ASP. NET Core, implementation of permission validation based on claims-boot chapter

What is claims? This is a direct reading of other great God articles, which explains it better. Related articles read: http://www.cnblogs.com/JustRun1983/p/4708176.htmlhttp://www.cnblogs.com/jesse2013/p/ aspnet-identity-claims-based-authentication-and-owin.htmlhttp://www.cnblogs.com/savorboard/p/ Aspnetcore-identity.html claims is called a statement that can be understood as a description of a piece of information related to a user, which can be a user's identity information (NAME,EMAIL,ID) or a user's role, even some custom claims About Claims and Claims-base, the blog Park has a lot of talk, you can check the relevant articles.  This is just a description of how to give the ASP. NET Identity Claims to authenticate the permissions of the business system. In the use of identity as system login and authorization, often use the role, in fact, the role is a kind of claims, and the role of authentication is claimsbase. Create a new ASP. NET core WEB Application project and modify the validation type to: Individual User Accounts. Use the default project template

The default project template has been integrated with the ASP. NET identity-based login verification feature. Run the project, register the user, login. In order to verify that the role is also based on claims, we do not set a role for the user. Now you want to add role-based validation when you access the action.

It is obvious that Home/index cannot be accessed.

The reason is because we did not add the "myrole" role to the user. If we do not want to add a "myrole" role to the user, but want to add a claimtype as role Claims to the user when the user logs in, see if it can be verified. OK, let's try it. Important object: Claims, claimsidentity ClaimsPrincipal can understand this; Claims:claimsidentity: It can be understood that a group of cliams constitutes an identity, such as identity card: Name, gender, identity card number, a series of Claims composed of a identityclaimsprincipal: The holder of the claimsidentity. A claimsprincipal can hold multiple claimsidentity. With these concepts in view, we know where to add the new/custom claims to the user. And when the ASP. NET identity is logged in, it will create ClaimsPrincipal through the Userclaimsprincipalfactory createasync. So what we need to do is inherit userclaimsprincipalfactory, customize a appclaimsprincipalfactory and rewrite the Createasync method.

  Public classAppclaimsprincipalfactory:userclaimsprincipalfactory<applicationuser,identityrole>    {         PublicAppclaimsprincipalfactory (usermanager<applicationuser>Usermanager, rolemanager<IdentityRole>rolemanager, Ioptions<IdentityOptions> optionsaccessor):Base(Usermanager, rolemanager, optionsaccessor) {} Public Async OverrideTask<claimsprincipal>Createasync (applicationuser user) {varPrincipal =await Base.            Createasync (user); ((claimsidentity) principal. Identity). Addclaims (New[] {            NewClaim (Claimtypes.role,"Myrole")        }); returnprincipal; }    }

In the Createasync method, base is called first. Createasync () method, get a Claimsprinciapl object, and then go to Claimsprincipal. Add the custom Claims we want in the identity. , we join new Claim (Claimtypes.role, "Myrole") and then inject the overridden appclaimsprincipalfactory into the service in the start Up method

 Public voidconfigureservices (iservicecollection services) {//ADD Framework Services.Services.            Addapplicationinsightstelemetry (Configuration); Services. Adddbcontext<ApplicationDbContext> (options =options. Usesqlserver (Configuration.getconnectionstring ("defaultconnection"))); Services. Addidentity<applicationuser, identityrole>()                . Addentityframeworkstores<ApplicationDbContext>()                .            Adddefaulttokenproviders (); Services. addscoped<iuserclaimsprincipalfactory<applicationuser>, appclaimsprincipalfactory>(); Services.            Addmvc (); //ADD application services.Services. Addtransient<iemailsender, authmessagesender>(); Services. AddTransient<ismssender, authmessagesender>(); }

Start, run, home/index the page can be accessed normally. As you can tell, Role is also based on Claims base. Since the custom claims can also complete the authorization verification, the various claims are also done in the business system. Similarly, after landing the system, the system will give you a variety of documents, and then you can pass through the documents you have, in the system pass. Next, we customize various claims according to business needs, complete the authorization verification

ASP. NET Core, implementation of permission validation based on claims-boot chapter