.net core 2.0 登陆权限验证

首先在Startup的ConfigureServices方法添加一段权限代码

services.AddAuthentication(x=> {
                x.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                x.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, x =>
                    {
                        //登录地址
                        x.LoginPath = "/Home/Login";
                        //sid
                        x.Cookie.Name = "mycookie";
                        x.Cookie.Path = "/";
                        x.Cookie.HttpOnly = true;
                        x.Cookie.Expiration = new TimeSpan(0, 0, 30);
                        x.ExpireTimeSpan = new TimeSpan(0, 0, 30);
                    });

这里整理下目录。

有个HomeController，首页的Index页面添加[Authorize]，需要权限进入

有个Login的action，登录页

添加登录方法SignIn

public async Task<IActionResult> SignIn(LoginViewModel model)
        {
            if (ModelState.IsValid)
            {
                var claims = new List<Claim>();
                claims.Add(new Claim(ClaimTypes.Name, model.UserName));
                var identity = new ClaimsIdentity(claims, "login");
                var principal = new ClaimsPrincipal(identity);

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

                if (principal.Identity.IsAuthenticated)
                    return RedirectToAction("Index");
            }

            return View();
        }

添加登录页面

@{
    ViewData["Title"] = "Login";
}

<h2>Login</h2>

<form method="post" action="/home/SignIn">
    用户名<input type="text" name="username" />
    密码<input type="password" name="password" />
    <button type="submit" class="btn">登录</button>
</form>

因为在Startup里面配置了当没权限时进入登录页面  

                        x.LoginPath = "/Home/Login";

此时运行程序，会跳转到登录页面

输入用户名密码登陆，登录验证成功后就可以跳转到Index了。

再添加个退出

public async Task<IActionResult> SignOut()
        {
            if (HttpContext.User.Identity.IsAuthenticated)
                await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

            return RedirectToAction("Login");
        } 

在页面上可以通过这段代码判断是否登录

Context.User.Identity.IsAuthenticated