• Core知识整理


    概述

    Commond-Line

    ASP.NET结构文件

     

    Startup

    配置文件

    中间件和依赖注入

    依赖注入原理

    框架自带的依赖注入(IServiceCollection)

    依赖注入生命周期

    依赖注入使用方式

    • 通过构造函数
    • MVC的ActionAction中可以使用 [FromServices]来注入对象、

    中间件(MiddleWare)

    Use:进入中间件http管道模式,

    Map:映射分支 Run:

    执行,并返回Response

    复制代码
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
         app.UseMyMiddleware();
    }
    
    public class MyMiddleware
        {
            private readonly RequestDelegate _next;
            public MyMiddleware(RequestDelegate next)
            {
                _next = next;
            }
            public Task Invoke(HttpContext context)
            {
               //这里是获取context信息后处理的代码
                return this._next(context);
            }
        }
        public static class MyMiddlewareExtensions
        {
            public static IApplicationBuilder UseMyMiddleware(
                this IApplicationBuilder builder)
            {
                return builder.UseMiddleware<MyMiddlewareMiddleware>();
            }
        }
    复制代码

    中间件的执行要注意顺序,因为可以终止http管道的执行

    框架自带中间件

     

     ORM

    Entity Framework Core

    官方地址:https://docs.microsoft.com/zh-cn/ef/core/

    services.AddDbContext<SchoolContext>(options =>options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

    Entity Framework Core-Code First

    //程序包管理控件台
    Install-Package Microsoft.EntityFrameworkCore.SqlServer
    Install-Package Microsoft.EntityFrameworkCore.Tools
    Install-Package Microsoft.VisualStudio.Web.CodeGeneration.Design

    从数据库生成模型

    Scaffold-DbContext "Server=(localdb)mssqllocaldb;Database=Blogging;Trusted_Connection=True;" Microsoft.EntityFrameworkCore.SqlServer -OutputDir Models

    并发控制

    复制代码
    //特性方式
    public class Person
    {
        public int PersonId { get; set; }
    
        [ConcurrencyCheck]
        public string LastName { get; set; }
    
        public string FirstName { get; set; }
    }
    
    //特性API方式
    
    class MyContext : DbContext
    {
        public DbSet<Person> People { get; set; }
    
        protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            modelBuilder.Entity<Person>()
                .Property(p => p.LastName)
                .IsConcurrencyToken();
        }
    }
    
    public class Person
    {
        public int PersonId { get; set; }
        public string LastName { get; set; }
        public string FirstName { get; set; }
    }
    
    //特性时间戳
    
    public class Blog
    {
        public int BlogId { get; set; }
    
        public string Url { get; set; }
        
        [Timestamp]
        public byte[] Timestamp { get; set; }
    }

    //时间戳 class MyContext : DbContext { public DbSet<Blog> Blogs { get; set; } protected override void OnModelCreating(ModelBuilder modelBuilder) { modelBuilder.Entity<Blog>() .Property(p => p.Timestamp) .IsRowVersion(); } } public class Blog { public int BlogId { get; set; } public string Url { get; set; } public byte[] Timestamp { get; set; } }
    复制代码

    Dapper

    官方地址:https://github.com/StackExchange/Dapper

    权限验证

    概念

    Authentication:认证,通过自定义或三方的方式,确定用户有效性,并分配用户一定身份

    Authorization:授权,决定用户可以做什么,可以带上角色或策略来授权,并且是能过Controller或Action上的特性Authorize来授权的。

    验证方式

    ConfigureServices中

    复制代码
    //注入验证 2.0
    services.AddAuthentication(options =>
    {
         options.DefaultChallengeScheme = "MyCookieAuthenticationScheme";
         options.DefaultSignInScheme = "MyCookieAuthenticationScheme";
         options.DefaultAuthenticateScheme = "MyCookieAuthenticationScheme";
    })
    .AddCookie("MyCookieAuthenticationScheme", opt =>
                {
         opt.LoginPath = new PathString("/login");
         opt.AccessDeniedPath = new PathString("/login");
         opt.LogoutPath = new PathString("/login");
         opt.Cookie.Path = "/";
    });
    复制代码

    Configure中

    app.UseAuthentication();

    登录验证

    复制代码
    public class UserTestController : Controller  
    {
          [HttpGet("users")]
          [Authorize(Roles = "admin,system")]
          public IActionResult Index()
          {     return View();      }
          [HttpGet("login")]
          public IActionResult Login(string returnUrl)
          {
              //1、如果登录用户已经Authenticated,提示请勿重复登录
              if (HttpContext.User.Identity.IsAuthenticated)
              {
                  return View("Error", new string[] { "您已经登录!" });
              }else//记录转入地址
              {
                        ViewBag.returnUrl = returnUrl;
              return View();}
          }
    复制代码
    复制代码
    [AllowAnonymous]
    [HttpPost("login")]
    public IActionResult Login(string username, string returnUrl)
    {
                //2、登录后设置验证
            if (username == "gsw")
            {
                 var claims = new Claim[]{
                     new Claim(ClaimTypes.Role, "admin"),
                     new Claim(ClaimTypes.Name,"桂素伟")
                 };
                 HttpContext.SignInAsync("MyCookieAuthenticationScheme",new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookie")));              
                    //给User赋值 
                    var claPris = new ClaimsPrincipal();
                    claPris.AddIdentity(new ClaimsIdentity(claims));
                    HttpContext.User = claPris;
                    return new RedirectResult(returnUrl == null ? "users" : returnUrl);
                }
                else
                {
                    return View();
                }
            }
    复制代码

