. Net Core 2.0 Preview1 Implementing a custom authentication scheme

The use of Microsoft.authentication in 2.0 has undergone a relatively large change in the 1.1 authentication configuration is completed in the Configure.

public void Configureservices (Iservicecollection services) {services. Addauthentication ();} public void Configure (Iapplicationbuilder app) {app. Usejwtbearerauthentication (new jwtbeareroptions {authority = configuration["Jwt:authority"], Audience = Configuration　　　　　　["Jwt:audience"], Events = new Jwtbearerevents () {onauthenticationfailed = c + = {c.handleresponse ();　　　　　　C.response.statuscode = 500;　　　　　　C.response.contenttype = "Text/plain";　　　　　　if (Environment.isdevelopment ()) {return C.response.writeasync (c.exception.tostring ());　　　　} return C.response.writeasync ("An error occurred processing your authentication."); }　　　　}});

Usejwtbearerauthentication is actually adding a middleware

        public static Iapplicationbuilder Usejwtbearerauthentication (this iapplicationbuilder app, jwtbeareroptions options)        {            if (app = = null)            {                throw new ArgumentNullException (nameof (APP));            }            if (options = = null)            {                throw new ArgumentNullException (nameof (options));            }            Return app. Usemiddleware<jwtbearermiddleware> (Options.create (Options));        }

In 2.0, the authentication configuration is completed in the configureservices, and through the form of scheme-handler to achieve a variety of authentication schemes of strategic choice.

public void Configureservices (Iservicecollection services) {services.　　　　Addjwtbearerauthentication (o = = {o.authority = configuration["jwt:authority"];　　　　O.audience = configuration["Jwt:audience"]; o.events = new Jwtbearerevents () {onauthenticationfailed = c + = {              c.handleresponse ();              C.response.statuscode = $;              C.response.contenttype = "Text/plain";              if (Environment.isdevelopment ())              {                  return C.response.writeasync (c.exception.tostring ());              }              Return C.response.writeasync ("An error occurred processing your authentication.");          }    public void Configure (Iapplicationbuilder app) {    app. Useauthentication ();}

public static Iservicecollection Addjwtbearerauthentication (this iservicecollection services, string Authenticationscheme, action<jwtbeareroptions> configureoptions) {    return services. Addscheme<jwtbeareroptions, Jwtbearerhandler> (Authenticationscheme, configureoptions);}

public static Iapplicationbuilder Useauthentication (this iapplicationbuilder app) {if (app = = null)   {   throw new ArgumentNullException (nameof (APP));   }            Return app. Usemiddleware<authenticationmiddleware> ();}

Namespace microsoft.aspnetcore.authentication{public class Authenticationmiddleware {private ReadOnly Reque        Stdelegate _next; Public Authenticationmiddleware (Requestdelegate Next, iauthenticationschemeprovider schemes) {if (Next            = = null) {throw new ArgumentNullException (Nameof (next));            } if (schemes = = null) {throw new ArgumentNullException (nameof (schemes));            } _next = Next;        schemes = schemes;        Public iauthenticationschemeprovider schemes {get; set;} Public Async Task Invoke (HttpContext context) {context. Features.set<iauthenticationfeature> (new Authenticationfeature {OriginalPath = context. Request.path, Originalpathbase = context.            Request.pathbase});         Review:alternatively could depend on a routing middleware to doing this   Give any iauthenticationrequesthandler schemes a chance to handle the request var handlers = context.            Requestservices.getrequiredservice<iauthenticationhandlerprovider> (); foreach (var scheme in await Schemes.getrequesthandlerschemesasync ()) {var Handler = await hand Lers. Gethandlerasync (context, scheme.                Name) as Iauthenticationrequesthandler; if (handler! = null && await handler.                Handlerequestasync ()) {return;            }} var defaultauthenticate = await schemes.getdefaultauthenticateschemeasync (); if (defaultauthenticate! = null) {var result = await context.                Authenticateasync (Defaultauthenticate.name); if (result?. Principal = null) {context. User = result.                Principal;        }} await _next (context); }    }}

　　

That is, 1.1 when we use different authentication scheme, is the use of different middleware to achieve certification, and 2.0 is just the reverse, the official implementation of a unified authentication middleware, in the middleware to obtain the corresponding scheme of handler, and then call handler to complete the authentication process.

It is very convenient to implement your own authentication scheme in 2.0--Implement a authenticationschemeoptions and a authenticationhandler yourself, and then inject and specify scheme by Addscheme.

Take official jwtbearerauthentication as an example:

Source code here: Https://github.com/aspnet/Security/tree/rel/2.0.0-preview1/src/Microsoft.AspNetCore.Authentication.JwtBearer

Calling Addjwtbearerauthentication in Configureservices is actually called Addscheme, Authenticationscheme is jwtbearerdefaults.authenticationscheme.

Jwtbeareroptions is a class that inherits Authenticationschemeoptions and is used to save the authentication configuration. Jwtbearerhandler inherits the Authenticationhandler<jwtbeareroptions&gt, which is used for authentication process processing, and what dependencies are required, directly injected from the constructor. The key is in both Handleauthenticateasync and Handleunauthorizedasync methods. The certification process is this: 1. Call Addscheme in configureservices to provide <AuthenticationSchemeOptions,AuthenticationHandler> and specify scheme. 2. Call Useauthentication in Configure. 3. Access an action with Authorizeattribute. 4. Authenticationmiddleware gets the Authenticationhandler of the default scheme (or Authorizeattribute specified scheme), Calls to Handler's Handleauthenticateasync, depending on the return result, determines whether to call Handleunauthorizedasync or Handleforbiddenasync. Our own implementation of the certification scheme is mainly to achieve handleauthenticateasync this method, how to write how to certification.

. Net Core 2.0 Preview1 Implementing a custom authentication scheme