Aspnet Core認證授權,詳細信息請查看:微軟官方文檔
1.基於策略的簡單授權
//驗證必要模型 public class TestPolicyRequirement : IAuthorizationRequirement { public string Name { get; } public TestPolicyRequirement(string name) { //名稱檢驗 this.Name = name; } } //驗證處理程序 public class TestAuthorizationHandler : AuthorizationHandler { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,AdultPolicyRequirement requirement) { //獲取當前http請求的context對象 var mvcContext = context.Resource as AuthorizationFilterContext; var age = mvcContext.HttpContext.Request.Query.FirstOrDefault(u => u.Key == "name"); if (name !="admin") { //驗證失敗 context.Fail(); } else { //通過驗證,這句代碼必須要有 context.Succeed(requirement); } return Task.CompletedTask; } } //Startup 配置services public void ConfigureServices(IServiceCollection services) { services.AddMvc(); //可以添加多種認證策略,這里只添加1種 services.AddAuthorization(options => { options.AddPolicy("admin", policy => policy.Requirements.Add(new AdultPolicyRequirement("admin"))); }); //添加策略驗證handler services.AddSingleton<IAuthorizationHandler,AdultAuthorizationHandler>(); } //到相應的控制器方法上添加對應策略特性:[Authorize("admin")]
2.中間件方式,當然中間件可不只這個作用。
//自定義一個中間件 public class AuthorizeMiddleware { private readonly RequestDelegate next; public AuthorizeMiddleware(RequestDelegate next) { this.next = next; } public async Task Invoke(HttpContext context ) { //這個例子只是修改一下response的header context.Response.OnStarting(state => { var httpContext = (HttpContext)state; httpContext.Response.Headers.Add("test2", "testvalue2"); return Task.FromResult(0); }, context); await next(context); } } //Startup Configrure方法最前面添加 app.UseMiddleware(typeof(AuthorizeMiddleware));
3.AspNetCore.Authentication其他驗證方式
using Microsoft.AspNetCore; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.DependencyInjection; using System.Collections.Generic; using System.Security.Claims; namespace Authentication { public class Program { public static void Main(string[] args) { CreateWebHostBuilder(args).Build().Run(); } public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseUrls("http://localhost:5000") .UseStartup<Startup>(); } public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(options => { options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(options => { options.LoginPath = "/Account/Login"; }); services.AddMvc(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) app.UseDeveloperExceptionPage(); app.UseAuthentication(); app.UseMvcWithDefaultRoute(); } } } namespace Authentication.Controllers { [Authorize] public class HomeController : Controller { public IActionResult Index() { return View(); } } public class AccountController : Controller { public IActionResult Login() { var claims = new List<Claim> { new Claim(ClaimTypes.Name, "timi"), new Claim(ClaimTypes.Role, "user") }; var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal); return Ok(); } public IActionResult Logout() { HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return Ok(); } } } using Microsoft.AspNetCore; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; namespace Authentication { public class Program { public static void Main(string[] args) { CreateWebHostBuilder(args).Build().Run(); } public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseUrls("http://localhost:5000") .UseStartup<Startup>(); } public class Startup { public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = Settings.Issuer, ValidAudience = Settings.Audience, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Settings.Secret)) }; /* 自定義認證方式 options.SecurityTokenValidators.Clear(); options.SecurityTokenValidators.Add(new SecurityTokenValidator()); options.Events = new JwtBearerEvents { OnMessageReceived = (context) => { context.Token = context.Request.Headers["Token"].FirstOrDefault(); // context.Request.Query["token"] return Task.CompletedTask; } }; */ }); services.AddMvc(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) app.UseDeveloperExceptionPage(); app.UseAuthentication(); app.UseMvc(); } } public class Settings { public const string Issuer = "http://localhost:5000"; public const string Audience = "http://localhost:5000"; public const string Secret = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"; } public class SecurityTokenValidator : ISecurityTokenValidator { public bool CanValidateToken => true; public int MaximumTokenSizeInBytes { get; set; } public bool CanReadToken(string securityToken) { return true; } public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { validatedToken = null; var claimsIdentity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); if (securityToken == "token") { claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, "timi")); claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, "user")); } var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); return claimsPrincipal; } } } namespace Authentication.Controllers { [Authorize] [Route("Resource")] public class ResourceController : ControllerBase { public IActionResult Get() { return Ok(); } } [Route("Authenticate")] public class AuthenticateController : ControllerBase { public IActionResult Get() { var claims = new List<Claim> { new Claim(ClaimTypes.Name, "timi"), new Claim(ClaimTypes.Role, "user") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Settings.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(Settings.Issuer, Settings.Audience, claims, DateTime.Now, DateTime.Now.AddMinutes(30), credentials); return Ok(new JwtSecurityTokenHandler().WriteToken(token)); } } }