《ASP.NET Core[源码分析篇] - Authentication认证》: https://cloud.tencent.com/developer/article/1498055
《理解ASP.NET Core验证模型(Claim, ClaimsIdentity, ClaimsPrincipal)不得不读的英文博文》
--------------------------------------------------------------------------------------------------------------------------
services.AddAuthentication() 参考 :https://www.cnblogs.com/liyouming/p/9916777.html
AddAuthentication 源代码:https://github.com/dotnet/aspnetcore/blob/3e1e69eccef4ea54c46c7e706413a0448abbbec9/src/Security/Authentication/Core/src/AuthenticationServiceCollectionExtensions.cs
实际是: services.AddAuthentication();
services.Configure(configureOptions);
【configureOptions 是一个 Action<AuthenticationOptions> 委托方法。定义如下:https://docs.microsoft.com/zh-cn/dotnet/api/microsoft.aspnetcore.authentication.authenticationoptions?view=aspnetcore-3.1 ]
----------------------------------------------------------------------------------------------------------------------------------------------------
配置中间件(身份验证)的代码:app.UseAuthentication(); 实际是: app.UseMiddleware<AuthenticationMiddleware>();
public static IApplicationBuilder UseAuthentication(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return app.UseMiddleware<AuthenticationMiddleware>();
}
AuthenticationMiddleware 源代码 :https://github.com/dotnet/aspnetcore/blob/v3.1.2/src/Security/Authentication/Core/src/AuthenticationMiddleware.cs
public class AuthenticationMiddleware
{
private readonly RequestDelegate _next;
public IAuthenticationSchemeProvider Schemes { get; set; }
public AuthenticationMiddleware(RequestDelegate next, IAuthenticationSchemeProvider schemes) //构造函数
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (schemes == null)
{
throw new ArgumentNullException(nameof(schemes));
}
_next = next;
Schemes = schemes;
}
public async Task Invoke(HttpContext context)
{
context.Features.Set<IAuthenticationFeature>(new AuthenticationFeature
{
OriginalPath = context.Request.Path,
OriginalPathBase = context.Request.PathBase
});
// Give any IAuthenticationRequestHandler schemes a chance to handle the request
var handlers = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
{
var handler = await handlers.GetHandlerAsync(context, scheme.Name) as IAuthenticationRequestHandler;
if (handler != null && await handler.HandleRequestAsync())
{
return;
}
}
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
var result = await context.AuthenticateAsync(defaultAuthenticate.Name);
if (result?.Principal != null)
{
context.User = result.Principal;
}
}
await _next(context);
}
}