基于主机名的ASP.NET Core 2.0身份验证 [英] ASP.NET Core 2.0 authentication based on host name

问题描述

我会说带有身份验证的经典ASP.NET Core 2.0应用程序包括在 Startup.cs 文件的ConfigureServices方法中添加所需的身份验证服务:

I would say that classic ASP.NET Core 2.0 application with authentication consists of adding desired authentication service in ConfigureServices method in the Startup.cs file:

services.AddAuthentication().AddFacebook(facebookOptions =>
{
    facebookOptions.AppId = Configuration["Authentication:Facebook:AppId"];
    facebookOptions.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
});

这很好，只要在调用ConfigurationServices方法期间知道身份验证配置并且对于所有请求都相同.

This is fine as long as the authentication configuration is known during the time when ConfigurationServices method is called and is the same for all requests.

我们的案例需要不同的身份验证配置，根据主机名说:

Our case needs different authentication configuration, let say based on host name:

company1.example.com // has own authentication configuration
company2.example.com // has own (probably different) authentication

有关更多详细信息，company1仅配置了Facebook，company2仅配置了Google身份验证.

For more details company1 has configured only Facebook and company2 has configured only Google authentication.

问题:是否可以对每个主机或每个请求使用不同的身份验证?例如，一旦我知道公司，我就可以加载和使用与此请求相关的身份验证配置.

Question: Is it possible to have different authentication for each host or otherwise for each request? For instance once I know company I can load and use authentication configuration relevant for this request.

推荐答案

有几种方法可以做到这一点.在Facebook和Google的计划事件中包括使用您的IConfiguration或将http上下文作为服务访问.这是最干净的方法之一.您可以按照以下方式制定自己的方案:

There are several ways of doing this. Including using your IConfiguration or accessing http context as a service within your scheme events of facebook and google. Here is one of the cleanest ways of doing this. You can make your own scheme something like this:

public class MyCustomAuth : AuthenticationHandler<AuthenticationSchemeOptions>
{

    public const string SchemeName = "MyCustom";

    public MyCustomAuth(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory 
        logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
    {
    }

    protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
    {
        if (Request.Host.Value == "")
        {
            await Context.ChallengeAsync(GoogleDefaults.AuthenticationScheme);
        }
        await Context.ChallengeAsync(FacebookDefaults.AuthenticationScheme);
    }

    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (Request.Host.Value == "")
        {
            return await Context.AuthenticateAsync(GoogleDefaults.AuthenticationScheme);
        }
        return await Context.AuthenticateAsync(FacebookDefaults.AuthenticationScheme);
    }
}

您可以将所有内容添加到启动中，并按以下步骤进行设置:

You can add everything to your startup and set it up like this:

services.AddAuthentication(MyCustomAuth.SchemeName)
        .AddCookie(...)
        .AddFacebook(...)
        .AddGoogle(...)
        .AddScheme<AuthenticationSchemeOptions, MyCustomAuth>(MyCustomAuth.SchemeName, opts => { });

这篇关于基于主机名的ASP.NET Core 2.0身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！