厦门外贸网站建设报价表,阿里巴巴网站怎么做推广,做网站渠道,全国手工活外发加工平台目录
一#xff1a;说明
二#xff1a;传统鉴权授权的基本配置
三 #xff1a;角色配置说明
四#xff1a;策略鉴权授权
五#xff1a;策略鉴权授权Requirement扩展
总结 一#xff1a;说明
鉴权#xff1a;是指验证你是否登录#xff0c;你登录后的身份是什么。…目录
一说明
二传统鉴权授权的基本配置
三 角色配置说明
四策略鉴权授权
五策略鉴权授权Requirement扩展
总结 一说明
鉴权是指验证你是否登录你登录后的身份是什么。
授权是指验证你的权限你的身份有没有权限做这个事。
二传统鉴权授权的基本配置
Program关键代码
//表示整个应用程序调用CreateBuilder方法创建一个WebApplicationBuilder对象。
//初始化当前应用程序的管道容器
using Microsoft.AspNetCore.Authentication.Cookies;var builder WebApplication.CreateBuilder(args);
//向管道容器添加注册中间件
//添加注册控制器视图中间件
builder.Services.AddControllersWithViews();
//添加注册Session中间件
builder.Services.AddSession();
//添加注册鉴权中间件
builder.Services.AddAuthentication(option
{option.DefaultAuthenticateScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultChallengeScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignInScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultForbidScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignOutScheme CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option
{//鉴权授权失败跳转登录视图option.LoginPath /Home/Login;//没有权限跳转指定视图option.AccessDeniedPath /Home/NoAuthority;
});
//配置管道容器中间件构造WebApplication实例
var app builder.Build();
//判断是否是开发模式
if (!app.Environment.IsDevelopment())
{//向管道中添加中间件该中间件将捕获异常、记录异常、重置请求路径并重新执行请求。app.UseExceptionHandler(/Shared/Error);//向管道中添加用于使用HSTS的中间件该中间件添加了Strict Transport Security标头。默认值为30天app.UseHsts();
}
//向管道添加Session中间件
app.UseSession();
//向管道添加用于将HTTP请求重定向到HTTPS的中间件。
app.UseHttpsRedirection();
//向管道添加为当前请求路径启用静态文件服务
app.UseStaticFiles();
//向管道添加路由配置中间件
app.UseRouting();
//向管道添加鉴权中间件
app.UseAuthentication();
//向管道添加授权中间件
app.UseAuthorization();
//向管道添加默认路由中间件
app.MapControllerRoute(name: default,pattern: {controllerHome}/{actionIndex}/{id?});
//向管道添加启动应用程序中间件
app.Run();
User关键代码
using System.ComponentModel.DataAnnotations;namespace Study_ASP.NET_Core_MVC.Models
{public class User{public int UserId { get; set; }[Display(Name账号)]public string? UserName { get; set; }public string? Account { get; set; }[Display(Name 密码)]public string? UserPwd { get; set; }[DataType(DataType.EmailAddress)][Display(Name 邮箱)]public string? UserEmail { get; set;}public DateTime LoginTime { get; set; }}
}Home控制器代码
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Study_ASP.NET_Core_MVC.Models;
using System.Diagnostics;
using System.Security.Claims;namespace Study_ASP.NET_Core_MVC.Controllers
{public class HomeController : Controller{private readonly ILoggerHomeController _logger;public HomeController(ILoggerHomeController logger){_logger logger;}/// summary/// Get请求/// 默认授权/// /summary/// returns/returns[HttpGet][Authorize]public IActionResult Index(){var user HttpContext.User;return View();}/// summary/// Get请求/// /summary/// returns/returnspublic IActionResult NoAuthority(){return View();}/// summary/// Get请求/// 登录视图/// /summary/// returns/returns[HttpGet]public IActionResult Login(){return View();}/// summary/// Post请求/// 登录视图/// /summary/// param nameUserName/param/// param nameUserPwd/param/// returns/returns[HttpPost]public async TaskIActionResult Login(string UserName,string UserPwd){if (VinCente.Equals(UserName) 123456.Equals(UserPwd)){var claims new ListClaim(){new Claim(UserId,1),new Claim(ClaimTypes.Role,Admin),new Claim(ClaimTypes.Role,User),new Claim(ClaimTypes.Name,${UserName}---来自于Cookies),new Claim(ClaimTypes.Email,$VinCente123.com),new Claim(Password,UserPwd),new Claim(Account,Administrator),new Claim(Role,admin),new Claim(QQ,7257624)};ClaimsPrincipal userPrincipal new ClaimsPrincipal(new ClaimsIdentity(claims, UserMessage));HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties{//过期时间30分钟ExpiresUtc DateTime.UtcNow.AddSeconds(30)}).Wait();var user HttpContext.User;return base.Redirect(/Home/Index);}else{base.ViewBag.Message 账号或密码错误;}return await Task.FromResultIActionResult(View());}}
