The new membership framework Asp.net Identity (2) -- Claims and membershipclaims

The new membership framework Asp.net Identity (2) -- Claims and membershipclaims

I originally wanted to introduce the Identity part directly, but I had to dig myself too deeply. This is not the best way. I can only download the source code of Katana for a while. Claims cannot be used to understand and use Identity. Today we will share with you what is Claims and why Identity is based on Claims.

Reading directory:
1. What is Claims and Claims-based identity authentication?
Ii. Advantages of Claims-based Identity Authentication
3. How is Claims applied in Asp.net?
4. Some further supplementary instructions

1. What is Claims and Claims-based identity authentication?

Review the boarding process from the perspective of Claims

OK. Let's redescribe and sort it out from the Claims perspective.

First, Claim is a description. In this example, the Claims includes the following information on the boarding pass:

The passenger's name is Justrun.

The flight is MF8858.

The seat number is 34J.

............................

All the Claims above constitute an Identity, that is, a boarding pass. This boarding pass is based on Claims.

This boarding pass was issued to me after being verified by the airline staff, so the Issuer's airline is Issuer.

When boarding a plane, the staff members can see your boarding pass because they trust the Claims because their Issuer is trusted (airline ). After comparing these Claims, if your boarding flight is correct, you will be boarding the plane.

Ii. Advantages of Claims-based Identity Authentication

It seems that the above process is very troublesome, isn't it? Why isn't it more convenient for passengers to carry their ID cards and air tickets?

It isolates Authentication and authorization, but this is also its biggest advantage.

Think about what it would be like if we don't have a boarding pass. The staff will install equipment at the door of the plane, verify your air ticket and ID card information, check your luggage, and then let you select a seat ........ this is simply unimaginable.

With the boarding pass, the airline will do the verification. The airline is responsible for verifying and issuing the boarding pass. The flight attendant only needs to check your boarding pass so that you can boarding the plane and decide whether you have the permission to take the first class.

With Claims Identity, you can create a Claims Identity through a variety of verification processes, such as using a user name and password, Active Direcity, third-party login (Google, Facebook, QQ, weibo, etc.), and our program mainly uses Claims Identity to determine whether users can use our system, and determine whether users can use and cannot use the functions in the system.

App. useCookieAuthentication (new CookieAuthenticationOptions {AuthenticationType = defaauthauthenticationtypes. applicationCookie, LoginPath = new PathString ("/Account/Login"), Provider = new CookieAuthenticationProvider {// Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. onValidateIdentity = SecurityStampValidator. onValidateIdentity <ApplicationUserManager, ApplicationUser> (validateInterval: TimeSpan. fromMinutes (30), regenerateIdentity: (manager, user) => user. generateUserIdentityAsync (manager ))}});

Start the website and you will be able to see the General login registration process. When we want to access a protected page, we will go to the logon page.

Now we will do a small experiment in this default MVC project. If we do not register or log on, we will directly write forged Claims information for verification.

First, we add a ProtectedPage on ManageController. Because [Authorize] is added to the entire Controller of ManageController, the default ProtectedPage can be accessed only after logon.

public async Task<ActionResult> ProtectedPage(){    return new ContentResult { Content = "This is a protected Page" };}

Directly enter the website, http: // localhost: 4572/Manage/ProtectedPage, as expected, and directly go to the logon page.

Public ActionResult AddClaim () {var claims = new List <Claim> // create our Claim {new Claim (ClaimTypes. name, "Peter"), new Claim (ClaimTypes. email, "justrun_test@outlook.com")}; var identity = new ClaimsIdentity (claims, DefaultAuthenticationTypes. applicationCookie); // construct ClaimsIdentity var ctx = Request. getOwinContext (); var authenticationManager = ctx. authentication; // use OWIN Context to obtain our Authentication Manager authenticationManager. signIn (identity); return Content ("Login Success ");}

Visit the AddClaims page to see the effect.

3. Additional reading:

For more information about OWIN and Katana, see the following articles.

Background and brief introduction of OWIN

Katana introduction and usage

OWIN Middleware

For more details, you can directly down the source code:

Katana Source: https://katanaproject.codeplex.com/SourceControl/latest#README

Asp.net Identity Source: https://github.com/aspnet/Identity/tree/dev/src/Microsoft.AspNet.Identity