.net core中登錄認證的幾種方式
第一種、session\cookie+方法過濾器認證
1. 講解:該認證模式主要的邏輯如下,並且分別在session和cookie中存儲相應的值,並且在方法過濾器中進行進行攔截驗證。
登錄的邏輯應該是 session中存儲用戶的主要信息 key:guid類型 value: 用戶的信息 cookie中存儲服務端的session的數據類型 key:CurrentUser //這是一個固定的值 value: session中的key的名字
2. 相關代碼如下:
登錄控制器
//這是一個空過濾過濾器,表示該控制器里的都不進行過濾 [CustomAllowAnonymous] public class SessionLoginController : Controller { [HttpGet] public IActionResult SessionLogins(int a) { if (a == 1) { #region Cookie/Session 自己寫 一般使用Sessio為主 CurrentUser currentUser = new CurrentUser() { Id = 123, Name = "wangjin", Account = "Administrator", Email = "1293604064", Password = "123456", LoginTime = DateTime.Now }; //生成一個guid的值用來存儲主鍵的值 Guid sessionKey = Guid.NewGuid(); //寫Session/寫Cookies base.HttpContext.SetCookies("CurrentUser", sessionKey.ToString(), 30); //寫入session base.HttpContext.Session.SetString(sessionKey.ToString(), Newtonsoft.Json.JsonConvert.SerializeObject(currentUser)); #endregion return base.Redirect("/Home/Index"); } return View(); } }
方法過濾器
/// <summary> /// 方法過濾器 /// </summary> public class CustomActionFilterAttribute : Attribute, IActionFilter { /// <summary> /// 方法執行前 /// </summary> /// <param name="context"></param> public void OnActionExecuting(ActionExecutingContext context) { //表示如果帶有該屬性,就不進行下面的步驟,直接返回 if (context.ActionDescriptor.EndpointMetadata.Any(item => item.GetType() == typeof(CustomAllowAnonymousAttribute))) //如果標記的有特殊的記號,就避開檢查; { return; } Byte[] bytes; context.HttpContext.Session.TryGetValue("CurrentUser", out bytes); string cookieKey = CookieSessionHelper.GetCookiesValue(context.HttpContext, "CurrentUser"); string str = cookieKey != null ? new SessionHelper(context.HttpContext).GetSession(cookieKey) : null; if (string.IsNullOrEmpty(str)) { var result = new ViewResult { ViewName = "~/Views/SessionLogin/SessionLogins.cshtml" }; //result.ViewData = new ViewDataDictionary(_modelMetadataProvider, context.ModelState); //result.ViewData.Add("Exception", context.Exception); context.Result = result; //斷路器---只要對Result賦值--就不繼續往后了; } Console.WriteLine("這是方法執行前"); } /// <summary> /// 方法執行后 /// </summary> /// <param name="context"></param> public void OnActionExecuted(ActionExecutedContext context) { if (context.ActionDescriptor.EndpointMetadata.Any(item => item.GetType() == typeof(CustomAllowAnonymousAttribute))) //如果標記的有特殊的記號,就避開檢查; { return; } Console.WriteLine("這是方法執行后"); } }
空白過濾器,目的是為了跳過過濾器
public class CustomAllowAnonymousAttribute:Attribute { }
在ConfigureServices中添加如下:
services.AddSession(); services.AddMvc(option => { option.Filters.Add<CustomActionFilterAttribute>(); //全局注冊: option.Filters.Add<CustomExceptionFilterAttribute>(); //全局注冊異常過濾器: });
在Configure中添加如下:
app.UseSession();
app.UseCookiePolicy();
還有操作cookie封裝的方法:
public static class CookieSessionHelper { public static void SetCookies(this HttpContext httpContext, string key, string value, int minutes = 30) { httpContext.Response.Cookies.Append(key, value, new CookieOptions { Expires = DateTime.Now.AddMinutes(minutes) }); } public static void DeleteCookies(this HttpContext httpContext, string key) { httpContext.Response.Cookies.Delete(key); } public static string GetCookiesValue(this HttpContext httpContext, string key) { httpContext.Request.Cookies.TryGetValue(key, out string value); return value; } public static CurrentUser GetCurrentUserBySession(this HttpContext context) { string sUser = context.Session.GetString("CurrentUser"); if (sUser == null) { return null; } else { CurrentUser currentUser = Newtonsoft.Json.JsonConvert.DeserializeObject<CurrentUser>(sUser); return currentUser; } } }
封裝操作Session的
public class SessionHelper { private IHttpContextAccessor _accessor; private ISession _session; private IRequestCookieCollection _requestCookie; private IResponseCookies _responseCookie; public SessionHelper(HttpContext context) { _session = context.Session; _requestCookie = context.Request.Cookies; _responseCookie = context.Response.Cookies; } /// <summary> /// 設置session值 /// </summary> /// <param name="session"></param> /// <param name="key">鍵</param> /// <param name="value">值</param> public void SetSession(string key, string value) { var bytes = System.Text.Encoding.UTF8.GetBytes(value); _session.Set(key, bytes); } /// <summary> /// 獲取Session值 /// </summary> /// <param name="key"></param> /// <returns></returns> public string GetSession(string key) { Byte[] bytes; _session.TryGetValue(key, out bytes); var value = System.Text.Encoding.UTF8.GetString(bytes); if (string.IsNullOrEmpty(value)) { value = string.Empty; } return value; } ///// <summary> ///// 設置本地cookie ///// </summary> ///// <param name="key">鍵</param> ///// <param name="value">值</param> ///// <param name="minutes">過期時間</param> //public void SetCookies(string key,string value,int day = 1) //{ // _responseCookie.Append(key, value, new CookieOptions // { // Expires = DateTime.Now.AddDays(day) // }) ; //} //public void DeleteCookies(string key) //{ // _responseCookie.Delete(key); //} //public string GetCookiesValue(string key) //{ // _requestCookie.TryGetValue(key, out string value); // if (string.IsNullOrEmpty(value)) // { // value = string.Empty; // } // return value; //} }
感謝學習!!!