Enterprise Library: Security Quickstart代码解析篇
Part 2
Written by: Rickie Lee (rickieleemail#yahoo.com)
My blog: www.cnblogs.com/rickie
******
2. Authentication
根据用户提供的凭据验证用户的合法性。
(1)通过凭据验证用户
首先调用AuthenticationFactory.GetAuthenticationProvider方法,并根据Configuration配置文件中包含的Authentication Provider配置信息,创建authenticationProvider认证提供程序对象。然后根据用户输入的用户名和密码,构造包含凭据的NamePasswordCredential对象。
下一步调用authenticationProvider.Authentication方法,并传入NamePasswordCredential凭据对象。如果验证通过,则返回true,并且填充用户身份信息到成员变量identity,否则返回false。
如下是进行用户合法性验证的典型代码:
private IAuthenticationProvider authenticationProvider;
private bool authenticated;
private IIdentity identity;
// The authentication provider "Authentication Provider" is defined in configuration
this.authenticationProvider = AuthenticationFactory.GetAuthenticationProvider("Authentication Provider");
……
string username = this.credentialsForm.Username;
string password = this.credentialsForm.Password;
byte[] passwordBytes = ASCIIEncoding.ASCII.GetBytes(password);
NamePasswordCredential credentials = new NamePasswordCredential(username, passwordBytes);
this.authenticated = this.authenticationProvider.Authenticate(credentials,out this.identity);
if (this.authenticated)
{
this.DisplayAuthenticationResults(SR.ValidCredentialsMessage(username));
}
else
{
this.DisplayAuthenticationResults(SR.InvalidCredentialsMessage(username));
}
(2)获取已验证用户的临时Token
缓存已验证用户的identity信息,并检索对应identity的token。
首先定义用来保存token和缓存cache的成员变量。
然后调用SecurityCacheFactory.GetSecurityCacheProvider方法,并根据Configuration配置信息创建安全缓存(Security Cache)提供程序实例。
下一步调用CachingStoreProvider的SaveIdentity方法,缓存用户identity信息并返回已验证用户的临时token。
如下是获取已验证用户临时Token的典型代码:
// Token for valid identity
private IToken token;
// Security cache to handle tokens
private ISecurityCacheProvider cache;
this.cache = SecurityCacheFactory.GetSecurityCacheProvider("Caching Store Provider");
……
if (this.identity != null)
{
// Cache the identity. The SecurityCache will generate a token which is then
// returned to us.
this.token = this.cache.SaveIdentity(this.identity);
this.DisplayAuthenticationResults(SR.CreateTokenMessage(this.token.Value));
}
else
{
// Tell the user that this scenario requires an authenticated user
this.DisplayAuthenticationResults(SR.CreateTokenRequiresIdentityMessage);
}
(3)使用token检索用户identity信息
通过使用token,而不是频繁使用凭据来认证用户,提高应用程序的性能。这样token成为用户/密码凭据的一种有效替换方式。
直接调用安全缓存(Security Cache)提供程序的GetIdentity方法,并传入token值(该token是在缓存用户identity信息时创建的),就可以检索用户的identity信息。
如下是典型代码:
if (this.token != null)
{
// Retrieves the identity previously saved by using the corresponding token
IIdentity savedIdentity = this.cache.GetIdentity(this.token);
if (savedIdentity != null)
{
this.DisplayAuthenticationResults(SR.RetrieveIdentityMessage(
savedIdentity.Name, savedIdentity.AuthenticationType));
}
else
{
// Token is not valid - it was likely expired.
this.DisplayAuthenticationResults(SR.ExpiredTokenErrorMessage);
}
}
else
{
// Scenerio requires that an identity was created by authenticating using credentials
this.DisplayAuthenticationResults(SR.RetrieveIdentityErrorMessage);
}
(4)使token过期(终止用户session)
在用户logout应用程序时,使token过期,终止用户session。
通过调用安全缓存(Security Cache)提供程序的ExpireIdentity方法来实现。典型代码如下所示:
if (this.token != null)
{
// Expires the identity previously saved by using the corresponding token
this.cache.ExpireIdentity(this.token);
this.DisplayAuthenticationResults(SR.ExpireTokenMessage);
}
else
{
// Scenerio requires that an identity was previously cached
this.DisplayAuthenticationResults(SR.ExpireTokenErrorMessage);
}
***
作者:Rickie Lee (rickieleemail#yahoo.com)
本文参考分析Enterprise Library Security Application Block Quickstart应用程序。
References:
1. Microsoft Enterprise Library:
2. Rickie, Microsoft patterns & practices Enterprise Library January 2005 [中文稿], http://www.cnblogs.com/rickie/archive/2005/01/30/99443.html
3. Rickie, Enterprise Library released! http://www.cnblogs.com/rickie/archive/2005/01/29/99106.html