ASP. NET Core series "four" based on claim login authorization

Original: ASP. NET Core series "four" based on claim login authorization

Introduced

About what is claim?

Take a look at other great gods articles:

Http://www.cnblogs.com/jesse2013/p/aspnet-identity-claims-based-authentication-and-owin.html

Http://www.cnblogs.com/savorboard/p/aspnetcore-identity.html

Note: I am still rookie beginner stage, if there is wrong place, hope you big Bird point!

Scene

User login is a very common scenario. NET Core login is a bit different from the past, can be said to be in the direction of good development, become more easy to expand, more convenient.

In the previous chapter, there has been a brief introduction, then this chapter, let us take a closer look.

Configuration

1. First you need nuget to install a package:Microsoft.AspNetCore.Authentication.Cookies

Open the Startup.cs file in the project and find the Configureservices method, which we usually do with dependency injection configuration in this method.

 Public voidconfigureservices (iservicecollection services) {//Add Cookie Middleware configurationServices. Addauthentication (options ={options. Defaultauthenticatescheme="Mycookieauthenticationscheme"; Options. Defaultchallengescheme="Mycookieauthenticationscheme"; Options. Defaultsigninscheme="Mycookieauthenticationscheme"; })            . Addcookie ("Mycookieauthenticationscheme", options =            {                //options. Accessdeniedpath = "/account/forbidden";Options. Loginpath ="/home/login";        }); }

The code here means add authorization, add a cookie, configure the login page, and jump page without permission.

2. Find the Configure method and add the app. Useauthentication (), use authorization:

 Public void Configure (Iapplicationbuilder app, Ihostingenvironment env, Efcorecontext context)        {                       app. Useauthentication ();                   }

3. Create a new Controllerand add the method of login:

  Public AsyncTask<iactionresult>Login ([frombody] Sysuser sysuser) {//use EF to get users                varinfo = _context. Sysusers.where (m = m.username = = Sysuser.username && M.password = =Sysuser.password).                FirstOrDefault (); if(Info! =NULL)                {                        //Create an Identity certificate                    varClaims =NewList<claim>() {                    NewClaim (Claimtypes.sid,info. Id.tostring ()),//User ID                    NewClaim (Claimtypes.name,info. UserName)//User name                    }; varIdentity =NewClaimsidentity (Claims,"Testlogin"); varUserprincipal =NewClaimsPrincipal (identity); awaitHttpcontext.signinasync ("Mycookieauthenticationscheme", Userprincipal,Newauthenticationproperties {EXPIRESUTC= DateTime.UtcNow.AddMinutes ( -), Ispersistent=false, Allowrefresh=false                    }); returnJson (New{Success=true                    }); }                Else                {                    returnJson (New{Success=false, Message="Incorrect account name password! "                    }); }        }

From the above code, we come to the specific analysis.

The validation model for ASP. NET Core is claims-based authentication. Claim is a description of the characteristics of the subject being verified, such as: Login user name is Xxx,email xxx, where the "login user name", "email" is claimtype.

A group of claims constitute an identity, with these claims identity is claimsidentity

var claims = new List<claim> () {                    new Claim (Claimtypes.sid,info. Id.tostring ()),//user ID                    new Claim (Claimtypes.name,info. UserName)  //user name                    };                     var identity = new Claimsidentity (claims, "Login");

　　

The owner of Claimsidentity is ClaimsPrincipal .

  var New ClaimsPrincipal (identity);

A claimsprincipal can hold multiple claimsidentity, such as a person who holds a driver's license and a passport.

var New ClaimsPrincipal (identity);                     await Httpcontext.signinasync ("mycookieauthenticationscheme"new  Authenticationproperties                    {                        = DateTime.UtcNow.AddMinutes (),                          False,                        false                    });

Understanding the three concepts of claim, claimsidentity and Claimsprincipal, you can understand why a login cookie is used before the code.

To use a cookie to represent a verified subject, must contain claim, claimsidentity, claimsprincipal The three information, Claimsprincipal is the person who holds the document, Claimsidentity is the document, " Login "is the type of document (this is assumed to be a driver's license) and claim is the information in the driver's license.

We need to verify the permissions on the action above [authorize], if there is no login status, will jump to the login page, how to configure the jump, has a variety of other configurations, see Startup.cs files,

 Public iactionresult Index ()        {// Fetch user information            var userId = User.findfirst (claimtypes.sid). Value;             var userName = User.Identity.Name;             return View ();        }

Why User.Identity.Name can take a username, let's look at the definition of user:

Yes, he's what we're talking about, Claimsprincipal.

At this time, I took out the identity card (claimsidentity), ID card has my name (claim)

4. Sign Out

Public async task<iactionresult> Logout ()        {            await Httpcontext.signoutasync (" Mycookieauthenticationscheme ");            Return redirecttoaction ("Index", "Home");        

　

ASP. NET Core series "four" based on claim login authorization