背景
Asp.Net Core 项目升级至 2.x 版本后,Cookie 验证方式需要进行更新。
升级前:.Net Core 1.x
Startup.cs
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
// Other Options ...
// IMPORTANT: UseCookieAuthentication() MUST before UseMvc() app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "MyCookieMiddlewareInstance", LoginPath = new PathString("/Home/Index/"), AccessDeniedPath = new PathString("/Home/AccessDenied/"), AutomaticAuthenticate = true, AutomaticChallenge = true, CookiePath = "/" }); // Add MVC to the request pipeline. app.UseMvc(routes => { routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}"); }); }
Login
var claims = new List<Claim> { new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Sid, Convert.ToString(user.Gid)) }; var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "AccountLogin")); var property = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddHours(1) }; await HttpContext.Authentication.SignInAsync("MyCookieMiddlewareInstance", principal, property); return RedirectToAction(nameof(LoginController.Index), "Candidate");
Logout
HttpContext.Session.Clear(); await HttpContext.Authentication.SignOutAsync("MyCookieMiddlewareInstance"); return RedirectToAction(nameof(HomeController.Index), "Home");
升级后:.Net Core 2.x
Startup.cs
public void ConfigureServices(IServiceCollection services) { services.AddAuthentication("MyCookieAuthenticationScheme") .AddCookie("MyCookieAuthenticationScheme", options => { options.SlidingExpiration = false; options.ExpireTimeSpan = TimeSpan.FromHours(1); options.Cookie = new CookieBuilder { HttpOnly = true, Name = "MyCookie", Path = "/" }; options.LoginPath = "/Home/Index/"; options.AccessDeniedPath = "/Home/AccessDenied/"; }); services.AddMvc();
// Other Options ... } public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { // Other Options ...
app.UseAuthentication();
// Add MVC to the request pipeline. app.UseMvc(routes => { routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}"); }); }
Login
var claims = new List<Claim> { new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Sid, Convert.ToString(user.Gid)) }; var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, "AccountLogin")); await HttpContext.SignInAsync("MyCookieAuthenticationScheme", principal); return RedirectToAction(nameof(CandidateController.Index), "Candidate");
Logout
HttpContext.Session.Clear(); await HttpContext.SignOutAsync("MyCookieAuthenticationScheme"); return RedirectToAction(nameof(HomeController.Index), "Home");
参考资料(了解更多细节)
https://www.cnblogs.com/tdfblog/p/aspnet-core-security-authentication-cookie.html