AspNetCore.Docs/aspnetcore/security/authentication/policyschemes.md

---
title: Policy schemes in ASP.NET Core
author: rick-anderson
description: Authentication policy schemes make it easier to have a single logical authentication scheme
ms.author: riande
ms.date: 12/05/2019
uid: security/authentication/policyschemes
---

# Policy schemes in ASP.NET Core

Authentication policy schemes make it easier to have a single logical authentication scheme potentially use multiple approaches. For example, a policy scheme might use Google authentication for challenges, and cookie authentication for everything else. Authentication policy schemes make it:

* Easy to forward any authentication action to another scheme.
* Forward dynamically based on the request.

All authentication schemes that use derived <xref:Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions> and the associated <xref:Microsoft.AspNetCore.Authentication.AuthenticationHandler%601>:

* Are automatically policy schemes in ASP.NET Core 2.1 and later.
* Can be enabled via configuring the scheme's options.

[!code-csharp[sample](policyschemes/samples/AuthenticationSchemeOptions.cs?name=snippet)]

## Examples

The following example shows a higher level scheme that combines lower level schemes. Google authentication is used for challenges, and cookie authentication is used for everything else:

[!code-csharp[sample](policyschemes/samples/Startup.cs?name=snippet1)]

The following example enables dynamic selection of schemes on a per request basis. That is, how to mix cookies and API authentication:

 <!-- REVIEW, missing If set in public Func<HttpContext, string> ForwardDefaultSelector -->

[!code-csharp[sample](policyschemes/samples/Startup.cs?name=snippet2)]
Add a policy schemes doc (#11150) * Create policyschemes.md * Update policyschemes.md * Update policyschemes.md * Update policyschemes.md (#11154) [Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/security/authentication/policyschemes?view=aspnetcore-1.0&branch=pr-en-us-11154) 2019-02-27 13:30:27 +08:00			`---`
			`title: Policy schemes in ASP.NET Core`
			`author: rick-anderson`
			`description: Authentication policy schemes make it easier to have a single logical authentication scheme`
			`ms.author: riande`
Drop styled link text (#16042) 2019-12-06 07:12:26 +08:00			`ms.date: 12/05/2019`
Add a policy schemes doc (#11150) * Create policyschemes.md * Update policyschemes.md * Update policyschemes.md * Update policyschemes.md (#11154) [Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/security/authentication/policyschemes?view=aspnetcore-1.0&branch=pr-en-us-11154) 2019-02-27 13:30:27 +08:00			`uid: security/authentication/policyschemes`
			`---`

			`# Policy schemes in ASP.NET Core`

			`Authentication policy schemes make it easier to have a single logical authentication scheme potentially use multiple approaches. For example, a policy scheme might use Google authentication for challenges, and cookie authentication for everything else. Authentication policy schemes make it:`

			`* Easy to forward any authentication action to another scheme.`
			`* Forward dynamically based on the request.`

Replace /dotnet/api with xrefs in Security (#25017) 2022-02-15 18:49:11 +08:00			`All authentication schemes that use derived <xref:Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions> and the associated <xref:Microsoft.AspNetCore.Authentication.AuthenticationHandler%601>:`
Add a policy schemes doc (#11150) * Create policyschemes.md * Update policyschemes.md * Update policyschemes.md * Update policyschemes.md (#11154) [Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/security/authentication/policyschemes?view=aspnetcore-1.0&branch=pr-en-us-11154) 2019-02-27 13:30:27 +08:00
			`* Are automatically policy schemes in ASP.NET Core 2.1 and later.`
			`* Can be enabled via configuring the scheme's options.`

			`[!code-csharp[sample](policyschemes/samples/AuthenticationSchemeOptions.cs?name=snippet)]`

			`## Examples`

			`The following example shows a higher level scheme that combines lower level schemes. Google authentication is used for challenges, and cookie authentication is used for everything else:`

			`[!code-csharp[sample](policyschemes/samples/Startup.cs?name=snippet1)]`

Fixed comment example for AuthenticationSchemeOptions.ForwardSignOut. (#13199) 2019-07-09 05:03:43 +08:00			`The following example enables dynamic selection of schemes on a per request basis. That is, how to mix cookies and API authentication:`
Add a policy schemes doc (#11150) * Create policyschemes.md * Update policyschemes.md * Update policyschemes.md * Update policyschemes.md (#11154) [Internal review URL](https://review.docs.microsoft.com/en-us/aspnet/core/security/authentication/policyschemes?view=aspnetcore-1.0&branch=pr-en-us-11154) 2019-02-27 13:30:27 +08:00
			`<!-- REVIEW, missing If set in public Func<HttpContext, string> ForwardDefaultSelector -->`

			`[!code-csharp[sample](policyschemes/samples/Startup.cs?name=snippet2)]`