Program.cs
//选择使用那种方式来身份验证 builder.Services.AddAuthentication(option => { option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; //默认身份验证方案 option.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme; option.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; option.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme; option.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme; }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option => { option.LoginPath = "/Account/Login";//如果没有找到用户信息---身份验证失败--授权也失败了---就跳转到指定的Action option.AccessDeniedPath = "/Home/NoAuthority"; }); app.UseRouting(); app.UseAuthentication();//身份验证中间件 app.UseAuthorization(); //授权中间件 app.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");
AccountController.cs
public class AccountController : Controller { [HttpGet] public IActionResult Login() { return View(); } [HttpPost] public async Task<IActionResult> Login(string useName, string password) { if ("admin".Equals(useName) && "123456".Equals(password)) { var claims = new List<Claim>()//身份验证信息 { new Claim(ClaimTypes.Name,$"{useName}"), new Claim("Userid","1"), new Claim(ClaimTypes.Role,"Admin"), new Claim(ClaimTypes.Role,"User"), new Claim(ClaimTypes.Email,$"xxx@163.com"), new Claim("password",password),//可以写入任意数据 new Claim("Account","Administrator"), new Claim("role","admin"), new Claim("QQ","xxx") }; ClaimsPrincipal userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Customer")); HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties { ExpiresUtc = DateTime.UtcNow.AddMinutes(30),//过期时间:30分钟 }).Wait(); var user = HttpContext.User; return base.Redirect("/Fourth/Index"); } else { base.ViewBag.Msg = "用户或密码错误"; } return await Task.FromResult<IActionResult>(View()); } }
重点:
ClaimsPrincipal userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Customer")); HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties { ExpiresUtc = DateTime.UtcNow.AddMinutes(30),//过期时间:30分钟 }).Wait();
检查用户和密码正确后,根据当前用户信息(比如:从数据库查询),创建ClaimsPrincipal
的实例对象,
然后为身份验证方案CookieAuthenticationDefaults.AuthenticationScheme
执行登录。
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties(){....}
其中:CookieAuthenticationDefaults.AuthenticationScheme
是身份验证方案名
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme)
public XXXController:Controller ..... [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)] public IActionResult Xxx() { return View(); }
因为以下代码
builder.Services.AddAuthentication(option => { //设置默认身份验证方案 option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; .... }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option =>
设置了默认的身份验证方案(名)是CookieAuthenticationDefaults.AuthenticationScheme;
可省略方案名
..... [Authorize] public IActionResult Xxx() { return View(); }