什么是“挑战"?学期代表什么? [英] What does "Challenge" term stand for?

问题描述

ControllerBase类具有Challenge方法，该方法返回ChallengeResult类的对象. CookieAuthenticationOptions类具有AutomaticChallenge属性.

ControllerBase class has Challenge method, that returns an object of the ChallengeResult class. CookieAuthenticationOptions class has AutomaticChallenge property.

我相信ChallengeResult与外部登录有关.但是它实际上是如何工作的呢? 挑战"一词从何而来?里面有什么?

I believe ChallengeResult has something to do with external logins. But how does it actually work? Where does the term "Challenge" come from? What does lay inside this.

推荐答案

ChallengeResult是ActionResult，在执行时将挑战给定的身份验证方案的处理程序.或者，如果未指定，则为默认质询方案的处理程序. ChallengeResult的源代码

A ChallengeResult is an ActionResult that when executed, challenges the given authentication schemes' handler. Or if none is specified, the default challenge scheme's handler. Source code for ChallengeResult

例如，您可以这样做:

return Challenge(JwtBearerDefaults.AuthenticationScheme); //Can specify multiple schemes + parameters

这将挑战JWT承载身份验证处理程序. 在此处理程序的情况下，它将响应状态代码设置为401，以告知调用方他们需要身份验证才能执行此操作.

This will challenge the JWT Bearer authentication handler. In this handler's case, it sets the response status code to 401 to tell the caller they need authentication to do that action.

AutomaticChallenge(在ASP.NET Core 1.x中)是表明这是默认质询处理程序的设置.这意味着如果没有专门命名身份验证方案，它将被调用.

AutomaticChallenge (in ASP.NET Core 1.x) is the setting that says this is the default challenge handler. It means it will be called if no authentication scheme is specifically named.

在2.x版本中，此更改已更改，因此您现在可以指定默认质询方案或更高级别的默认方案.

In 2.x, this was changed such that you now specify the default challenge scheme or the higher-level default scheme.

services.AddAuthentication(o =>
{
    o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; //Default for everything
    // o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //Default specifically for challenges
})

挑战基本上是一种表达我不知道该用户是谁，请验证其身份"的方式.因此，如果触发了身份验证处理程序，例如Facebook身份验证处理程序，它将通过向Facebook身份验证页面发出重定向来应对挑战.本地帐户身份验证处理程序可能会将重定向发布到本地登录页面.

A challenge is basically a way of saying "I don't know who this user is, please verify their identity". So if the authentication handler triggered is e.g. the Facebook authentication handler, it will react to the challenge by issuing a redirect to the Facebook authentication page. A local account authentication handler might issue a redirect to the local sign-in page.

对于JWT Bearer身份验证，处理程序只能执行401状态代码响应，然后将其留给调用方进行正确的身份验证.

In the case of JWT Bearer authentication, the handler cannot do anything other than respond with a 401 status code and leave it up to the caller to authenticate themselves properly.

您可以在 OAuthHandler (HandleChallengeAsync)，Facebook身份验证使用(以及Microsoft和Google身份验证).

You can see this in action in OAuthHandler (HandleChallengeAsync), which Facebook auth uses (and Microsoft and Google authentication).

通常，如果您不知道用户是谁，则返回一个质询；如果您知道他们是谁，则返回一个禁止，但不允许他们执行他们尝试执行的操作.

You typically return a Challenge when you don't know who the user is, and a Forbid if you know who they are, but they are not allowed to do the action they tried to do.

这篇关于什么是“挑战"?学期代表什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！