欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

AspNetCore2身份验证

程序员文章站 2022-04-06 14:26:30
1、在Startup类的Configure方法,添加身份验证的中间件AuthenticationMiddleware 2、在Startup类的ConfigureServices方法,添加Cookie验证的服务,使用Cookies验证体系, CookieAuthenticationDefaults.A ......

1、在Startup类的Configure方法,添加身份验证的中间件AuthenticationMiddleware

 app.UseAuthentication();

2、在Startup类的ConfigureServices方法,添加Cookie验证的服务,使用Cookies验证体系,

CookieAuthenticationDefaults.AuthenticationScheme="Cookies"

  services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                {
                    options.AccessDeniedPath = "/Sys/Home/Index";
                    options.LoginPath = "/Sys/Home/Login";
                    options.Cookie.Name = "AuthCookie";
                    options.Cookie.Path = "/";
                    options.Cookie.Expiration = TimeSpan.FromMinutes(30);
                });

3、添加登录action,ClaimsIdentity(string authenticationType)的authenticationType必须和service设置的验证体系一样,才能正常验证,

 [HttpPost]
        [AllowAnonymous]
        public async Task<ActionResult> Login()
        {
            string AdminAccount = Request.Form["AdminAccount"];
            string Password = Request.Form["Password"];
            if (string.IsNullOrWhiteSpace(AdminAccount))
            {
                return JsonError("账号不能为空");
            }
            if (string.IsNullOrWhiteSpace(Password))
            {
                return JsonError("密码不能为空");
            }
            Admin admin = _context.Admins.FirstOrDefault(c => c.AdminAccount == AdminAccount && c.Password == Password);
            if (admin == null)
            {
                return JsonError("用户名或者密码错误");
            }
            ClaimsIdentity identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
            identity.AddClaim(new Claim(ClaimTypes.Name, admin.Id.ToString()));
            await HttpContext.SignInAsync(new ClaimsPrincipal(identity));
            return JsonSuccess();
        }

4、在需要验证的控制器上加[AuthorizeAttribute]特性,通过HttpContext.User.Identity.IsAuthenticated可判断用户是否已通过验证

5、退出登录Action

 /// <summary>
        /// 退出登录
        /// </summary>
        /// <returns></returns>
        public async Task<ActionResult> SignOut()
        {
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            return JsonSuccess();
        }