.net core web is not a very new architecture, many articles mentioned the authentication and authorization process, but usually mentioned method of how to use the inside, rather than a simulation of how the process, so I'm going to record their understanding.
What is certification? We have graduated from college diploma and degree certificates to prove that you are a bachelor.
What is authorized, for example, you are certified after my friend, you can take this identity, we can look into my circle of friends dynamic.
After then .net Authentication and Authorization core is what kind of process, the simple model presented here is I gave you issued a certificate to prove your identity, then, you can get your identity card, you have to go through authentication, authorization, and then enter the People's Republic of China, is the process.
Body parts are I understand it, there may be errors, if not please correct me.
正文
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
[Authorize]
public IActionResult Secret()
{
return View();
}
public IActionResult Authenticate()
{
return RedirectToAction("Index");
}
}
我有一个control,里面action有index ,Secret ,Authenticate。
index View:
<h1>Home Page</h1>
Secret View:
<h1>Secret</h1>
然后我们访问
https://localhost:44350/Home/Index
效果:
如我意料,完全ok的。
然后访问:
https://localhost:44350/Home/Secret
出现了错误:
给了非常详细的提示,没有详细的认证计划,没有默认的怀疑方案被找到。
我们看到,唯一和index 不同的是加入了Authorize这个属性标签,这是个授权的意思,但是提示给我们的是我们没有认证。
好的,说明吧授权之前要认证,要识别出身份,现实中也是这样,能证明你的只有你的身份证,没有身份证我怎么给你授权。
好的,那么就添加认证过程:
认证有非常多种,这里就以cookie来简单的介绍。
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication("CookieAuth").AddCookie("CookieAuth", config =>
{
config.Cookie.Name = "Cook.Name";
config.LoginPath = "/Home/Authenticate";
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
我添加了一段:
services.AddAuthentication("CookieAuth").AddCookie("CookieAuth", config =>
{
config.Cookie.Name = "Cook.Name";
config.LoginPath = "/Home/Authenticate";
});
如果没有cookie认证,那么就跳转到/Home/Authenticate 去认证。
在/Home/Authenticate 下面我没有做任何事情,仅仅是去跳转到/Home/Index
那么正常情况下,是会跳转到/Home/Index。
是的,当我们访问:
https://localhost:44350/Home/Secret
看到的效果是:
https://localhost:44350/Home/Index
这是如我们所料的,那么我们就在/Home/Authenticate做一些事情,比如说颁发证书。
好的,那我们就在/home/Authenticate 中颁发证书:
public IActionResult Authenticate()
{
var SchoolClaims = new List<Claim>()
{
new Claim(ClaimTypes.Name,"Jack"),
new Claim(ClaimTypes.Email,"[email protected]")
};
var LicensClaims = new List<Claim>()
{
new Claim(ClaimTypes.Name,"Jack.li"),
new Claim(ClaimTypes.Email,"[email protected]"),
new Claim("begin","2000.10.1")
};
var SchoolIdentity = new ClaimsIdentity(SchoolClaims,"Student Identity");
var CarManagerIdentity = new ClaimsIdentity(LicensClaims, "Licens Identity");
var userPrincipal = new ClaimsPrincipal(new[] { SchoolIdentity, CarManagerIdentity });
HttpContext.SignInAsync(userPrincipal);
return RedirectToAction("Index");
}
看下代码顺序:
我们创建了List<Claim>(),这些是什么呢?
就是我们的信息。
比如我们驾驶证上有我们的名字,编号。
然后通过:
new ClaimsIdentity(LicensClaims, "Licens Identity");
生成了一个identity,也就是产生了一张证书,这种证书叫做:Licens Identity,当然我们随意名字。
var userPrincipal = new ClaimsPrincipal(new[] { SchoolIdentity, CarManagerIdentity });
我们一生中有身份证,学位证,驾驶证,这么多证书是不是需要一个管理的呢?ClaimsPrincipal就是用来管理证书的。
HttpContext.SignInAsync(userPrincipal); 就会产生证书并且输入到前台。
请看,对这个cooke.name 是不是特别熟悉呢?就是我们启用了cookie 认证,如果忘记了请往上看。
但是访问:
https://localhost:44350/Home/Secret
看到的效果还是:
https://localhost:44350/Home/Index
这是为啥呢?不是认证了吗?
其实:
services.AddAuthentication("CookieAuth").AddCookie("CookieAuth", config =>
{
config.Cookie.Name = "Cook.Name";
config.LoginPath = "/Home/Authenticate";
});
和:
public IActionResult Authenticate()
{
var SchoolClaims = new List<Claim>()
{
new Claim(ClaimTypes.Name,"Jack"),
new Claim(ClaimTypes.Email,"[email protected]")
};
var LicensClaims = new List<Claim>()
{
new Claim(ClaimTypes.Name,"Jack.li"),
new Claim(ClaimTypes.Email,"[email protected]"),
new Claim("begin","2000.10.1")
};
var SchoolIdentity = new ClaimsIdentity(SchoolClaims,"Student Identity");
var CarManagerIdentity = new ClaimsIdentity(LicensClaims, "Licens Identity");
var userPrincipal = new ClaimsPrincipal(new[] { SchoolIdentity, CarManagerIdentity });
HttpContext.SignInAsync(userPrincipal);
return RedirectToAction("Index");
}
重新来看这两个的关系。
得到的错误是没有一个认证的方案,然后写了添加了cookie验证,然后下面的是去实现把证书装配到cookie中。
验证机制生效了,证书也到前台了。最大可能的可能就是没有去拿证书,或者说证书机制除了验证其他的步骤都没有,也就是没有启动证书验证这套流程。
需要加上在:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
启动身份认证:
app.UseAuthentication();
也就是我们说:
services.AddAuthentication("CookieAuth").AddCookie("CookieAuth", config =>
{
config.Cookie.Name = "Cook.Name";
config.LoginPath = "/Home/Authenticate";
});
的费用,所以你们没有必要去担心什么,有一句话也说的号,过了这个村就没有这个店了,我也希望你们能把握住这个机会.