码迷,mamicode.com
首页 > Web开发 > 详细

在ASP.NET Core 2.0中使用CookieAuthentication

时间:2017-05-18 01:18:38      阅读:2148      评论:0      收藏:0      [点我收藏+]

标签:sde   user   map   action   1.0   ati   msi   etc   default   

在ASP.NET Core中关于Security有两个容易混淆的概念一个是Authentication(认证),一个是Authorization(授权)。而前者是确定用户是谁的过程,后者是围绕着他们允许做什么,今天的主题就是关于在ASP.NET Core 2.0中如何使用CookieAuthentication认证。

在ASP.NET Core 2.0中使用CookieAuthentication跟在1.0中有些不同,需要在ConfigureServices和Configure中分别设置,前者我们叫注册服务,后者我们叫注册中间件

public void ConfigureServices(IServiceCollection services)
{
    services.AddCookieAuthentication(options =>
    {
        options.ExpireTimeSpan = TimeSpan.FromDays(2);
     // Other options }); services.AddMvc(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build();      // 因为是后台系统,必须登陆以后才能操作 options.Filters.Add(new AuthorizeFilter(policy)); }); }
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }
    app.UseStaticFiles();

  // 使用Authentication中间件 app.UseAuthentication(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }

在上面的services.AddCookieAuthentication中只是指定一下过期时间,如果没有任何参数,系统会为某些属性指定默认值

public static class CookieAuthenticationDefaults
{
    /// <summary>
    /// The default value used for CookieAuthenticationOptions.AuthenticationScheme
    /// </summary>
    public const string AuthenticationScheme = "Cookies";

    /// <summary>
    /// The prefix used to provide a default CookieAuthenticationOptions.CookieName
    /// </summary>
    public static readonly string CookiePrefix = ".AspNetCore.";

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.LoginPath
    /// </summary>
    public static readonly PathString LoginPath = new PathString("/Account/Login");

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.LogoutPath
    /// </summary>
    public static readonly PathString LogoutPath = new PathString("/Account/Logout");

    /// <summary>
    /// The default value used by CookieAuthenticationMiddleware for the
    /// CookieAuthenticationOptions.AccessDeniedPath
    /// </summary>
    public static readonly PathString AccessDeniedPath = new PathString("/Account/AccessDenied");

    /// <summary>
    /// The default value of the CookieAuthenticationOptions.ReturnUrlParameter
    /// </summary>
    public static readonly string ReturnUrlParameter = "ReturnUrl";
}

根据微软的命名规范在ConfigureServices统一使用Add***,在Configure统一使用Use***

登陆代码

public async Task<IActionResult> LoginDo()
{
    var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") },CookieAuthenticationDefaults.AuthenticationScheme));
    await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
    return Redirect("/");
}

登出代码

public async Task<IActionResult> Logout()
{
    await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
    return Redirect("/");
}

在ASP.NET Core 2.0中使用CookieAuthentication

标签:sde   user   map   action   1.0   ati   msi   etc   default   

原文地址:http://www.cnblogs.com/bidianqing/p/6870163.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!