Security Cookies登录验证核心详解

Posted ms_senda

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Security Cookies登录验证核心详解相关的知识,希望对你有一定的参考价值。

using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.DependencyInjection;

namespace CookieSessionSample
{
    public class Startup
    {
        public void ConfigureServices(IServiceCollection services)
        {
            // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            }).AddCookie(o => o.SessionStore = new MemoryCacheTicketStore());
        }

        public void Configure(IApplicationBuilder app)
        {
            app.UseAuthentication();

            app.Run(async context =>
            {
                if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                {    //正常验证流程不是写这里,这里意思是上述验证发现未登录,
                //一般可以通过自定义用户密码验证操作通过验证后,构建下属登录凭证
                    // Make a large identity
                    var claims = new List<Claim>(1001);
                    claims.Add(new Claim(ClaimTypes.Name, "bob"));
                    for (int i = 0; i < 1000; i++)
                    {
                        claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                    }

                    //写入登录验证方案与凭证到Cookies
                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                        new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)));   

                    context.Response.ContentType = "text/plain";
                    await context.Response.WriteAsync("Hello First timer");
                    return;
                }

                context.Response.ContentType = "text/plain";
                await context.Response.WriteAsync("Hello old timer");
            });
        }
    }
}

以上是关于Security Cookies登录验证核心详解的主要内容,如果未能解决你的问题,请参考以下文章

Spring Security登录验证流程源码解析

Spring Security---ONE

Spring Security HTTP Basic for RESTFul 和 FormLogin (Cookies) for web - 注释

spring security相关认证类详解

Selenium—通过cookies跳过验证码登录

使用cookies进行身份验证登录