ASP. NET Core 2.1 Certification

ASP. NET Core 2.1 Certification

This article is based on the cookieauthenticationhandler of ASP. NET Core.

Authentication and authorization are similar, their English is very similar, one is authentication authentication, one is authorization authorization.

Authentication in ASP. NET core needs to be configured in the Startup class:

//in the Configureservices method:Services. Addauthentication (option ={option. Defaultscheme="Cookies"; Option. Defaultchallengescheme="Cookies"; Option. Defaultauthenticatescheme="Cookies"; Option. Defaultforbidscheme="Cookies"; Option. Defaultsigninscheme="Cookies"; Option. Defaultsignoutscheme="Cookies"; }). Addcookie ("Cookies", option ={option. Loginpath="/account/login"; Option. Accessdeniedpath="/account/forbidden"; //.......});

// Configure the app in the method . Useauthentication ();

See if authentication is required, respectively, in the Configureservice method and the Configure method.

We see above in the Addauthentication method is configured with an option, this option is a action<authenticationoption> in it, write a bunch of scheme. What does this scheme mean? Let's first explain the actions that take place in Asp.neet core. There are several actions to take place in ASP. NET Core:

1, Login (Signin): The user will be logged on the action.

2, Logout (signout): The user to log out.

3, challenge: This is not good translation, meaning when the user needs to request a protected resource, the system requires users to login. In short he is also a landing action, but passive landing.

4, Certification (Authenticate): Authentication, the system will be the user's information from the Token/cookie read out. It is the opposite of landing this action.

5. Forbid: The system has performed a deny operation on the user.

The above actions are finally performed by a handler, and this handler is a Iauthenticationhandler implementation.

We first give the above summary, and then look at the specific situation. The execution of these actions above the beginning of ASP. Core2.0 is performed through the HttpContext extension method. We take the landing, the others are very similar.

First look at Httpcontext.signinasync this method:

varClaim =NewClaim ("name","Wallee");//a unit of information in many of my messages, as well as age, gender, family, etc.varIdentity =NewClaimsidentity ("ID");//One of my many identity documents, as well as a driver's license, admission ticket, accounting certificate, computer two-level certificate and so on identity. Addclaim (Claim);//Add the above information fragment to my ID cardvarPrincipal=NewClaimsPrincipal (identity);//ID card as the initialization parameter of this person, initializing a ClaimsPrincipal represents a subject. Httpcontext.signinasync (principal);//Finally, using this subject, call the HttpContext extension method to log in. 

The comments in the above code explain some of the information that is irrelevant but important to this article, which is the key to the last line: Httpcontext.signinasync (principal); This line of code implements the final landing. Now let's take a look at its implementation:

 Public Static Task Signinasync (Thisstring  scheme, ClaimsPrincipal principal, Authenticationproperties Properties)    {      return context. Requestservices.getrequiredservice<iauthenticationservice>(). Signinasync (context, scheme, principal, properties);}

The code above is the final implementation of this extension method, which is ultimately because it was initially called by another overloaded method of the same name, but the inside of the method was eventually called to Signinasync.

You can see from the beginning that this method is getting a iauthenticationservice from Di, this thing in services. Addauthentication () This method is injected into Di, which is interesting to look at. This article does not unfold to this.

After that, call the Iauthenticationservice type above the Signinasync (), this method to receive four parameters, are from the Httpcontext.signinasync () method is passed in.

• One is the context, which represents an HTTP context
• One is scheme, which means a scheme
• One is claimsprincipal, which means that a subject is a user
• One is authenticationproperties, used to set some parameters such as cookie duration, etc.

Then continue to look at the Iauthenticationservice.signasync () method:

 Public Virtual AsyncTask Signinasync (HttpContext context,stringscheme, ClaimsPrincipal Principal, authenticationproperties properties) {      if(Principal = =NULL)        Throw NewArgumentNullException (nameof (principal)); if(Scheme = =NULL) {Scheme= (await  This. Schemes.getdefaultsigninschemeasync ())?.        Name; if(Scheme = =NULL)          Throw NewInvalidOperationException ("no authenticationscheme was specified, and there was No Defaultsigninscheme found."); } Iauthenticationsigninhandler Handlerasync=await  This. Handlers.gethandlerasync (context, Scheme) asIauthenticationsigninhandler; if(Handlerasync = =NULL)        Throw NewInvalidOperationException (string. Format ("No Iauthenticationsigninhandler is configured-handle sign on for the scheme: {0}", (Objectscheme)); awaitHandlerasync.signinasync (Principal, properties); }

The process for this method is:

1, judge whether the principal is null if it is thrown exception

2. If scheme is NULL, find the default scheme name from the scheme attribute (Iauthenticationschemeprovider).

3, if the default is also null, throw an exception

4. Use scheme (string), and context (HttpContext) to find Iauthenticationhandler from the handlers attribute (Iauthenticationhandlerprovider).

5, if the fourth step to find the handler is empty, then throw an exception.

6, if not empty, then, there is the last handler to perform signin action, this action requires two parameters, one is Claimsprincipal type of principal, There is also a authenticationproperties's properties.

Summary: The above method of landing from the call HttpContext extension method Signinasync start, will eventually call a receive three parameters (this HttpContext context, string scheme, ClaimsPrincipal Principal, Authenticationproperties Properties,context is not an extension method, this method internally to get a Iauthenticationserivce interface type object from Di, This object is an encapsulation of the iauthenticationscheme and the Iauthenticationhandler. After getting this Iauthentcationservice object, call the Signinasync method on this object, this method will first make some judgments about the scheme parameter, if the SHCME is empty, Then use the scheme (Iauthenticationschemeprovider) property to find a default. If it is empty then throw an exception, then use the Handlers attribute (Iauthenticationhandlerprovider type) to find the final Handler:iauthenticationhandler object to handle the final landing.

ASP. NET Core 2.1 Certification