关于 DotNetCore 的自定义权限管理
1、自定义权限需要扩展 Microsoft.AspNetCore.Authentication 实现一套接口
IAuthenticationHandler, IAuthenticationSignInHandler, IAuthenticationSignOutHandler
public class MyAuthenticationHandler : IAuthenticationHandler, IAuthenticationSignInHandler, IAuthenticationSignOutHandler { public AuthenticationScheme Scheme { get; private set; } protected HttpContext Context { get; private set; } public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) { Scheme = scheme; Context = context; return Task.CompletedTask; } public Task ChallengeAsync(AuthenticationProperties properties) { Context.Response.Redirect("/Account/login"); return Task.CompletedTask; } public async Task<AuthenticateResult> AuthenticateAsync() { var result = await Task.Run<AuthenticateResult>(() => { var cookie = Context.Request.Cookies["myCookie"]; if (string.IsNullOrEmpty(cookie)) { return AuthenticateResult.NoResult(); } return AuthenticateResult.Success(this.Deserialize(cookie)); }); return result; } public Task ForbidAsync(AuthenticationProperties properties) { Context.Response.StatusCode = 403; return Task.CompletedTask; } public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) { var ticket = new AuthenticationTicket(user, properties, Scheme.Name); Context.Response.Cookies.Append("myCookie", Serialize(ticket)); return Task.CompletedTask; } public Task SignOutAsync(AuthenticationProperties properties) { Context.Response.Cookies.Delete("myCookie"); return Task.CompletedTask; } private string Serialize(AuthenticationTicket ticket) { byte[] byteTicket = TicketSerializer.Default.Serialize(ticket); return System.Text.Encoding.Default.GetString(byteTicket); } private AuthenticationTicket Deserialize(string ticket) { byte[] byteTicket = System.Text.Encoding.Default.GetBytes(ticket); return TicketSerializer.Default.Deserialize(byteTicket); } }
2、在 ConfigureServices 中注册服务
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddAuthentication( option => { option.DefaultScheme = "myScheme"; option.AddScheme<MyAuthenticationHandler>("myScheme", "demo scheme"); }); services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddSession(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); }
3、在 void Configure(IApplicationBuilder app, IHostingEnvironment env) 中使用权限检查
app.UseAuthentication();
4、在 Controller 中实现自己的 Login 、Logout
[AllowAnonymous] public async void Login(string username, string password) { var claimIdentity = new ClaimsIdentity("CustomApiKeyAuth"); claimIdentity.AddClaim(new Claim(ClaimTypes.Name, username)); claimIdentity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); await HttpContext.SignInAsync("myScheme", new ClaimsPrincipal(claimIdentity)); await HttpContext.Response.WriteAsync($"Hello {username} login!"); } public async void Logout() { await HttpContext.SignOutAsync("myScheme"); }
5、在 Controller 中使用权限检查特性
[Authorize(Roles = "Admin")] public void Test() { var user = HttpContext.User; HttpContext.Response.WriteAsync($"Test {user.Identity.Name}!"); }
6、测试
在浏览器上输入 https://localhost:44318/account/login?username="aaa"
系统输出: Hello "aaa" login!
在浏览器上输入 https://localhost:44318/account/test
系统输出 : Test "aaa"!
成功运行了。
7、结束语
虽然只是简单的框架代码,但实现了完整的流程控制。方便初学者。
需要源代码的朋友点这里下载。
8、参考资料
《ASP.NET Core 2.0 authentication middleware》
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)