ASP.NET Core中的多种身份验证方案 [英] Multiple authentication schemes in ASP.NET Core
问题描述
回到ASP.NET Core 1中,身份验证将手动挂接到其配置的请求管道中:对于自定义身份验证过程,您只需定义一个AuthenticationMiddleware并将其挂接到身份验证点处的管道中应该发生的.
Back in ASP.NET Core 1, authentication would be hooked manually into the request pipeline on its configuration: For a custom authentication process, you would simply define a AuthenticationMiddleware and hook it into your pipeline at the point where the authentication was supposed to happen.
在ASP.NET Core 2中,不再有AuthenticationMiddleware,您应该在必须进行 all 身份验证的管道中的某个时刻执行UseAuthentication().
In ASP.NET Core 2, there's no more AuthenticationMiddleware and you're supposed to do a UseAuthentication() at some point in the pipeline where all authentication necessarily happens.
此处记录了差异: https://docs .microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme
为区分不同的身份验证方式,有一些由魔术字符串(ASP.NET Core中的许多魔术字符串)标识的策略.
To distinguish different ways of authentication, there are policies identified by magic strings (lots of magic strings in ASP.NET Core).
然后,我被告知可以在控制器上选择具有属性的所需方案,但是在所讨论的场景中我根本不使用MVC.因此,如何指定管道的特定分支:
I'm then told that I can select the desired scheme with attributes on my controller, but I don't use MVC at all in the scenario in question. So how do I specify for a specific branch of the pipeline:
app.UseWhen(c => ..., app2 =>
{
// auth number 1 desired
...
});
app.UseWhen(c => ..., app2 =>
{
// auth number 2 desired
...
});
即使在MVC中,身份验证也要在路由之前进行,那么在管道的UseAuthentication()点如何使用可能使用的方案信息呢?
And even in MVC, authentication happens before routing, so how can the information which scheme to use possibly be available at the UseAuthentication() point in the pipeline?
推荐答案
You can target a specific authentication-scheme using an imperative approach, by calling AuthenticateAsync. Here's an example:
app2.Use(async (ctx, next) =>
{
var authenticateResult = await ctx.AuthenticateAsync("SchemeName");
if (!authenticateResult.Succeeded)
{
ctx.Response.StatusCode = 401; // e.g.
return;
}
// ...
});
AuthenticateAsync将身份验证方案作为参数并返回 Principal .
AuthenticateAsync takes the authentication-scheme as an argument and returns an instance of AuthenticateResult, which indicates success or failure via Succeeded and provides the authenticated ClaimsPrincipal via Principal.
You can also perform authorisation against a specific policy using IAuthorizationService. Here's an example of how the Principal from AuthenticateResult can be passed through AuthorizeAsync:
var authorizationService = ctx.RequestServices.GetService<IAuthorizationService>();
var authorizationResult = await authorizationService.AuthorizeAsync(
authenticateResult.Principal, "PolicyName");
if (!authorizationResult.Succeeded)
{
ctx.Response.StatusCode = 403; // e.g.
return;
}
// ...
与AuthenticateResult一样, Failure .
As with AuthenticateResult, AuthorizationResult indicates success or failure via Succeeded - it also provides information about why authorisation failed via Failure.
这篇关于ASP.NET Core中的多种身份验证方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
