Asp.net Core认证和授权:Cookie认证
2019-01-23 21:06 糯米粥 阅读(1743) 评论(0) 编辑 收藏 举报关于asp.net core 的文章,博客园已经有很多大牛写过了。
这里我只是记录下自己在学习中的点滴和一些不懂的地方
Cookie一般是用户网站授权,当用户访问需要授权(authorization)的页面,程序会判断是否已经授权,并认证
添加认证代码:
引入命名空间:Microsoft.AspNetCore.Authentication.Cookies;
添加服务
public void ConfigureServices(IServiceCollection services) { services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(); }
注册中间件,添加到管道
app.UseAuthentication();
注意:一定要在app.UseMvc之前添加
我们通过源码可以看到cookie的一些默认配置
// Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using Microsoft.AspNetCore.Http; namespace Microsoft.AspNetCore.Authentication.Cookies { /// <summary> /// Default values related to cookie-based authentication handler /// </summary> public static class CookieAuthenticationDefaults { /// <summary> /// The default value used for CookieAuthenticationOptions.AuthenticationScheme /// </summary> public const string AuthenticationScheme = "Cookies"; /// <summary> /// The prefix used to provide a default CookieAuthenticationOptions.CookieName /// </summary> public static readonly string CookiePrefix = ".AspNetCore."; /// <summary> /// The default value used by CookieAuthenticationMiddleware for the /// CookieAuthenticationOptions.LoginPath /// </summary> public static readonly PathString LoginPath = new PathString("/Account/Login"); /// <summary> /// The default value used by CookieAuthenticationMiddleware for the /// CookieAuthenticationOptions.LogoutPath /// </summary> public static readonly PathString LogoutPath = new PathString("/Account/Logout"); /// <summary> /// The default value used by CookieAuthenticationMiddleware for the /// CookieAuthenticationOptions.AccessDeniedPath /// </summary> public static readonly PathString AccessDeniedPath = new PathString("/Account/AccessDenied"); /// <summary> /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter /// </summary> public static readonly string ReturnUrlParameter = "ReturnUrl"; } }
我们可以自己修改:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(option => { option.LoginPath = "/Login"; //没有授权,跳转的url option.LogoutPath = "/Login"; //退出,的url });
因为cookie在有效期内都是有效的,如果用户资料修改了,客户端的Cookie是不知道的
网上有人提出了解决方案,如果用户修改了资料,在数据库用一个字段记录,cookie有个事件,在每次请求都会访问
option.Events.OnValidatePrincipal = ValidatePrincipal
想添加多个可以这样写:
option.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ValidatePrincipal,
//OnRedirectToLogin =
};
public async Task ValidatePrincipal(CookieValidatePrincipalContext context) { var _Context = context.HttpContext.RequestServices.GetRequiredService<EFContext>(); var s = context.HttpContext.RequestServices.GetService<EFContext>(); var principal = context.Principal; var u = principal.Claims.Select(c => c.Type == "isEdit").FirstOrDefault(); if (u) { //更新数据库状态 // // 1. 验证失败 等同于 Principal = principal; context.RejectPrincipal(); //登出 await AuthenticationHttpContextExtensions.SignOutAsync(context.HttpContext, CookieAuthenticationDefaults.AuthenticationScheme); // 2. 验证通过,并会重新生成Cookie。 //context.ShouldRenew = true; } }
用户登陆,网上有人这里解释的
ClaimsIdentity(身份证),Claims(身份信息)
ClaimsPrinciple (证件所有者)
这个也很恰当
https://www.cnblogs.com/dudu/p/6367303.html
[HttpPost] public async Task<IActionResult> Login(string ReturnUrl, User model) { if (model.UserName=="cnblogs" && model.PassWord == "pwd") { /* ClaimsIdentity(身份证),Claims(身份信息) ClaimsPrinciple (证件所有者) */ //身份信息 var claims = new List<Claim> { new Claim(ClaimTypes.Name,"sky"), new Claim("Address","北京海淀"), }; //身份证 var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); //证件所有者 var claimsPrinciple = new ClaimsPrincipal(claimsIdentity); /* 如果登陆选择了记住我,则将cookie持久化 这里默认持久化 */ var properties = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddDays(1), //ExpiresUtc = DateTime.Now.AddDays(1) }; await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrinciple, properties); return Redirect(ReturnUrl); } else return View("index"); }
博客园的大神文章,很多。就放几个参考吧
https://www.cnblogs.com/RainingNight/p/7587194.html
https://www.cnblogs.com/tdfblog/p/7416589.html