Asp.Net Core 6 之基于Cookie 的身份验证

配置身份验证

Program.cs

    //选择使用那种方式来身份验证
    builder.Services.AddAuthentication(option =>
    {
        option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; //默认身份验证方案
        option.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        option.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        option.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        option.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option =>
    {
        option.LoginPath = "/Account/Login";//如果没有找到用户信息---身份验证失败--授权也失败了---就跳转到指定的Action
        option.AccessDeniedPath = "/Home/NoAuthority";
    });


app.UseRouting();

app.UseAuthentication();//身份验证中间件
app.UseAuthorization(); //授权中间件

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

登录

AccountController.cs

public class AccountController : Controller
{
        [HttpGet]
        public IActionResult Login()
        {
            return View();
        }

        [HttpPost]
        public async Task<IActionResult> Login(string useName, string password)
        {
            if ("admin".Equals(useName) && "123456".Equals(password))
            {
                var claims = new List<Claim>()//身份验证信息
                    {
                        new Claim(ClaimTypes.Name,$"{useName}"),

                        new Claim("Userid","1"),
                        new Claim(ClaimTypes.Role,"Admin"),
                        new Claim(ClaimTypes.Role,"User"), 
                        new Claim(ClaimTypes.Email,$"xxx@163.com"),
                        new Claim("password",password),//可以写入任意数据
                        new Claim("Account","Administrator"),
                        new Claim("role","admin"),
                         new Claim("QQ","xxx")
                    };

                ClaimsPrincipal userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Customer"));
                HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties
                {
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(30),//过期时间：30分钟

                }).Wait();
                var user = HttpContext.User;
                return base.Redirect("/Fourth/Index");
            }
            else
            {
                base.ViewBag.Msg = "用户或密码错误";
            }
            return await Task.FromResult<IActionResult>(View());
        }

}

重点：

                ClaimsPrincipal userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Customer"));
                HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties
                {
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(30),//过期时间：30分钟

                }).Wait();

检查用户和密码正确后，根据当前用户信息（比如：从数据库查询），创建ClaimsPrincipal 的实例对象，
然后为身份验证方案CookieAuthenticationDefaults.AuthenticationScheme 执行登录。

HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties(){....}

其中：CookieAuthenticationDefaults.AuthenticationScheme是身份验证方案名

登出

HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme)

授权的使用

public XXXController：Controller
.....
       [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]  
       public IActionResult Xxx()
        {
            return View();
        }

因为以下代码

    builder.Services.AddAuthentication(option =>
    {
        //设置默认身份验证方案
        option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        ....
    }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option =>

设置了默认的身份验证方案（名）是CookieAuthenticationDefaults.AuthenticationScheme;

可省略方案名

.....
       [Authorize]  
       public IActionResult Xxx()
        {
            return View();
        }