ASP. NET Core Cookie Authentication

Implement cookie-based authentication and create a new core MVC project

Create a new admin controller tag authorize to test the authentication

  [Authorize]    publicclass  admincontroller:controller    {          public Iactionresult Index ()        {            return  View ();        }    }

A cookie is injected into the configureservices, and the Loginpath address is set up here to facilitate debugging, and points to the authentication place. Need to add cookies and certifications in front of MVC

      Public void configureservices (iservicecollection services)        {            // inject cookie authentication             services. Addauthentication (Cookieauthenticationdefaults.authenticationscheme)                . Addcookie (options=> {
Options. Loginpath = "/account/login";
Options. Accessdeniedpath = "/account/login"; Address without permission to access

});

 Services. Addmvc (); }

    Public voidConfigure (Iapplicationbuilder app, Ihostingenvironment env) {if(env. Isdevelopment ()) {app.                Usebrowserlink (); App.            Usedeveloperexceptionpage (); }            Else{app. Useexceptionhandler ("/home/error"); } app.            Usestaticfiles (); //Add authenticationapp.            Useauthentication (); App. USEMVC (Routes={routes. MapRoute (Name:"default", Template:"{controller=account}/{action=login}/{id?}");        }); }

Create a new account controller to implement authentication. Use Httpcontext.signinasync, and Httpkcontext.signoutasync to log in and out

   Public classAccountcontroller:controller { PublicIactionresult Login () {returnView (); }         PublicIactionresult Loginin () {//set up user information official environment before this go login logic, save user information            varClaims =NewList<claim>            {               NewClaim (Claimtypes.name,"Leo"),               NewClaim (Claimtypes.role,"Admin")            }; //Httpcontext.signinasync is Claimsprincipal, so you need to turn around. AuthenticationType parameter must be written or not recognized            varClaimsindntity =Newclaimsidentity (claims, cookieauthenticationdefaults.authenticationscheme); Httpcontext.signinasync (Cookieauthenticationdefaults.authenticationscheme,NewClaimsPrincipal (claimsindntity)); returnOk (); }         PublicIactionresult loginout () {Httpcontext.signoutasync (Cookieauthenticationdefaults.authenticationsche            ME); returnOk (); }    }

Run the code into the login page by default, URL access/admin/index will find that the URL of the page has changed 4, there is no login page, the following simulation to see the whole process.

In the account controller, write the Loginin and Loginout methods to implement the login and logout functions, the return value is changed to return OK (), the two methods into the API form. The account controller sets up anonymous access, which is tested directly by modifying the URL.

First access to Loginin, you can see the request is completed, write a cookie to the client, when again access to/admin/index, the admin controller authentication through

After the test loginout logout, the authenticated cache clears and then accesses the/admin/index again, the request is intercepted again and the login page is turned

ASP. NET Core Cookie Authentication