在ASP.NET Core 3.1中使用多种身份验证方案? [英] Using multiple authentication schemes in ASP.NET Core 3.1?
问题描述
我一直在使用干净的体系结构使用ASP.NET Core 3.1制作Web应用程序.
我有一些类库,例如基础结构,持久性,域,应用程序以及名为"Web"的MVC应用程序项目.作为我应用程序的启动点.在Web层中,我有区域"在其中,我有一个管理区域,其中包含一些控制器和操作方法,这些操作方法将JSON作为我的API端点返回,以便在基于React的应用程序中使用.
我在Web MVC项目的Controllers文件夹中也有一些控制器,它们的 action方法返回html视图.
我也将Identity和JWT用于我的API端点,但是:
-如果我想在我的MVC控制器中使用基于声明的身份,其操作结果将返回html视图,该怎么办?
-在此类应用程序中使用ASP.NET Core 3.1中基于声明的身份的最佳实践是什么?
任何帮助将不胜感激.
进行了一些研究之后,我在标题为"使用ASP.NET Core中的特定方案进行授权".
基于Microsoft ASP .NET核心文档中提到的文章,在某些情况下,例如单页应用程序(SPA),通常使用多种身份验证方法.例如,该应用可能使用基于cookie的身份验证来登录,并针对JavaScript请求使用JWT承载身份验证.
在身份验证期间配置身份验证服务时,将命名身份验证方案.例如:
public void ConfigureServices(IServiceCollection服务){//为简洁起见,省略了代码services.AddAuthentication().AddCookie(options => {options.LoginPath ="/帐户/未经授权/";options.AccessDeniedPath ="/Account/Forbidden/";}).AddJwtBearer(options => {options.Audience ="http://localhost:5001/";options.Authority ="http://localhost:5000/";}); 在前面的代码中,添加了两个身份验证处理程序:一个用于cookie,一个用于承载.
选择具有Authorize属性的方案
[Authorize(AuthenticationSchemes =JwtBearerDefaults.AuthenticationScheme)]公共类MixedController:控制器 在前面的代码中,仅运行带有"Bearer"方案的处理程序.任何基于cookie的身份都将被忽略.
这是解决了我的问题的解决方案,我认为最好与需要这些的人分享.
I have been making a web application using ASP.NET Core 3.1 using clean architecture.
I have some class libraries like Infrastructure, Persistence, Domain, Application, and a MVC application project named "Web" as the startup point of my application.
In the Web layer I have "Areas" in which I have an Admin area containing some controllers and action methods which return JSON as my API endpoints to be used in a React-based app.
I also have some controllers in the Web MVC project in Controllers folder which their action methods return html views.
I also use Identity and JWT for my API endpoints but:
- What if I want to use claims-based Identity in my MVC controllers which their action results return html views?
- What is the best practice for using claims-based Identity in ASP.NET Core 3.1 in such an application?
Any help would be appreciated.
After doing some research, I found the solution in ASP.NET core Authorization documentation in an article with the title "Authorize with a specific scheme in ASP.NET Core".
Based on the mentioned article in Microsoft ASP .NET core documentation, In some scenarios, such as Single Page Applications (SPAs), it's common to use multiple authentication methods. For example, the app may use cookie-based authentication to log in and JWT bearer authentication for JavaScript requests.
An authentication scheme is named when the authentication service is configured during authentication. For example:
public void ConfigureServices(IServiceCollection services)
{
// Code omitted for brevity
services.AddAuthentication()
.AddCookie(options => {
options.LoginPath = "/Account/Unauthorized/";
options.AccessDeniedPath = "/Account/Forbidden/";
})
.AddJwtBearer(options => {
options.Audience = "http://localhost:5001/";
options.Authority = "http://localhost:5000/";
});
In the preceding code, two authentication handlers have been added: one for cookies and one for bearer.
Selecting the scheme with the Authorize attribute
[Authorize(AuthenticationSchemes =
JwtBearerDefaults.AuthenticationScheme)]
public class MixedController : Controller
In the preceding code, only the handler with the "Bearer" scheme runs. Any cookie-based identities are ignored.
This is the solution which solved my problem and I thought it would be good to share it with you guys for those who need this.
这篇关于在ASP.NET Core 3.1中使用多种身份验证方案?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