}
视图代码
using Study_ASP.NET_Core_MVC.Models;model User
{ViewBag.Title 登录;
}h2登录/h2
div classrowdiv classcol-md-8section idloginFormusing (Html.BeginForm(Login, Home, new { sid 123, Account VinCente },FormMethod.Post, true, new { class form-horizontal, role form })){Html.AntiForgeryToken()hr /Html.ValidationSummary(true)div classmb-3 rowHtml.LabelFor(m m.UserName, new { class col-sm-1 col-form-label })div classcol-md-6Html.TextBoxFor(m m.UserName, new { class form-control, placeholder请输入账号 })/div/divdiv classmb-3 rowHtml.LabelFor(m m.UserPwd, new { class col-md-1 control-label })div classcol-md-6Html.PasswordFor(m m.UserPwd, new { class form-control,placeholder请输入密码 })/div/divdiv classmb-3 rowdiv classcol-md-offset-2 col-md-6button typesubmit classbtn btn-primary mb-3登录/buttonbase.ViewBag.Message/div/div}/section/div
/div
三 角色配置说明
标记多个角色授权控制器代码
/// summary/// Get请求/// 默认授权/// 授权给角色为Admin的用户,可以访问/// 授权给角色为User的用户可以访问/// 授权给角色为Tracher的用户不可以访问VinCente用户没有Teacher授权/// 同时授权给用户多个角色Roles时必须同时满足角色Roles才可以访问/// /summary/// returns/returns[HttpGet]//[Authorize][Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles Admin)]//[Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles User)]//[Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles Teacher)]public IActionResult Index(){var user HttpContext.User;return View();}
标记单个角色授权控制器代码
/// summary/// Get请求/// 默认授权/// 授权给角色为Admin和User的用户,包含其中一个角色可以访问/// 授权给角色为User和Teacher的用户包含其中一个角色可以访问/// 授权给角色为Tracher和Admin的用户包含其中一个角色可以访问/// 授权给角色为System和Teacher的用户不包含其中一个角色不可以访问/// /summary/// returns/returns[HttpGet]//[Authorize][Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles Admin,User)]//[Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles User,Teacher)]//[Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles Teacher,Admin)]//[Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Roles System,Teacher)]public IActionResult Index(){var user HttpContext.User;return View();}
四策略鉴权授权
Program关键代码
//表示整个应用程序调用CreateBuilder方法创建一个WebApplicationBuilder对象。
//初始化当前应用程序的管道容器
using Microsoft.AspNetCore.Authentication.Cookies;
using System.Security.Claims;var builder WebApplication.CreateBuilder(args);
//向管道容器添加注册中间件
//添加注册控制器视图中间件
builder.Services.AddControllersWithViews();
//添加注册Session中间件
builder.Services.AddSession();
//添加注册鉴权授权中间件
builder.Services.AddAuthentication(option
{option.DefaultAuthenticateScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultChallengeScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignInScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultForbidScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignOutScheme CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option
{//鉴权授权失败跳转登录视图option.LoginPath /Home/Login;//没有权限跳转指定视图option.AccessDeniedPath /Home/NoAuthority;
});
//添加注册策略鉴权授权中间件
builder.Services.AddAuthorization(option
{//注册一个为RolePolicy的策略授权option.AddPolicy(RolePolicy, policyBuilder {//必须包含某个角色//policyBuilder.RequireRole(Teacher);//必须包含Account条件//policyBuilder.RequireClaim(Account);//必须包含指定条件policyBuilder.RequireAssertion(context {return context.User.HasClaim(c c.Type ClaimTypes.Role) context.User.Claims.First(c c.Type.Equals(ClaimTypes.Role)).Value Admin context.User.Claims.Any(c c.Type ClaimTypes.Name);});//policyBuilder.AddRequirements(new QQEmailRequirement());});
});
//配置管道容器中间件构造WebApplication实例
var app builder.Build();
//判断是否是开发模式
if (!app.Environment.IsDevelopment())
{//向管道中添加中间件该中间件将捕获异常、记录异常、重置请求路径并重新执行请求。app.UseExceptionHandler(/Shared/Error);//向管道中添加用于使用HSTS的中间件该中间件添加了Strict Transport Security标头。默认值为30天app.UseHsts();
}
//向管道添加Session中间件
app.UseSession();
