Shulou(Shulou.com)06/03 Report--

How to get started with dentity in ASP.NETCore, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

In fact, Identity is also a specific use of the authentication system, we must regard Authentication and Identity as two things, once confused, you will easily fall into it.

Let's talk about the authentication system in ASP.NET Core. Don't be afraid, it's actually very simple, it's all practical information.

Getting Started

You should still remember Mr. Obama in the previous article. He no longer lives in Washington. He has traveled to China. Now he lives in Beijing. These days, he heard that the scenery of the West Lake is good. So he booked a high-speed ticket from Beijing to Hangzhou in 12306. After getting the tickets, he showed us:

Today is 11.11, Obama is very happy, you know the reason. It was almost time to leave, so he took the ticket to the railway station gate and just handed the ID card and the train ticket to the inspector. "cut", the director shouted. Nima was making a movie.

The director said: Obama, your performance is too bad, stop acting, you play the ticket inspector, let Xiao Li play Obama who is going to travel route. Obama said reluctantly: "well, I hope Xiao Li can stand you."

"action", the director shouted again, the story begins.

AuthenticationManager

After Obama became a ticket inspector, he was very happy, because he had the power, he could control whether others could get on the bus, and maybe he could secretly put a few people in to make some extra money.

After knowing what he could do, he felt that the name of ticket inspector was simply too low. Soon, he had a new high-end name, certified administrator (AuthenticationManager), and he felt that he should be in the whole core position. Why? If you think about it, whether such a huge railway manned system can have income and money depends on whether he lets people in. If no one is put in, the other large group of people will have to drink in the northwest wind.

At this point, smart students may already know what kind of core position Obama has put himself. Yeah, he put himself in the HttpContext. How's it going? It's core enough.

This extends the first knowledge point: the location of AuthenticationManager.

Some students found public abstract ClaimsPrincipal User {get; set;} in the screenshot above. Isn't this the "document party" we talked about in the previous article? isn't that the role Xiao Li plays now? Yes, this User is Xiao Li in this article. You found him hiding here in advance, hehe.

There is another point of knowledge, that is, AuthenticationScheme. What does it mean? Let's see.

Obama dares to put himself in such a core position also has his ability, how to put it? For example, when someone hands over an ID card and a train ticket during ticket checking, how to verify that these two documents are legal? Here is Obama's proposed verification plan for two types of documents:

Plan 1, for the verification of the ID card, you can check whether it is consistent with the ID card avatar, and whether the age is in line with the specific age of the parties.

Option 2, for the verification of the train ticket, you can see whether the train number and time is in line with the departure target, and you can also see whether the identity number on the ticket is consistent with the ID card.

Among them, each scheme, corresponding to an AuthenticationScheme (verification scheme name), is not clear.

This is the second knowledge point. AuthenticationScheme is very important.

Once you know Obama's responsibilities, it's easy to write the code:

Public abstract class AuthenticationManager {/ / AuthenticateContext contains the context that requires authentication, including Xiao Li public abstract Task AuthenticateAsync (AuthenticateContext context); / handshake public abstract Task ChallengeAsync (string authenticationScheme, AuthenticationProperties properties, ChallengeBehavior behavior); / / login to public abstract Task SignInAsync (string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties); / / login to public abstract Task SignOutAsync (string authenticationScheme, AuthenticationProperties properties);}

Obama as a ticket inspector, has an authentication method, AuthenticateAsync (), note that this is one of its core functions, the other several can not be, but only can not do without this function, without which he can not be called a ticket inspector.

Then there is a handshake ChallengeAsync, login to SignInAsync and login to SignOutAsync. Let's talk about the author's understanding of these three methods.

ChallengeAsync: a process about handshaking defined by the community protocol file RFC2167 in the HTTP Authentication process, mainly summary authentication (digest authentication).

Is not a bit professional, do not understand, nothing, there is a popular version. Xiao Li is about to enter the station. At this time, Xiao Li asked our ticket inspector, Mr. Obama.

Xiao Li: "Hello, ticket inspector, may I enter the station?"

Ticket inspector Obama: "do you want to catch the train? yes, may I see your ID, please?"

Xiao Li: "OK, here is my ID card. Could you check it?"

Ticket inspector Obama: "well, the papers are fine. Go in."

Such a process is a digest-challenge or question-and-answer process. Do you understand the principle of ChallengeAsync? Isn't it easy.

SignInAsync,SignOutAsync: personally, I think these two should not be put here, because they do not belong to the responsibility of authentication, nor do they belong to the content stipulated in the agreement. But these two methods do need to be abstracted, and a separate interface should be extracted for storage. As for why, it may be due to the following reasons:

1. The abstraction of login and logout is closely combined with authentication. In most cases, the storage of authentication data needs to be carried out in SignIn. For example, Cookies Authentication middleware saves Cookie in the SignIn method.

2. The object AuthenticationManager is in HttpContext.

In the context, based on the principle of abstraction and encapsulation, it is appropriate to put it in it, so that it can be easily called by the user.

The introduction to AuthenticationManager is over, isn't it very simple?

