Claim represents a declaration unit that is used to compose a claimsidentity. Claimsidentity represents a document, such as identity card, ID card above the name of a claim, social Security number also represents a claim, all these claim form identity card, namely claimsidentity. There is not only one person who can represent the identity, but also the driver's license, hukou and so on, these are a claimsidentity, and we are a claimsprincipal. To use a program to denote is:
Claim Nameclaim = new Claim (claimtypes.name, "pangjianxin"); Claim Idclaim = new Claim (Claimtypes.sid, "1502xxxxxxxxxx"); Claim Genderclaim = new Claim (Claimtypes.gender, "female"); Claim Countryclaim = new Claim (claimtypes.country, "China"); //.... Omit the other elements above the ID card .... Claimsidentity id = new Claimsidentity ("id"); Id. Addclaim (Nameclaim); Id. Addclaim (Idclaim); Id. Addclaim (Genderclaim); Id. Addclaim (Countryclaim); ClaimsPrincipal principal = new ClaimsPrincipal (ID);
The code above shows the construction process of an identity body, but how does the identity principal structure be saved to the client after it is constructed? To know that only save this information, the next time you log on to the site to get this thing to access to the resources (authorize). in ASP. NET core, the above Claimsprincipal is serialized as a authenticationticket. Also known as a stub, ASP. NET core will send this ticket to you, of course not you, but your browser, the browser will help you keep it safe. Then, when you visit the website again, the browser will automatically bring the ticket (Cookie) to access the resources. There are authenticationscheme in the Authenticationticket, which is used to denote authentication (scheme: scheme) (authentication). For example, our existing technology has the cookie authentication, jwtbear authentication, oath2&openidconnect, etc., scheme function is to find a handler, to achieve the final certification. This handler may be cookieauthenticationhandler, Jwtbearerhandler and so on. Another important thing is authenticationoptions, which is used to configure scheme and use the option mode (specifically, this is: services. Configure (options)) to configure, and then to a step need this option, just inject a ioption<toption> in the constructor to inject the configuration. Very flexible OH. This is just the tip of the iceberg, it takes a long time and energy to tell the story. have time to supplement it.
Initial knowledge of ASP. NET core authentication and authorization--claim, claimsidentity, Claimsprincipal