zoukankan      html  css  js  c++  java
  • asp.net core认证与授权: cookie身份验证

    网络验证方案大致可分为两种:HTTP协议标准验证如:"Basic"、"Digest"、“Bearer”,非标准的方案如:Form验证、cookie验证。本文介绍的是cookie验证。

    1、创建一个带有mvc的asp.net core 应用程序,本文实例选择的版本是.net 5。(文末有完整demo)

    2、startup中的ConfigureServices和Configure分别增加核心验证代码

    public void ConfigureServices(IServiceCollection services)
            {
                services.AddAuthentication(options =>
                {
                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                }).AddCookie(options =>
                {
                    //cookie认证更多配置
                    options.Cookie.Name = "AuthCookie";//cookie名称
                    options.LoginPath = "/User/Login";//登录路径
                    options.Cookie.HttpOnly = true;//cookie操作权限
                });
                services.AddControllersWithViews();
            }
    
            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
                //验证你是谁,注意顺序,要放到UseAuthorization之前
                app.UseAuthentication();
    
                //是否允许访问
                app.UseAuthorization();      
    
                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllerRoute(
                        name: "default",
                        pattern: "{controller=Home}/{action=Index}/{id?}");
                });
            }

    3、添加UserController.cs核心验证代码

        public class UserController : Controller
        {
            private UserStore _userStore;
            private IHttpContextAccessor _httpcontext;
            public UserController(UserStore userStore, IHttpContextAccessor httpContextAccessor)
            {
                _userStore = userStore;
                _httpcontext = httpContextAccessor;
            }
            /// <summary>
            /// 用户首页
            /// </summary>
            /// <returns></returns>
            public IActionResult Index()
            {
                var IsAuthenticated = _httpcontext.HttpContext.User?.Identity?.IsAuthenticated ?? false;
                if (IsAuthenticated)
                {
                    StringBuilder sb = new StringBuilder();
                    sb.Append($"当前登录用户:{_httpcontext.HttpContext.User.Identity.Name}<br/>");
                    sb.Append($"验证类型:{_httpcontext.HttpContext.User.Identity.AuthenticationType}<br/>");
                    foreach (var item in _httpcontext.HttpContext.User.Claims)
                    {
                        sb.Append($"{item.Type}-{item.Value}<br/>");
                    }
                    ViewBag.UserMessage = sb.ToString();
                }
                ViewBag.IsAuthenticated = IsAuthenticated;
                return View();
            }
            /// <summary>
            /// 登录页
            /// </summary>
            /// <param name="ErrorMessage"></param>
            /// <returns></returns>
            public IActionResult Login(string ErrorMessage)
            {
                ViewBag.ErrorMessage = ErrorMessage;
                return View();
            }
            /// <summary>
            /// 登录验证
            /// </summary>
            /// <param name="Name"></param>
            /// <param name="Password"></param>
            /// <returns></returns>
            [HttpPost]
            public IActionResult Login(string Name, string Password)
            {
                var user = _userStore.FindUser(Name, Password);
                if (user == null)
                {
                    return RedirectToAction("Login", new { ErrorMessage = "用户名密码不正确" });
                }
                else
                {
                    var claimIdentity = new ClaimsIdentity("Cookie");
                    claimIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
                    claimIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name));
                    claimIdentity.AddClaim(new Claim(ClaimTypes.Email, user.Email));
                    claimIdentity.AddClaim(new Claim(ClaimTypes.MobilePhone, user.PhoneNumber));
                    claimIdentity.AddClaim(new Claim(ClaimTypes.DateOfBirth, user.Birthday.ToString()));
    
                    var claimsPrincipal = new ClaimsPrincipal(claimIdentity);
                    HttpContext.SignInAsync(claimsPrincipal);
                    return RedirectToAction("Index");
                }
            }
            /// <summary>
            /// 退出
            /// </summary>
            /// <returns></returns>
            public IActionResult Logout()
            {
                HttpContext.SignOutAsync();
                return Redirect("Index");
            }
        }

    4、身份验证:HomeController中找个action测试身份验证。[Authorize]特性限制访问未经授权的请求的数据/信息,并重定向到登录页面以检查用户是否有效。

      

    /// <summary>
            /// 添加身份验证
            /// </summary>
            /// <returns></returns>
            [Authorize]
            public IActionResult Privacy()
            {
                return View();
            }

    5、完整demo:https://gitee.com/xiaoqingyao/authentication-netcore

    源:https://www.cnblogs.com/RainingNight/p/cookie-authentication-in-asp-net-core.html

  • 相关阅读:
    基本内置类型
    多维数组
    数组
    迭代器
    标准库类型 vector
    标准库类型 string
    运算符优先级表
    类型转换
    sizeof 和逗号运算符
    位运算符
  • 原文地址:https://www.cnblogs.com/chenxizhaolu/p/15459973.html
Copyright © 2011-2022 走看看