asp.net mvc5窗体身份验证,如何OWIN进来的地方? [英] asp.net mvc5 forms authentication, how does OWIN come in to place?
问题描述
我开始了新MVC5项目和正在实施的窗体身份验证(这在我以前使用自定义code检查用户凭据和 FormsAuthentication 对象登录办和注销)。
I started a new MVC5 project and am implementing forms authentication (which I used to do using custom code to check the user credentials and the FormsAuthentication object to login and logoff).
现在我读过的身份模式已经改变了,但我看到这行code在产生code:
Now I've read that the identity model has changed, but I saw this line of code in the generated code:
private IAuthenticationManager AuthenticationManager
{
get
{
return HttpContext.GetOwinContext().Authentication;
}
}
由于后来该登录该对象上完成
( AuthenticationManager.SignIn )
Because later on the login is done on that object
( AuthenticationManager.SignIn)
我要确保我有合适的对象。
I want to make sure I've got the right object.
我读过OWIN大约从IIS脱钩ASP.NET,所以我不知道为什么我需要这个 GetOwinContext ,因为我不使用OWIN(至少我认为)?
I've read that OWIN is about decoupling ASP.NET from IIS, so I'm not sure why I need this GetOwinContext, because I am not using OWIN (at least I think)?
推荐答案
ASP.NET MVC 5使用常规IIS综合管线运营涉及很多步骤,如的AuthenticateRequest,PostAuthenticateRequests等。 FormsAuthenticationModule负责Forms身份验证过程的管理从饼干涉及解密/提取用户信息,并将其集成在几个这些步骤。
ASP.NET MVC 5 is using regular IIS Integrated Pipeline to operate which involves a lot of steps such as AuthenticateRequest, PostAuthenticateRequests and so on. FormsAuthenticationModule is responsible for management of Forms Authentication process which involves decryption / extracting user information from cookie and it is integrated in several of those steps.
现在,当谈到与OWIN到部分,它是在完全不同的方法,这将是在附近的未来的唯一途径,所以你可能会考虑,因为在这一点上完全放弃Forms身份验证操作,有几个好方法来实现你的安全。
Now, when it comes to part with OWIN, it is operating on the completely different approach, which will be the only approach in the nearby future, so you might consider dropping Forms authentication completely because at this point, there are several better ways to implement your security.
如果你去与IIS综合管线,并希望跳过所有OWIN的事情(我强烈反对),你可能会检查类ClaimsAuthenticationManager,ClaimsAuthorizationManager和SessionAuthenticationModule。这有效地替代RoleManagerModule和FormsAuthenticationModule为了让基于声明的访问控制,这是基于索赔,而这又反过来被用于所有现代的身份验证协议,如WS-联合会的OAuth2等概念。
If you go with IIS Integrated Pipeline and want to skip all the OWIN thing (which I strongly recommend against), you might check classes ClaimsAuthenticationManager, ClaimsAuthorizationManager and SessionAuthenticationModule. These effectively replace RoleManagerModule and FormsAuthenticationModule in order to allow Claims-Based Access Control, which is based on concept of Claims, which again in turn are used for all modern authentication protocols such as WS-Federation, OAuth2, etc.
返回OWIN部分 - OWIN都有它自己的管道,这与一些桥组件可以使用IIS上的事件挂钩,以及,这意味着你有OWIN Web服务器在后台运行(Microsoft.Owin.SystemWeb)也就是利用IIS的MVC目的的System.Web。
Back to OWIN part - OWIN has it's own pipeline, which with usage of some "bridge" assemblies can hook up on IIS events as well, meaning that you have OWIN web server running in the background (Microsoft.Owin.SystemWeb) and also System.Web that is leveraging IIS for MVC purposes.
所以,当你在MVC 5使用OWIN认证,你基本上还在使用IIS的MVC集成管道,但你使用OWIN中间件的安全性,这是OWIN管道的一部分。
So when you use OWIN authentication in MVC 5, you're basically still using IIS Integrating Pipeline for MVC, but you're using OWIN middleware for security, which is part of OWIN pipeline.
现在,以访问OWIN管道,你需要做的GetOwinContext。 OwinContext是$ P $的OWIN版本pviously使用的HttpContext,除了在基底水平是相当不同的。 OWIN中间件上OwinContext(IOwinContext)专门操作,所以使用中间件需要访问的范围内,因为上下文具有由中间件所需要的信息。
Now in order to access that OWIN pipeline, you need to do GetOwinContext. OwinContext is OWIN version of previously used HttpContext, except on the base level it is quite different. OWIN middleware operates exclusively on OwinContext (IOwinContext), so to use middleware you need to access the context, since context has information that is required by the middleware.
这是不幸的是相当复杂的,但我强烈建议你开始阅读有关OWIN和武士刀,并在vNext注意为好,如窗体身份验证是正确的,现在pretty很多过时的,肯定会不再是与vNext支持,所以你可能会开始构建应用程序现在将需要大量的重构后的。
This is unfortunately quite complex, but I would strongly suggest to you to start reading about OWIN and Katana, and pay attention on vNext as well, as Forms Authentication is right now pretty much obsolete, and will definitely stop being supported with vNext so you might start building an application now that will require a lot of refactoring later.
这篇关于asp.net mvc5窗体身份验证,如何OWIN进来的地方?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
