ASP.NET Identity-2 Authentication and Authorization

Others 2020-02-19 17:27:01 views: null

Explore authentication and authorization

In this section, I will explain and demonstrate ASP.NET authentication and authorization works and operation mechanism, and then describes how to use the Katana Middleware and ASP.NET Identity authentication.

1. Understanding ASP.NET forms authentication and authorization mechanisms

Speaking authentication, most probably Forms Authentication (Form-based Authentication) we touch. In order better to understand the ASP.NET forms authentication and authorization mechanisms, I moved out a few years ago an old map showing HttpApplication 19 events, which are registered in the HttpModule, which is also known as the ASP.NET pipeline (Pipeline) event. Popular speaking, when a request arrives at the server, in turn trigger these events ASP.NET runtime.

HttpApplication object is created by the Asp.net help us, it is important to target asp.net in processing the request. To facilitate the expansion, by way of the HttpApplication processing pipeline processing, the processing step is divided into a plurality of steps, each step is exposed to the programmer in the form of events, these events in a fixed order of processing is triggered, the programmer through the preparation of extended processing method can define a process request.

For HttpApplication, to ASP.NET 4.0, offers 19 standard events.

1.BeginRequest: asp.net first event starts processing the request, indicates the start of treatment.

2.AuthenticateRequest: verification request, typically for the user information acquisition request.

3.PostAuthenticateRequest: the user has to obtain the requested information.

4.AuthorizeRequest: authorization, generally used to check the user's request is to get permission.

5.PostAuthorizeRequest: user request has been authorized.

6.ResolveRequestCache: acquisition processing results previously processed cache, if previously cached, then no further processing of the request, direct return cached results.

7.PostResolveRequestCache: it has completed processing the cache.

8.PostMapRequestHandler: has the user's request, to create a handler object request.

9.AcquireRequestState: status acquisition request, a session typically

10.PostAcquireRequestState: has received session

11.PreRequestHandlerExecute: ready to execute handler.

12.PostRequestHandlerExecute: handler has been executed

13.ReleaseRequestState: the release status of the request.

14.PostReleaseRequestState: it has released the status of the request.

15.UpdateRequestCache: update the cache.

16.PostUpdateRequestCache: the cache has been updated.

17.LogRequest: operation request log

18.PostLogRequest: log requested operation has been completed.

19.EndRequest: The request processing is completed.

HttpApplication event processing pipeline brief description see: https://www.cnblogs.com/wfy680/p/12331836.html

 

 Authentication, verify that the user-supplied credentials (Credentials). Once verified, the Cookie generating a unique identifier and outputs it to the browser, the first request from the browser will contain this Cookie.

For ASP.NET applications, we know FormsAuthenticationModule will HttpApplication pipeline (Pipeline) event AuthenticateRequest  register, when a request through the ASP.NET Pipeline, which is triggered by the ASP.NET Runtime, in this event, it will be verified and Cookie to resolve the corresponding user object, it is an object that implements IPrincipal interface. PostAuthenticateRequest  event AuthenticateRequest  after the event is triggered, indicating that the user has the identity check is complete, the user can check the HttpContext the User acquire property and HttpContext.User.Identity.IsAuthenticated property to True.

If the authentication is considered "open", then the owner invite you into the house, but that does not mean you can go to the bedroom or den, your activities may only study - that is authorized. In PostAuthenticateRequest after the trigger event, trigger AuthorizeRequest  event, itUrlAuthorizationModule  are registered (extraneous insert one: UrlAuthorizationModule and FormsAuthenticationModule mentioned above you can find at the level of IIS .config file, which is reflected in a tightly coupled relationship between ASP.NET and IIS). In this event, the requested URL will be based on the web.config authorization  configured node authorization granted as follows Role Kim and all have access to members of the Administrator, and refused to John and anonymous user access.

  1. <authorization>
  2.    <allow users="Kim"/>
  3.    <allow roles="Administrator"/>
  4.    <deny users="John"/>
  5.    <deny users="?"/>
  6. </authorization>

We can sensitive area of ​​application limited access through authentication and authorization, which ensures data security.

 

Guess you like

Origin www.cnblogs.com/wfy680/p/12331865.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com