Asp .Net Core 3中Challenge的确切含义是什么? [英] What exactly does Challenge mean in Asp .Net Core 3?

问题描述

我知道您可以在ASP .NET Core中进行身份验证和授权.因此，例如，您可以使用Authorize属性拒绝对某些资源的访问.

I know that you can have authentication and authorization in asp .net core. So for example you can deny access to some resources using the Authorize attribute.

例如，如果用户尝试访问不可访问的资源，那么他可能会被重定向到登录页面.

So for example if an user tries to access a resource that is not accessible then he might get redirected to the login page.

但是我看到在asp .net核心中有一个称为Challenge的概念.我不知道它适合所有这些情况.据我了解，如果用户未登录，则可以将其重定向到可以登录的页面.

But I saw that there is a concept called Challenge in asp .net core. I don't know where it fits in all of this. From what I understood, if the user is not logged in it can redirect him to a page where he can log in.

推荐答案

此信息最近已添加到

当未通过身份验证的用户请求需要身份验证的端点时，授权将调用身份验证质询.例如，当匿名用户请求受限资源或单击登录链接时，将发出身份验证质询.授权会使用指定的身份验证方案来调用质询，如果未指定身份验证方案，则默认为质询.请参阅 HttpContext.ChallengeAsync .身份验证质询示例包括:

An authentication challenge is invoked by Authorization when an unauthenticated user requests an endpoint that requires authentication. An authentication challenge is issued, for example, when an anonymous user requests a restricted resource or clicks on a login link. Authorization invokes a challenge using the specified authentication scheme(s), or the default if none is specified. See HttpContext.ChallengeAsync. Authentication challenge examples include:

• 一种cookie身份验证方案，将用户重定向到登录页面.JWT承载方案返回带有 www-authenticate:bearer 标头的401结果.

质询动作应让用户知道使用哪种身份验证机制来访问请求的资源.

A challenge action should let the user know what authentication mechanism to use to access the requested resource.

质询操作应让用户知道要使用哪种身份验证机制来访问请求的资源.

A challenge action should let the user know what authentication mechanism to use to access the requested resource.

这篇关于Asp .Net Core 3中Challenge的确切含义是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！