使用没有身份的[Authorize]属性? [英] Use [Authorize] Attribute Without Identity?

问题描述

我环顾四周，试图找到针对自己特定问题的答案.我基本上是在使用外部库来检查用户是否通过用户名和密码在我们的域中得到了授权.

I've looked around to try and find an answer to my specific question. I'm basically using an external library to check if a user is authorized within our domain via username and password.

var authenticatedUser = ECNSecurity.SecurityChecker.AuthenticateUser(model.Username, model.Password);

无论用户是不是，都返回true或false.我希望能够在某些控制器方法上使用[Authorize]属性.是否可以在不使用身份的情况下做到这一点?还是我需要获取身份并创建自己的继承了Identity UserModel的用户?然后，当我将该用户标记为已通过身份验证时，将以某种方式获取[Authorize]属性?

Returns true or false whether the user is or is not. I'd like to be able to use the [Authorize] attribute on some of my controller methods. Is this possible to do this without using Identity? Or would I need to get Identity and create my own user which inherits the Identity UserModel? Then when I mark that user as authenticated, somehow, the [Authorize] attribute will be picked up?

我正在看教程和阅读，但是我确实有一个更具体的用例，我找不到直接的答案.如果我问的太愚蠢，请原谅我在此安全/授权领域的经验不足.也许我没意识到的是[Authorize]属性仅适用于Identity用户.

I am watching tutorials and reading but I do have a more specific kind of use case for this that I can't find a direct answer for. Excuse my inexperience in this security/authorize area if I'm asking something too silly. Maybe what I'm failing to realize is that the [Authorize] attribute will only work with Identity users.

任何输入将不胜感激.谢谢.

Any input would be much appreciated. Thank you.

推荐答案

如果只希望授权"筛选器起作用，则不需要ASP.NET标识.

You do not need ASP.NET Identity if you just want Authorize filter to work.

您只需要在ASP.NET MVC中使用 OWIN Cookie中间件 .如果需要，您还可以添加声明，例如用户名.

You just need OWIN Cookie Middleware in ASP.NET MVC. You could also add claims such as username, if you want.

这是您需要执行的几个步骤-

Here are few steps you need -

在启动时配置OWIN Cookie中间件.

Configure OWIN Cookie Middleware at startup.

[assembly: OwinStartup(typeof(YourApplication.Startup))]
namespace YourApplication
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "ApplicationCookie",
                LoginPath = new PathString("/Account/Login")
            });
        }
    }
}

OwinAuthenticationService

public class OwinAuthenticationService : IAuthenticationService
{
    private readonly HttpContextBase _context;
    private const string AuthenticationType = "ApplicationCookie";

    public OwinAuthenticationService(HttpContextBase context)
    {
        _context = context;
    }

    public void SignIn(User user)
    {
        IList<Claim> claims = new List<Claim>
        {
            new Claim(ClaimTypes.Name, user.UserName),
            new Claim(ClaimTypes.GivenName, user.FirstName),
            new Claim(ClaimTypes.Surname, user.LastName),
        };

        ClaimsIdentity identity = new ClaimsIdentity(claims, AuthenticationType);

        IOwinContext context = _context.Request.GetOwinContext();
        IAuthenticationManager authenticationManager = context.Authentication;

        authenticationManager.SignIn(identity);
    }

    public void SignOut()
    {
        IOwinContext context = _context.Request.GetOwinContext();
        IAuthenticationManager authenticationManager = context.Authentication;

        authenticationManager.SignOut(AuthenticationType);
    }
}

您可以在 GitHub 上查看我的工作示例项目.

You can look at my working sample project at GitHub.

这篇关于使用没有身份的[Authorize]属性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！