asp.net core 2.x 的 简单认证授权

基本配置,按 AddCookie搞的

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

namespace auth.mvc {
    public class Startup {
        public Startup(IConfiguration configuration) {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services) {
            //services.Configure<CookiePolicyOptions>(options => {
            //    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            //    options.CheckConsentNeeded = context => true;
            //    options.MinimumSameSitePolicy = SameSiteMode.None;
            //});

            services.AddAuthentication(x => {
                x.DefaultScheme="alber";
                x.DefaultChallengeScheme = "alber";
                x.DefaultAuthenticateScheme = "alber";
                x.DefaultForbidScheme = "alber";
                x.DefaultSignInScheme = "alber";
                x.DefaultSignOutScheme = "alber";
            })
                .AddCookie("alber",
                    config => {
                        //config.LoginPath = "/home/loginview";
                        config.AccessDeniedPath = "/home/loginview";
                    }
                );
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
            if (env.IsDevelopment()) {
                app.UseDeveloperExceptionPage();
            } else {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();
            app.UseAuthentication();
            app.UseMvc(routes => {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

登录,与保护拦截

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using auth.mvc.Models;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;

namespace auth.mvc.Controllers {
    public class HomeController : Controller {
        public IActionResult Index() {
            return View();
        }
        public IActionResult Welcome(string userName) {
            if (string.IsNullOrWhiteSpace(userName)) {
                ViewBag.userName=this.TempData["towelcome"];
                this.TempData.Clear();
            } else {
                ViewBag.userName = userName;
            }
            return View();
        }
        [Authorize(AuthenticationSchemes ="alber")]
        public IActionResult Privacy() {
            return View();
        }

        [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
        public IActionResult Error() {
            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
        }
        public IActionResult LoginView() {
            return View();
        }
        public async Task Login(LoginModel p) {
            if (p.account != "tom.write" && p.pwd != "111223") {
                await Task.FromException(new Exception("account or pwd has wrong"));
            }
            var ci = new ClaimsIdentity("alber");// 之前这里有个大坑,没写里面的字符串,就始终不能访问受保护资源,原因就在这里
            ci.AddClaim(new Claim(ClaimTypes.Name, p.account));
            var cp = new ClaimsPrincipal();
            cp.AddIdentity(ci);
            await this.HttpContext.SignInAsync(cp);
            //  if (string.IsNullOrEmpty(HttpContext.Request.Form["ReturnUrl"])) HttpContext.Response.Redirect($"/Home/Welcome?userName={p.account}");
            if (string.IsNullOrEmpty(HttpContext.Request.Form["ReturnUrl"])) {

                //RedirectToAction($"Welcome",new{userName=p.account });
                HttpContext.Response.Redirect("Welcome");
                this.TempData["towelcome"] = p.account;
            } else HttpContext.Response.Redirect(HttpContext.Request.Form["ReturnUrl"]);
        }
    }
}

这样我完成了最简单的验证查看请求所带cookie发现的确在请求 headers里面存在由HttpContext.SignInAsync 扩展方法所写入的cookie值,这正是发按认证与授权验证的凭据。

posted on 2019-06-10 01:20  ProjectDD  阅读(347)  评论(0编辑  收藏  举报