//向管道添加用于将HTTP请求重定向到HTTPS的中间件。
app.UseHttpsRedirection();
//向管道添加为当前请求路径启用静态文件服务
app.UseStaticFiles();
//向管道添加路由配置中间件
app.UseRouting();
//向管道添加鉴权中间件
app.UseAuthentication();
//向管道添加授权中间件
app.UseAuthorization();
//向管道添加默认路由中间件
app.MapControllerRoute(name: default,pattern: {controllerHome}/{actionIndex}/{id?});
//向管道添加启动应用程序中间件
app.Run();
控制器代码
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Study_ASP.NET_Core_MVC.Models;
using System.Diagnostics;
using System.Security.Claims;namespace Study_ASP.NET_Core_MVC.Controllers
{public class HomeController : Controller{private readonly ILoggerHomeController _logger;public HomeController(ILoggerHomeController logger){_logger logger;}/// summary/// Get请求/// 策略授权/// /summary/// returns/returns[HttpGet][Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Policy RolePolicy)]public IActionResult Index(){var user HttpContext.User;return View();}/// summary/// Get请求/// /summary/// returns/returnspublic IActionResult NoAuthority(){return View();}/// summary/// Get请求/// 登录视图/// /summary/// returns/returns[HttpGet]public IActionResult Login(){return View();}/// summary/// Post请求/// 登录视图/// /summary/// param nameUserName/param/// param nameUserPwd/param/// returns/returns[HttpPost]public async TaskIActionResult Login(string UserName, string UserPwd){if (VinCente.Equals(UserName) 123456.Equals(UserPwd)){var claims new ListClaim(){new Claim(UserId,1),new Claim(ClaimTypes.Role,Admin),new Claim(ClaimTypes.Role,User),new Claim(ClaimTypes.Name,${UserName}---来自于Cookies),new Claim(ClaimTypes.Email,$VinCente123.com),new Claim(Password,UserPwd),new Claim(Account,Administrator),new Claim(Role,admin),new Claim(QQ,7257624)};ClaimsPrincipal userPrincipal new ClaimsPrincipal(new ClaimsIdentity(claims, UserMessage));HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties{//过期时间30分钟ExpiresUtc DateTime.UtcNow.AddSeconds(30)}).Wait();var user HttpContext.User;return base.Redirect(/Home/Index);}else{base.ViewBag.Message 账号或密码错误;}return await Task.FromResultIActionResult(View());}}
}
五策略鉴权授权Requirement扩展
IUserService代码
namespace Study_ASP.NET_Core_MVC.Models
{public interface IUserService{public bool Validata(string userId, string qq);}
}UserService代码
namespace Study_ASP.NET_Core_MVC.Models
{public class UserService: IUserService{public bool Validata(string userId, string qq){//在这里去链接数据库去校验这个QQ是否正确return true;}}
}QQEmailRequirement代码
using Microsoft.AspNetCore.Authorization;namespace Study_ASP.NET_Core_MVC.Models
{public class QQEmailRequirement:IAuthorizationRequirement{}
}QQHandler代码
using Microsoft.AspNetCore.Authorization;namespace Study_ASP.NET_Core_MVC.Models
{public class QQHandler:AuthorizationHandlerQQEmailRequirement{//初始化构造函数private IUserService _UserService;public QQHandler(IUserService userService){this._UserService userService;}protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, QQEmailRequirement requirement){if (context.User.Claims.Count() 0){return Task.CompletedTask;}string userId context.User.Claims.First(c c.Type UserId).Value;string qq context.User.Claims.First(c c.Type QQ).Value;if (_UserService.Validata(userId, qq)){//验证通过context.Succeed(requirement);}return Task.CompletedTask;}}
}Program关键代码
//表示整个应用程序调用CreateBuilder方法创建一个WebApplicationBuilder对象。
//初始化当前应用程序的管道容器
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Study_ASP.NET_Core_MVC.Models;
using System.Security.Claims;var builder WebApplication.CreateBuilder(args);
//向管道容器添加注册中间件
//添加注册控制器视图中间件
builder.Services.AddControllersWithViews();
//添加注册Session中间件
builder.Services.AddSession();
//添加注册鉴权授权中间件
builder.Services.AddAuthentication(option
