[ASP. NET MVC] An analysis of the login Technology of ASP

[ASP. NET MVC] Introduction to the login technology of ASP.

The ASP. NET identity is an open source project that Microsoft contributes to provide ASP, authentication, authorization, and so on. This article describes the operation of the ASP. NET identity when performing the login function, with the browser, as well as the third-party authentication service. Keep a record for yourself, and hope to help developers in need. ( this content greatly simplifies the operation details of the ASP.) to convey the concept of the login function. The actual ASP. NET identity is much more complex than the one described in this article when it works. )

• ASP. Identity-github

Unauthorized (not logged in)

1. When the user uses the browser, the first time to enter the ASP.

2. Because it has not completed the login action, it is known as "not logged in" by ASP.

3. The resource that the user asks to use, if it is a controller or action that is labeled [authorize]. The [authorize] label will return the HTTP 401 status code if the user is not logged in.

4. The applicationcookiemiddleware is an identity mounted to the middleware of ASP. Middleware will intercept the HTTP 401 status code.

5. After the Applicationcookiemiddleware intercepts the HTTP 401 status code, it changes the contents of the callback. Instead, return the HTTP 302 status code and the URL of a login page.

6. When the browser receives the HTTP 302 status code, it automatically jumps to the URL of the login page that is attached to the postback content.

7. Asp. NET platform will return the login page to the browser and ask the user to log in.

Authentication (verification)

1. On the login page, the login page will be linked to the Externallogin action when the user chooses to authenticate with Facebook.

2. Externallogin after receiving a user's choice to use Facebook authentication, a challengeresult is sent back to trigger challenge. Because the user chooses to use Facebook authentication, this challenge action is handled by Facebookauthenticationmiddleware.

3. Facebookauthenticationmiddleware then initiates an OAuth process to exchange information between the Facebook platform and the user's browser to authenticate a consumer. (Reference data: OAuth 2.0 notes-Yu-cheng Chuang)

4. After completing the OAuth process, Facebookauthenticationmiddleware can create a fbuser based on the user information obtained.

5. Fbuser will be taken as a parameter to the Signin action. This signin action will be directed to the identity mounted externalcookiemiddleware to execute.

6. In Externalcookiemiddleware, Fbuser is encoded as a cookie and attached to the content of the callback.

7. After you complete the signin action, Facebookauthenticationmiddleware changes the contents of the callback. Instead, return the HTTP 302 status code, Fbuser encoded as cookie content, and a externallogincallback URL.

Authorization (Authorized)

1. When the browser receives an HTTP 302 status code, it automatically jumps to the Externallogincallback URL contained in the postback content, and also callbacks the Fbuser encoded as the cookie content.

2. Asp. NET decodes Fbuser from the cookie content and defines the login status as "not logged in" according to the definition of the encoding fbuser as a cookie.

3. The Fbuser is then presented to the ASP. NET identity, which is used to obtain the appuser of the system using the identity. In addition to user-related data, this appuser contains role data that is delegated to the user.

4. Appuser will be taken as a parameter to the Signin action. This signin action will be directed to the identity mounted applicationcookiemiddleware to execute.

5. In Applicationcookiemiddleware, Appuser is encoded as a cookie and attached to the content of the callback.

6. When the signin action is completed, the ASP. NET identity changes the contents of the callback. Instead, return the HTTP 302 status code, and the Appuser encoded as cookie content.

Authorized (logged in)

1. After the above process has been completed. Each time a user enters an ASP. NET site using a browser, a appuser encoded as a cookie content is entrained.

2. Asp. NET decodes the Appuser from the cookie content and defines the login status as "logged in" according to the definition of the encoded appuser as a cookie.

3. The resource that the user requires, if it is a controller or action that is tagged with the [authorize] tag. The [authorize] label will discriminate that the user is logged in, allowing and executing the feature content.

4. Asp. NET platform executes the function content, the function page is returned to the browser. This completes the process of logging into the entire ASP.

[ASP. NET MVC] An analysis of the login Technology of ASP