在ASP.NET Core 2.0 中使用 CookieAuthentication(新手学习修改)

本人新手刚转 .NET Core 对于Core的某些方面是个小白,今天修改一个大神写的关于Authentication(认证)的认证,以便新手更容易的学习。

 

在ASP.NET Core中关于Security有两个容易混淆的概念一个是Authentication(认证),一个是Authorization(授权)。而前者是确定用户是谁的过程,后者是围绕着他们允许做什么,今天的主题就是关于在ASP.NET Core 2.0中如何使用CookieAuthentication认证。

在ASP.NET Core 2.0中使用CookieAuthentication跟在1.0中有些不同,需要在ConfigureServices和Configure中分别设置,前者我们叫注册服务,后者我们叫注册中间

public void ConfigureServices(IServiceCollection services)
{
   services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                    //后台管理员cookie服务
                    .AddCookie(options =>
                    {
                        options.LoginPath = "/Login/Index";//登录路径
                        options.LogoutPath = "/Login/Logout";//退出路径
                        options.AccessDeniedPath = new PathString("/Error/Forbidden");//拒绝访问页面
                        options.Cookie.Path = "/";
                    });

            services.AddMvc(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                // 因为是后台系统,必须登陆以后才能操作
                options.Filters.Add(new AuthorizeFilter(policy));
            });
}

 登录路径方法需要允许匿名

 

  [AllowAnonymous]
    public class LoginController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
    }

 

------------------分割线,以上配置是后台系统使用,全部匿名不可访问,以下是局部控制器不可访问配置------------------------------------------------------------------------------------------------------------------------------------------------

public void ConfigureServices(IServiceCollection services)
{
   services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                    //后台管理员cookie服务
                    .AddCookie(options =>
                    {
                        options.LoginPath = "/Login/Index";//登录路径
                        options.LogoutPath = "/Login/Logout";//退出路径
                        options.AccessDeniedPath = new PathString("/Error/Forbidden");//拒绝访问页面
                        options.Cookie.Path = "/";
                    });

          services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

控制器需要设置不可匿名访问

 

  [Authorize]
    public class HomeController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
  }

 

 

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }
    app.UseStaticFiles();

  // 使用Authentication中间件,这里关于认证只有一个中间件,具体的认证策略将在服务中注册
    app.UseAuthentication();
    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

 

在配置服务方法中如果使用AddCookie(),没有任何参数,系统会为某些属性指定默认值

public static class CookieAuthenticationDefaults
{
    /// <summary>
    /// The default value used for CookieAuthenticationOptions.AuthenticationScheme
    /// </summary>
    public const string AuthenticationScheme = "Cookies";

    /// <summary>
    /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
    /// </summary>
    public static readonly string CookiePrefix = ".AspNetCore.";

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.LoginPath
    /// </summary>
    public static readonly PathString LoginPath = new PathString("/Account/Login");

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.LogoutPath
    /// </summary>
    public static readonly PathString LogoutPath = new PathString("/Account/Logout");

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.AccessDeniedPath
    /// </summary>
    public static readonly PathString AccessDeniedPath = new PathString("/Account/AccessDenied");

    /// <summary>
    /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter
    /// </summary>
    public static readonly string ReturnUrlParameter = "ReturnUrl";
}

 

根据微软的命名规范在ConfigureServices统一使用Add***,在Configure统一使用Use***

登陆代码

public async Task<IActionResult> LoginDo()
{
  var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bidianqing") }, CookieAuthenticationDefaults.AuthenticationScheme));
  await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, new AuthenticationProperties
  {
    IsPersistent = true,
    ExpiresUtc = DateTimeOffset.Now.Add(TimeSpan.FromDays(180))
  });
  return Redirect("/");
}

 

登出代码





public async Task<IActionResult> Logout()
{
    await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
    return Redirect("/");
}






读取配置




public IActionResult Index()
        {
            if (HttpContext.User.Identity.IsAuthenticated)
            {
                //这里通过 HttpContext.User.Claims 可以将我们在Login这个Action中存储到cookie中的所有
                //claims键值对都读出来,比如我们刚才定义的UserName的值Wangdacui就在这里读取出来了
                var userName = HttpContext.User.Claims.First().Value;


         // var id = httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Sid).Value;


} return View(); }




 


 




原文地址:http://www.cnblogs.com/bidianqing/p/6870163.html


 






            

            
posted @ 
2018-08-16 17:36 
你二哥 
阅读(86) 
评论(0编辑 
收藏 
举报