{option.DefaultAuthenticateScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultChallengeScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignInScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultForbidScheme CookieAuthenticationDefaults.AuthenticationScheme;option.DefaultSignOutScheme CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option
{//鉴权授权失败跳转登录视图option.LoginPath /Home/Login;//没有权限跳转指定视图option.AccessDeniedPath /Home/NoAuthority;
});
//添加注册策略鉴权授权中间件
builder.Services.AddAuthorization(option
{//注册一个为RolePolicy的策略授权option.AddPolicy(RolePolicy, policyBuilder {//必须包含某个角色//policyBuilder.RequireRole(Teacher);//必须包含Account条件//policyBuilder.RequireClaim(Account);//必须包含指定条件policyBuilder.RequireAssertion(context {return context.User.HasClaim(c c.Type ClaimTypes.Role) context.User.Claims.First(c c.Type.Equals(ClaimTypes.Role)).Value Admin context.User.Claims.Any(c c.Type ClaimTypes.Name);});policyBuilder.AddRequirements(new QQEmailRequirement());});
});
//添加注册策略鉴权授权中间件外部文件
builder.Services.AddTransientIUserService, UserService();
builder.Services.AddTransientIAuthorizationHandler, QQHandler();
//配置管道容器中间件构造WebApplication实例
var app builder.Build();
//判断是否是开发模式
if (!app.Environment.IsDevelopment())
{//向管道中添加中间件该中间件将捕获异常、记录异常、重置请求路径并重新执行请求。app.UseExceptionHandler(/Shared/Error);//向管道中添加用于使用HSTS的中间件该中间件添加了Strict Transport Security标头。默认值为30天app.UseHsts();
}
//向管道添加Session中间件
app.UseSession();
//向管道添加用于将HTTP请求重定向到HTTPS的中间件。
app.UseHttpsRedirection();
//向管道添加为当前请求路径启用静态文件服务
app.UseStaticFiles();
//向管道添加路由配置中间件
app.UseRouting();
//向管道添加鉴权中间件
app.UseAuthentication();
//向管道添加授权中间件
app.UseAuthorization();
//向管道添加默认路由中间件
app.MapControllerRoute(name: default,pattern: {controllerHome}/{actionIndex}/{id?});
//向管道添加启动应用程序中间件
app.Run();
控制器代码
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Study_ASP.NET_Core_MVC.Models;
using System.Diagnostics;
using System.Security.Claims;namespace Study_ASP.NET_Core_MVC.Controllers
{public class HomeController : Controller{private readonly ILoggerHomeController _logger;public HomeController(ILoggerHomeController logger){_logger logger;}/// summary/// Get请求/// 策略授权/// /summary/// returns/returns[HttpGet][Authorize(AuthenticationSchemes CookieAuthenticationDefaults.AuthenticationScheme, Policy RolePolicy)]public IActionResult Index(){var user HttpContext.User;return View();}/// summary/// Get请求/// /summary/// returns/returnspublic IActionResult NoAuthority(){return View();}/// summary/// Get请求/// 登录视图/// /summary/// returns/returns[HttpGet]public IActionResult Login(){return View();}/// summary/// Post请求/// 登录视图/// /summary/// param nameUserName/param/// param nameUserPwd/param/// returns/returns[HttpPost]public async TaskIActionResult Login(string UserName, string UserPwd){if (VinCente.Equals(UserName) 123456.Equals(UserPwd)){var claims new ListClaim(){new Claim(UserId,1),new Claim(ClaimTypes.Role,Admin),new Claim(ClaimTypes.Role,User),new Claim(ClaimTypes.Name,${UserName}---来自于Cookies),new Claim(ClaimTypes.Email,$VinCente123.com),new Claim(Password,UserPwd),new Claim(Account,Administrator),new Claim(Role,admin),new Claim(QQ,7257624)};ClaimsPrincipal userPrincipal new ClaimsPrincipal(new ClaimsIdentity(claims, UserMessage));HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties{//过期时间30分钟ExpiresUtc DateTime.UtcNow.AddSeconds(30)}).Wait();var user HttpContext.User;return base.Redirect(/Home/Index);}else{base.ViewBag.Message 账号或密码错误;}return await Task.FromResultIActionResult(View());}}
} 总结 使用传统鉴权授权的基本配置验证用户是否登录如果当前没有用户信息直接跳转至登录视图在Program文件中配置登录之后可以正常访问被标记为[Authorize]的控制器或控制器方法由于控制器代码中HttpPost的Login方法中写明用户角色。搭配角色使用在控制器或控制器方法上标记可以访问该控制器或方法的角色除了当前标记的角色外都不可以访问该控制器或控制器方法。搭配策略使用在特殊的控制器或控制器上标记可以访问该控制器或方法的策略名称符合该策略的用户可以访问。不能访问的用户直接跳转至Home控制器下的NoAuthority方法中的视图提醒用户没有权限访问该方法。通过使用AddRequirements扩展可以自定义验证用户鉴权授权。