    UI访问

    复制代码
    //3、UI上访问验证信息
    @if (User.IsInRole("abc"))
     {
         <p>你好: @User.Identity.Name</p>
         <a href="更高权限">更高权限</a>
     }
    复制代码

    权限中间件

    复制代码
    /// <summary>
        /// 权限中间件
        /// </summary>
        public class PermissionMiddleware
        {
            /// <summary>
            /// 管道代理对象
            /// </summary>
            private readonly RequestDelegate _next;
    
            /// <summary>
            /// 权限中间件构造
            /// </summary>
            /// <param name="next">管道代理对象</param>
            /// <param name="permissionResitory">权限仓储对象</param>
            /// <param name="option">权限中间件配置选项</param>
            public PermissionMiddleware(RequestDelegate next)
            {
             _next = next;
            }
            /// <summary>
            /// 调用管道
            /// </summary>
            /// <param name="context"></param>
            /// <returns></returns>
            public Task Invoke(HttpContext context)
            {
                 return this._next(context);
            }
        }
    复制代码

    自定义策略

    复制代码
    /// <summary>
    /// 权限授权Handler
    /// </summary>
    public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
    {
         /// <summary>
         /// 用户权限
         /// </summary>
         public List<Permission> Permissions { get; set; }
    
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
         {
             //赋值用户权限
             Permissions = requirement.Permissions;
             //从AuthorizationHandlerContext转成HttpContext,以便取出表求信息
             var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext;
             //请求Url
             var questUrl = httpContext.Request.Path.Value.ToLower();
             //是否经过验证
             var isAuthenticated = httpContext.User.Identity.IsAuthenticated;
             if (isAuthenticated)
             {
                 //权限中是否存在请求的url
                 if (Permissions.GroupBy(g => g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0)
                 {
                     var name = httpContext.User.Claims.SingleOrDefault(s => s.Type == requirement.ClaimType).Value;                   
                     //验证权限
                     if (Permissions.Where(w => w.Name == name && w.Url.ToLower() == questUrl).Count() > 0)
                     {
                         context.Succeed(requirement);
                     }
                     else
                     {
                         //无权限跳转到拒绝页面
                         httpContext.Response.Redirect(requirement.DeniedAction);
                     }
                 }
                 else
                 {
                     context.Succeed(requirement);
                 }
             }
             return Task.CompletedTask;
         }
     }
    复制代码

     自定义策略-JWT

    复制代码
     /// <summary>
     /// 权限授权Handler
     /// </summary>
     public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
     {
         /// <summary>
         /// 验证方案提供对象
         /// </summary>
         public IAuthenticationSchemeProvider Schemes { get; set; }
         /// <summary>
         /// 自定义策略参数
         /// </summary>
         public PermissionRequirement Requirement
         { get; set; }
         /// <summary>
         /// 构造
         /// </summary>
         /// <param name="schemes"></param>
         public PermissionHandler(IAuthenticationSchemeProvider schemes)
         {
             Schemes = schemes;
         }
         protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
         {          
             ////赋值用户权限       
             Requirement = requirement;
             //从AuthorizationHandlerContext转成HttpContext,以便取出表求信息
             var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext;
             //请求Url
             var questUrl = httpContext.Request.Path.Value.ToLower();
             //判断请求是否停止
             var handlers = httpContext.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
             foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
             {
                 var handler = await handlers.GetHandlerAsync(httpContext, scheme.Name) as IAuthenticationRequestHandler;
                 if (handler != null && await handler.HandleRequestAsync())
                 {
                     context.Fail();
                     return;
                 }
             }
             //判断请求是否拥有凭据,即有没有登录
             var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
             if (defaultAuthenticate != null)
             {
                 var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
                 //result?.Principal不为空即登录成功
                 if (result?.Principal != null)
                 {                
                     httpContext.User = result.Principal;
                     //权限中是否存在请求的url
                     if (Requirement.Permissions.GroupBy(g => g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0)
                     {
                         var name = httpContext.User.Claims.SingleOrDefault(s => s.Type == requirement.ClaimType).Value;
                         //验证权限
                         if (Requirement.Permissions.Where(w => w.Name == name && w.Url.ToLower() == questUrl).Count() <= 0)
                         {
                             //无权限跳转到拒绝页面
                             httpContext.Response.Redirect(requirement.DeniedAction);
                         }
                     }
                     context.Succeed(requirement);
                     return;
                 }
             }
             //判断没有登录时,是否访问登录的url,并且是Post请求,并且是form表单提交类型,否则为失败
             if (!questUrl.Equals(Requirement.LoginPath.ToLower(), StringComparison.Ordinal) && (!httpContext.Request.Method.Equals("POST")
                || !httpContext.Request.HasFormContentType))
             {
                 context.Fail();
                 return;
             }
             context.Succeed(requirement);
         }
     }
  • 相关阅读:
    file_zilla 通过key连接远程服务器
    git 恢复丢失的文件
    花括号中的json数据--->转为数组array
    3种日志类型,微信付款反馈-->写入txt日志
    清空数据库中所有表--连表删除
    冒泡排序, 使用最低票价.---双重循环,一重移动次数.二重移动
    navicat 连接远程mysql
    付款前.检查状态.防止重复付款,需要ajax设置为同步,等待ajax返回结果再使用
    反射
    设计模式六大原则
  • 原文地址:https://www.cnblogs.com/Agui520/p/9428537.html
Copyright © 2020-2023  润新知