Introduction to ASP. NET Core Identity (1), asp. netidentity

Introduction to ASP. NET Core Identity (1), asp. netidentity

Preface

In ASP.. NET Core still follows ASP. the Identity Component Library in. NET is responsible for authenticating the user's Identity. In general, it is not as complicated as in MVC 5, because the OWIN is introduced in MVC 5, therefore, many beginners are struggling to learn Identity. They are confused about identity, including me. I spent more than a month learning Identity to understand its principles. Therefore, most developers do not like Identity and do not use it. They will feel kidnapped.

Fortunately, in ASP. in NET Core, the abstraction of modules is gradually clear and the use of middleware makes Identity learning and usage more approachable. Let's take a look at it.

Getting Started

Before starting, let's forget it andEntity FrameworkAnd forget its relationshipAuthenticationFirst, let's learn a few English words.

You may need to understand the following "Words:

#1: Claims

Everyone should know what the ID card looks like:

 

Among them, the name is Obama, the gender is male, the ethnicity is Kenya, and the birth is 1961.08.04. the identity information is one by one, if we want to save these things in the program, how can we design them? Yes, you may think of using a dictionary for storage, a Key, and a Value to meet your needs. However, Key and Value are not very friendly and object-oriented. Is it better if we make an object? At least you can use the smart prompt of vs. Let's change it to the following:

// I will give the object a name named 'claim '. You have no idea. public class Claim {public string ClaimType {get; set;} public string ClaimValue {get; set ;}}

ClaimType is the Key, and ClaimValue represents a Value. In this case, a key-value pair can be stored. Name: Can Obama be saved.

Microsoft is very considerate and has prepared some defaultClaimTypeWhat about it? A lot of common ones are in it. Let's take a look:

The first knowledge point is ClaimTypes.

 

For the sake of reading experience, I only put some. We can see that there are many commonly used tools such as Name, Email, Gender, and MobilePhone. Careful readers may have noticed that its namespace isSystem.Security.ClaimsIt indicates that this is part of the. net Framework. Well, we only need to know so much about it now.

After Claim is introduced, is it very easy? How can I translate it from other places? In this article, it is called "Document Unit ".

#2: ClaimsIdentity

After we have a "Document Unit", we can use it to create an ID card. How should we make it? Some people may have already thought of it. Yes, it is to create an object, transfer the ID card unit in the constructor, and then get an ID card. We will give this ID card an English name named "ClaimsIdentity". This name looks quite consistent, including Claims indicating its components and Identity indicating its purpose ), A satisfactory name.

In fact, in real life, some of our ID cards are hidden and some of them can be seen directly. For example, you cannot see the fingerprint information stored in the new generation's ID card. These are all stored in the chip in the ID card. What you can see is name, age, and so on. We also need to expose some things when designing an object. Here, our ClaimsIdentity exposes a Name, Lable, and so on.

Another important attribute of our ID card (ClaimsIdentity) is AuthenticationType. What is AuthenticationType? It looks a little familiar. We know what our ID card is for. It is used to prove our identity. When you prove your identity and present it, it actually has many forms of carrier, what does it mean? For example, you can take out a physical ID card, a copy of the paper, or an electronic code, at this time, you need a type field that can represent its existing form. Right, this AuthenticationType is for this purpose.

Then we are adding some retouching to our ID card to make it look nice. For example, we provide some methods to add Claims, delete Claims, and write it into the binary stream, in the end, our ID card object basically looks like this:

Public class ClaimsIdentity {public ClaimsIdentity (IEnumerable <Claim> claims) {} // The name is so important. Of course, it cannot be changed by others, in addition to my son and my surname, This is the virtual public virtual string Name {get;} public string Label {get; set;} // This is my credential type and is also very important, similarly, do not set public virtual string AuthenticationType {get;} public virtual void AddClaim (Claim claim); public virtual void RemoveClaim (Claim claim); public virtual void FindClaim (Claim claim );}

Well, here, our ID card looks perfect, but from the object-oriented perspective, it seems that something is missing? Yes ~, Or abstraction. We need to abstract an interface for some constraints. What are the constraints? As a credential, these attributes are involved:

1. Name. 2. type. 3. Is the credential valid.

The response to the interface is as follows. We give the interface the name "Identity )":

The second point is the IIdentity interface.

// Define the basic functions of the Credential object. Public interface IIdentity {// credential Name string Name {get;} // The carrier type used to identify the credential. String AuthenticationType {get;} // whether the credential is valid. Bool IsAuthenticated {get ;}}

So our ClaimsIdentity eventually looks like this:

public class ClaimsIdentity : IIdentity{  //......}

After ClaimsIdentity is introduced, it is easy to find out. I don't care how to translate it from other places. In this article, it is called "ID card ".

#3: ClaimsPrincipal

With my ID card, we can prove that I am mine. Sometimes a person has many ID cards. What do you guess this person is doing? Yes, either scalpers or scammers.

However, sometimes a person has many other identities. What do you guess this person is doing? This is normal, right? For example, you can be a teacher, mother, or merchant at the same time. If you want to prove that you have these identities at the same time, you may need to present a license, your child's birth certificate, and the business license of the legal representative.

In the program, an ID card not only represents you, but also represents an identity that proves your primary identity. If a person has many other identities, you need something (carrier) to carry these creden, right? OK. Let's name the object that needs to carry the document, "ClaimsPrincipal.

The following is the description of the word Principal in the dictionary. You should have no opinion on it:

Principal ['pr published ns published pl]

Mainly; capital

N. headers; principals; capital; Clients

At this time, some students may ask, should they be calledClaimsIdentityPrincipalBetter? Well, I also think it may be better to call ClaimsIdentityPrincipal. Maybe Microsoft's people may be lazy.ClaimsPrincipal.

After knowing its functions, the code is very easy to write, just like the ClaimsIdentity above:

Public class ClaimsPrincipal {// give all the credencipto the client public ClaimsPrincipal (IEnumerable <ClaimsIdentity> identities) {} // The main Identity of the client. public virtual IIdentity {get ;} public virtual IEnumerable <ClaimsIdentity> Identities {get;} public virtual void AddIdentity (ClaimsIdentity identity); // Why is there no RemoveIdentity ?}

At that time, people seemed almost perfect, but we still need to abstract them. What else do we need to abstract? As a client, you should have a primary identity, that is, your ID card. You may also use a role (the role will be detailed later, here you know there is such a thing ).

The third point is the IPrincipal interface.

Public interface IPrincipal {// Identity IIdentity {get;} // whether the specified role is bool IsInRole (string role );}

Then our document client looks like this:

public class ClaimsPrincipal : IPrincipal {  //...}

The introduction of ClaimsPrincipal is complete, isn't it easy? I don't care how to translate from other places. In this article, it is called "document owner ".

I want to know about the logical relationship between the two parties, including "claim unit", "ID card (ClaimsIdentity)", and "ClaimsPrincipal, the figure below shows an incomplete identity login part. You can understand the part of the virtual coil:

 

We can see that we have some identification units on the app side first, and then callClaimsIdentityInitialize the document unit as an ID card, and then hand over the ID card to the relevant party for safekeeping.

After writing Getting Started, I found it was so long that I planned to write it into a series, maybe 3-4.

Summary

Well, I will introduce it here first. In this blog, we learned a few English words and learned how these English words play a role in the program. According to the figure, we know the location of these objects in the entire authentication system. I found that it is not enough to clarify identity by relying solely on this blog..NET AuthenticationMiddleware gets rid of it. After you have mastered the entire authentication system of. NET, let's take a look at the love and hate of Identiy and Entity Framework.

The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.