The basic configuration, press out of AddCookie
using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; namespace auth.mvc { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //services.Configure<CookiePolicyOptions>(options => { // // This lambda determines whether user consent for non-essential cookies is needed for a given request. // options.CheckConsentNeeded = context => true; // options.MinimumSameSitePolicy = SameSiteMode.None; //}); services.AddAuthentication(x => { x.DefaultScheme="alber"; x.DefaultChallengeScheme = "alber"; x.DefaultAuthenticateScheme = "alber"; x.DefaultForbidScheme = "alber"; x.DefaultSignInScheme = "alber"; x.DefaultSignOutScheme = "alber"; }) .AddCookie("alber", config => { //config.LoginPath = "/home/loginview"; config.AccessDeniedPath = "/home/loginview"; } ); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseAuthentication(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } } }
Log in, and protection of interception
using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; using auth.mvc.Models; using System.Security.Claims; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; namespace auth.mvc.Controllers { public class HomeController : Controller { public IActionResult Index() { return View(); } public IActionResult Welcome(string userName) { if (string.IsNullOrWhiteSpace(userName)) { ViewBag.userName=this.TempData["towelcome"]; this.TempData.Clear(); } else { ViewBag.userName = userName; } return View(); } [Authorize(AuthenticationSchemes ="alber")] public IActionResult Privacy() { return View(); } [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] public IActionResult Error() { return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); } public IActionResult LoginView() { return View(); } public async Task Login(LoginModel p) { if (p.account != "tom.write" && p.pwd =! " 111 223 " ) { the await Task.FromException ( new new Exception ( " Account has pwd or Wrong " )); } var CI = new new ClaimsIdentity ( " Alber " ); // before the pit here , did not write the string inside, you still can not access a protected resource, the reason here ci.AddClaim ( new new the Claim (ClaimTypes.Name, p.account)); var cp = new new ClaimsPrincipal (); cp.AddIdentity (CI ); the await the this .HttpContext.SignInAsync (CP); // if (string.IsNullOrEmpty(HttpContext.Request.Form["ReturnUrl"])) HttpContext.Response.Redirect($"/Home/Welcome?userName={p.account}"); if (string.IsNullOrEmpty(HttpContext.Request.Form["ReturnUrl"])) { //RedirectToAction($"Welcome",new{userName=p.account }); HttpContext.Response.Redirect("Welcome"); this.TempData["towelcome"] = p.account; } else HttpContext.Response.Redirect(HttpContext.Request.Form["ReturnUrl"]); } } }
So I completed the most simple validation request to view brought cookie found that indeed there is a request by the cookie value HttpContext.SignInAsync extension method written headers inside, which is issued by authentication and authorization verification of credentials.