update security page

MrBogomips · Mar 9, 2023 · 3e13f2d · 3e13f2d
1 parent 956f651
commit 3e13f2d
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/src/routes/docs/[...2]security.md b/src/routes/docs/[...2]security.md
@@ -212,7 +212,7 @@ Here's an [example project](https://github.com/dj-nitehawk/FastEndpoints-Auth0-D
 
 ## Multiple Authentication Schemes
 
-Multiple auth schemes can be configured as you'd typically do in the asp.net middleare pipeline and specify per endpoint which schemes are to be used for authenticating incoming requests.
+Multiple auth schemes can be configured as you'd typically do in the asp.net middleware pipeline and specify per endpoint which schemes are to be used for authenticating incoming requests.
 
 ```cs title=Program.cs
 builder.Services.AddAuthentication(options =>
@@ -238,7 +238,24 @@ public override void Configure()
 
 In the above example, we're registering both **Cookie** and **JWT Bearer** auth schemes and in the endpoint we're saying **only JWT Bearer** auth scheme should be used for authenticating incoming requests to the endpoint. You can specify multiple schemes and if an incoming request isn't using any of the said schemes, access will not be allowed.
 
-**NOTE:** When registering multiple auth schemes, you will have to do it yourself without the help of the convenient wrapper methods supplied by FastEndpoints.
+Here's an example of how you'd create a custom auth scheme which would combine both cookie and jwt auth when using the wrapper methods offered by FastEndpoints:
+```cs |title=Program.cs
+builder.Services.AddCookieAuth(TimeSpan.FromMinutes(60));
+builder.Services.AddJWTBearerAuth("TokenSigningKey");
+builder.Services.AddAuthentication("Jwt-Or-Cookie")
+    .AddPolicyScheme("Jwt-Or-Cookie", "Jwt-Or-Cookie", o =>
+    {
+        o.ForwardDefaultSelector = ctx =>
+        {
+            if (ctx.Request.Headers.TryGetValue(HeaderNames.Authorization, out var authHeader) &&
+                authHeader.FirstOrDefault()?.StartsWith($"{JwtBearerDefaults.AuthenticationScheme} ") is true)
+            {
+                return JwtBearerDefaults.AuthenticationScheme;
+            }
+            return CookieAuthenticationDefaults.AuthenticationScheme;
+        };
+    });
+```
 
 ---