认证authentication,基于声明式认证
基于HttpContext的认证的扩展,SignIn、SignOut、Authenticate 、Challenge、 Forbid 、 GetTocken,调用AuthenticationService同名方法执行
在aspnetcore的http下authentication.abstrations与authentication.core对关键抽象进行描述,Security下则是Authentication则是具体的实现
服务注入 AddAuthentication,最重要三个对象AuthenticationService、 AuthenticationHandlerProvider、AuthenticationSchemeProvider三个重要对象
services.AddAuthenticationCore(); services.AddDataProtection(); services.AddWebEncoders(); services.TryAddSingleton<ISystemClock, SystemClock>(); return new AuthenticationBuilder(services); public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, string defaultScheme) => services.AddAuthentication(o => o.DefaultScheme = defaultScheme); public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, Action<AuthenticationOptions> configureOptions) services.Configure(configureOptions);
通过AddAuthentication返回的AuthenticationBuilder 通过AddJwtBearer(或者AddCookie)来指定Scheme类型和需要验证的参数
在Startup类中的Configure方法通过添加UseAuthentication注册认证中间件(AuthenticationMiddleware),在认证过程中,通过AuthenticationSchemeProvider获取正确的Scheme,在AuthenticationService中通过Scheme和AuthenticationHandlerProvider获取正确的AuthenticationHandler,最后通过对应的AuthenticationHandler的AuthenticateAsync方法进行认证流程
1、AuthenticationOption
scheme:有cookie, bearer, oauth, openid等等,保存着IList<AuthenticationSchemeBuilder> schemes
DefaultScheme、DefaultAuthenticateScheme、DefaultSignInScheme、DefaultSignOutScheme、DefaultChallengeScheme、DefaultForbidScheme??
什么时候赋值??schememap对应是哪个AuthenticationSchemeBuilder,即使用哪个IAuthenticationHandle(方法有InitializeAsync、AuthenticateAsync、ChallengeAsync、ForbidAsync,Signin SignOut方法单独出来)处理
public interface IAuthenticationRequestHandler : IAuthenticationHandler { /// <summary> /// Returns true if request processing should stop. /// </summary> /// <returns><see langword="true" /> if request processing should stop.</returns> Task<bool> HandleRequestAsync(); } /// <summary> /// Used to determine if a handler supports SignIn. /// </summary> public interface IAuthenticationSignInHandler : IAuthenticationSignOutHandler { /// <summary> /// Handle sign in. /// </summary> /// <param name="user">The <see cref="ClaimsPrincipal"/> user.</param> /// <param name="properties">The <see cref="AuthenticationProperties"/> that contains the extra meta-data arriving with the authentication.</param> /// <returns>A task.</returns> Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties); } public interface IAuthenticationSignOutHandler : IAuthenticationHandler { /// <summary> /// Signout behavior. /// </summary> /// <param name="properties">The <see cref="AuthenticationProperties"/> that contains the extra meta-data arriving with the authentication.</param> /// <returns>A task.</returns> Task SignOutAsync(AuthenticationProperties properties); }
它的通用方法是AddScheme(),即增加到IList<AuthenticationSchemeBuilder>,每一个schemeName映射 Dictionary< schemeName , AuthenticationSchemeBuilder> schememap
原文:https://www.cnblogs.com/cloudsu/p/12050483.html