Further to the above .Net Core certification system source code parsing , Cookie certification be commonly used authentication mode, but the front and rear ends are separated from the mainstream, but a little tasteless, does not consider moving end site management background or a website can use this authentication method. Note : browser-based and not before and after the end of the separation of architecture (the page ends with a server-side processing capabilities) mobile terminal do not consider too much trouble before and after the support provided certification Api before the end of the separation to the mobile terminal generally used JwtBearer certification can. IdentityServer4 the password mode in combination. it is suitable, but id4 the password mode for each client must be absolute trust, because to expose username and password. suitable for all certification under the enterprise products. in addition to calling does not support third-party companies. of course id4 offers other models. this is a digression, but the scene was clearly described. so as not to mislead you!
1, Cookie certification process
After the introduction of the core components of certification, certification by the introduction of Cookie scalable manner, using Microsoft programming chain, very elegant a major feature of .Net Core.
Injection Cookie authentication scheme, authentication parameters specified Cookie, Cookie and specify the authentication processor, first introduced parameters do not see what processor did.
Cookie's core authentication method, the first step is as follows:
Some anti must repeat the operation, no shots, is not introduced, safety, just paste the core code. The first step is to read the cookie information exists client.
Microsoft offers certification in Cookie parameter interface, which means you can customize those who read the contents of realized Cookie, Cookie context and he would name it to you, so you can get custom content to achieve Cookie. Cookie then decrypt the content
Microsoft Core into a core encryption component, we own Baidu, key can also be configured by Cookie authentication parameters, if you do not specify, but the use of Microsoft's default implementation, so the client's cookie contents are generally displayed in the encrypted content.
Adhesive
Get cliam seesionId, and not much to say about the claim, self-Baidu .core new identity model must know.
cookie认证参数中你可以配置SessionStore,意味者你的session可以进行持久化管理,数据库还是redis还是分布式环境自行选择.应用场景是cookie过长,客户端无法存储,那么就可以通过配置这个SessionStore来实现.即分布式会话.微软也提供了扩展.
接着,cookie过期检测.
接着
上面的代码意味着cookie可以自动刷新.通过以下两个参数
如果读取到的客户端的cookie支持过期刷新,那么重新写入到客户端.
ok,如果没有在客户端读取到cookie内容,意味者cookie被清除,或者用户是第一次登陆,直接返回认证失败,如果成功,执行认证cookie校验认证上下文的方法
Events可以在AuthenticationSchemeOptions参数中配置
但是Cookie认证参数提供了默认实现
意味者你可以在注入Cookie认证服务的时候,自定义验证cookie结果的验证实现.
通过CookieAuthenticationOptions的Events属性进行注入.验证完毕,
判断上下文中的ShouldRenew参数,这个你可以根据业务需要执行刷新cookie的实现,最后返回认证结果.
整个流程到这里结束.
2、应用
因为登陆页面不能进行认证,所以必须加一个中间件放行登陆页面,代码如下:
public static IApplicationBuilder UseAuthorize(this IApplicationBuilder app) { return app.Use(async (context, next) => { if (context.Request.Path == "/Account/Login") { await next(); } else { var user = context.User; if (user?.Identity?.IsAuthenticated ?? false) { await next(); } else { await context.ChallengeAsync(); } } }); }
接着将中间件注入
接着构建登陆页面和首页,直接网上找了,代码如下: