ ] **ALWAYS** use `// ` and `// ` format (all lowercase) -- [ ] Examples of correct .cs file snippet markers: - ```csharp - // - var cookiePolicyOptions = new CookiePolicyOptions - { - MinimumSameSitePolicy = SameSiteMode.Strict, - }; - app.UseCookiePolicy(cookiePolicyOptions); - // - ``` -- [ ] **INCORRECT** format to avoid: - ```csharp - #region snippet_policy - // code here - #endregion - ``` - -### 6. Code Comments and Localization -- [ ] **NEVER** add explanatory code comments like `// Configure cookie policy options` in .cs snippet files -- [ ] **NEVER** add comments like `// Add Cookie Policy Middleware` - these prevent proper localization -- [ ] Rely on markdown prose before/after code snippets for explanations instead of inline comments -- [ ] Only keep comments that are essential to the code's functionality - -### 7. Build Validation Requirements -- [ ] **ALWAYS** validate code snippet syntax by checking build logs for errors -- [ ] Watch for "unexpected attribute" errors indicating incorrect syntax usage -- [ ] Test that snippet references resolve correctly (no broken id references) -- [ ] Verify that highlight line numbers are relative to snippet content, not absolute file lines - -### 8. Common Syntax Errors to Avoid -- [ ] Using `range="5-10"` instead of `id="snippet_name"` -- [ ] Using `name="snippet_name"` instead of `id="snippet_name"` -- [ ] Mixing old `[!code-csharp[]]` syntax with new triple-colon syntax -- [ ] Using absolute line numbers in `highlight=""` instead of relative to snippet -- [ ] Using `#region`/`#endregion` in .cs files instead of `// ` format - -### 9. Version-Specific Considerations -- [ ] Create separate snippet files for different .NET versions (3.x, 6.0, 8.0, 9.0+) -- [ ] Ensure examples use appropriate syntax for the target version -- [ ] Reference the correct version-specific snippet file in markdown - -### 10. Final Validation Checklist -- [ ] Verify all triple-colon code references use correct `id=""` syntax -- [ ] Confirm all .cs files use `// ` markers (never #region) -- [ ] Check that no explanatory comments were added to .cs files -- [ ] Validate `ms.date` is set to actual current date (not a future date) -- [ ] Ensure "Fixes #[issue-number]" is in PR description -- [ ] Test build passes without warnings related to your changes - -**Note**: These issues frequently recur due to GitHub Copilot's tendency to use outdated or incorrect syntax patterns. Following this checklist systematically will prevent the iterative correction cycles seen in issue #35782. - ### ASP.NET Core Specific Guidelines - Use the latest supported version for examples unless otherwise specified - Title and section header casing is sentence case (capitalize the first word and any proper nouns)