如何在 ASP.NET Core 2.0 中根据路由配置服务身份验证 [英] How to ConfigureServices Authentication based on routes in ASP.NET Core 2.0

问题描述

在 ASP.NET Core 1.x 中，我可以在 Configure 中使用身份验证方法，但现在在 ASP.NET Core 2.0 中，我必须在 <中设置所有内容em>ConfigureServices 并且无法在 Configure 方法中进行配置.例如

In ASP.NET Core 1.x I could use authentication methods in Configure but now in ASP.NET Core 2.0 I have to set everything in ConfigureServices and can't configure it in Configure method. For example

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication()
            .AddCookie()
            .AddXX();
}

然后在

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    ....
    app.UseAuthentication();
}

在过去，我可以使用类似的东西

in the past, I could use something like

app.UseOpenIdConnectAuthentication();

我不能再这样配置了.

那么我现在如何在 ASP.NET Core 2.0 中使用这样的东西?

so how I can use something like this now in ASP.NET Core 2.0?

app.Map(new PathString("/MyPath"), i => i.UseMyAuthMethod());

推荐答案

在 2.0 中，执行 per-route 身份验证的最佳选择是使用自定义 IAuthenticationSchemeProvider:

In 2.0, the best option to do per-route authentication is to use a custom IAuthenticationSchemeProvider:

public class CustomAuthenticationSchemeProvider : AuthenticationSchemeProvider
{
    private readonly IHttpContextAccessor httpContextAccessor;

    public CustomAuthenticationSchemeProvider(
        IHttpContextAccessor httpContextAccessor,
        IOptions<AuthenticationOptions> options)
        : base(options)
    {
        this.httpContextAccessor = httpContextAccessor;
    }

    private async Task<AuthenticationScheme> GetRequestSchemeAsync()
    {
        var request = httpContextAccessor.HttpContext?.Request;
        if (request == null)
        {
            throw new ArgumentNullException("The HTTP request cannot be retrieved.");
        }

        // For API requests, use authentication tokens.
        if (request.Path.StartsWithSegments("/api"))
        {
            return await GetSchemeAsync(OAuthValidationDefaults.AuthenticationScheme);
        }

        // For the other requests, return null to let the base methods
        // decide what's the best scheme based on the default schemes
        // configured in the global authentication options.
        return null;
    }

    public override async Task<AuthenticationScheme> GetDefaultAuthenticateSchemeAsync() =>
        await GetRequestSchemeAsync() ??
        await base.GetDefaultAuthenticateSchemeAsync();

    public override async Task<AuthenticationScheme> GetDefaultChallengeSchemeAsync() =>
        await GetRequestSchemeAsync() ??
        await base.GetDefaultChallengeSchemeAsync();

    public override async Task<AuthenticationScheme> GetDefaultForbidSchemeAsync() =>
        await GetRequestSchemeAsync() ??
        await base.GetDefaultForbidSchemeAsync();

    public override async Task<AuthenticationScheme> GetDefaultSignInSchemeAsync() =>
        await GetRequestSchemeAsync() ??
        await base.GetDefaultSignInSchemeAsync();

    public override async Task<AuthenticationScheme> GetDefaultSignOutSchemeAsync() =>
        await GetRequestSchemeAsync() ??
        await base.GetDefaultSignOutSchemeAsync();
}

不要忘记在 DI 容器中注册它(理想情况下，作为单例):

Don't forget to register it in the DI container (ideally, as a singleton):

// IHttpContextAccessor is not registered by default
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton<IAuthenticationSchemeProvider, CustomAuthenticationSchemeProvider>();

这篇关于如何在 ASP.NET Core 2.0 中根据路由配置服务身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！