IAuthenticationHandler

Some students may ask, if AuthenticationManager does not provide an interface, it is only an abstract class, then if the custom authentication method must inherit it, which is unfriendly to developers and runs counter to the concept of interface-oriented programming. Well, that's true, so here comes the interface:

Public interface IAuthenticationHandler {void GetDescriptions (DescribeSchemesContext context); Task AuthenticateAsync (AuthenticateContext context); Task ChallengeAsync (ChallengeContext context); Task SignInAsync (SignInContext context); Task SignOutAsync (SignOutContext context);}

This interface is extended in the AuthenticationManager implementation class DefaultAuthenticationManager, so you don't have to look at the source code, remember that if you need to rewrite authentication-related things in the future, just implement IAuthenticationHandler.

Authentication middleware

For the preliminary implementation of IAuthenticationHandler, encapsulate the abstract class AuthenticationHandler, and leave the specific core functions to the downstream to implement. The following CookieAuthentication middleware core class CookieAuthenticationHandler is inherited from AuthenticationHandler, so it is enough to know.

CookieAuthentication middleware

The story continues. After receiving the ID card and train ticket handed by Xiao Li, Obama first scanned the train ticket on a QR code machine, and then brushed it on a machine with his ID card. After verification, it was found that there was no problem. So he picked up the seal and stamped it with a "check".

What happened in the middle?

First of all, in the process of QR code scanning, the QR code machine will parse the QR code on your train ticket, and if it is found that the parsing has failed, it will directly respond to the authentication failure. Which means you're not getting into the station.

If the parsing is successful, you will get the information in your bill, and then get the party information in your bill to verify whether it is on the blacklist of the Railway Administration.

If the verification is passed, an identification code will be issued to you and an identification code that matches your identity will be written into your train ticket and in the computer system next to the ticket inspector, that is, "verification".

In other words, this verification is a bit advanced, it will write some information into your train ticket chip, so what information will be written? 1. Obama's personal information. 2. Verify some up and down information on the way. 3. The verification scheme used.

I see, after that, it's easy to implement this verification method, right? The following is the core method HandleAuthenticateAsync () in the core class CookieAuthenticationHandler in CookieAuthentication middleware, which you can also understand as the AuthenticateAsync of the implemented IAuthenticationHandler interface:

Protected override async Task HandleAuthenticateAsync () {/ / parse QR code var result = await EnsureCookieTicket (); if (! result.Succeeded) {return result;} / / verify the party information from the QR code var context = new CookieValidatePrincipalContext (Context, result.Ticket, Options); await Options.Events.ValidatePrincipal (context); if (context.Principal = = null) {return AuthenticateResult.Fail ("No principal.") } if (context.ShouldRenew) {RequestRefresh (result.Ticket);} / / verify, write to the chip return AuthenticateResult.Success (new AuthenticationTicket (context.Principal, context.Properties, Options.AuthenticationScheme);}

HandleSignInAsync

Our story continues...

After Obama finished checking the ticket, he gave the ticket to Xiao Li. After Xiao Li got the ticket, the director shouted "cut" again.

Why did it stop again? Xiao Li and Obama were full of doubts. The director said, "Obama, you did a good job as a ticket inspector. You'd better continue to play your own role. I'll give you a double lunch at noon. Xiao Li, you play the ticket inspector."

Obama is still very happy to hear that he can have two box lunches.

The director of "action" shouted.

Obama took the ticket and walked to the train stop inside the station. When he got to the door of the train to enter, another person appeared. Obama knew that this person registered passengers in the car (ps: generally speaking, passenger registration is in the process of the train. Here we assume that the passenger registrant is diligent and watches at the door of the car.) After the registration, Obama was let in.

So, what did you do in the registration process?

First of all, the registrar's handheld device will analyze the information written in the chip inside the train ticket, and find that there is no problem, so he begins to register the information in his own register, which mainly contains the information of the ticket owner, the expiration time, the examiner and so on.

So the whole process is a process of HandleSignInAsync. In program terms, the Cookie login context information is assembled and written to the header of the Http stream, and then to the client browser cookie.

At this point, the whole process is over, let's take a look at the code:

/ / the flow in the method, I only listed the core part, and completely deleted protected override async Task HandleSignInAsync (SignInContext signin) {/ / parse the information in the chip var result = await EnsureCookieTicket (); / / organize login context, set expiration time, etc. / / use data protected to encrypt the information on the register var cookieValue = Options.TicketDataFormat.Protect (ticket); / / write to the browser header await ApplyHeaders (cookieValue);}

If you don't want to know more, you can ignore this part:

In the source code of the HandleSignInAsync function, there is a very clever design, which is await Options.Events.SignedIn (signedInContext); what is such a code for? And before and after a total of two calls, do any students know why? I'm going to give the answer in the next article.

Remember the ClaimsPrincipal User in the previous HttpContext? It is the role that Xiao Li temporarily replaced, and now it is worth it. He is Obama.

After sitting in his seat, Obama took a six-hour journey from Beijing to Hangzhou. I had to admire the speed of China's high-speed rail. After enjoying the scenery of the evening West Lake, Obama sent us a picture:

At this point, the whole workflow of CookieAuthentication middleware is over and the story is over.

The above is the story behind these two lines of code:

Var user = new ClaimsPrincipal (new ClaimsIdentity (new [] {new Claim (ClaimTypes.Name, "Obama")}, CookieAuthenticationDefaults.AuthenticationScheme)); await HttpContext.Authentication.SignInAsync (CookieAuthenticationDefaults.AuthenticationScheme, user); does it help you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.