我的书签
添加书签
移除书签ASP.NET Core 中的策略方案Policy schemes in ASP.NET Core
本文内容
使用身份验证策略方案,可以更方便地使用多种方法。例如,策略方案可能使用 Google 身份验证,并对其他所有内容使用 cookie 身份验证。身份验证策略方案:
- 可以轻松地将任何身份验证操作转发到另一个方案。
- 根据请求动态转发。
使用派生 AuthenticationSchemeOptions 和关联的AuthenticationHandler<TOptions >的所有身份验证方案:
- 是 ASP.NET Core 2.1 及更高版本中自动的策略方案。
- 可以通过配置方案的选项来启用。
public class AuthenticationSchemeOptions{/// <summary>/// If set, this specifies a default scheme that authentication handlers should/// forward all authentication operations to, by default. The default forwarding/// logic checks in this order:/// 1. The most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut/// 2. The ForwardDefaultSelector/// 3. ForwardDefault/// The first non null result is used as the target scheme to forward to./// </summary>public string ForwardDefault { get; set; }/// <summary>/// If set, this specifies the target scheme that this scheme should forward/// AuthenticateAsync calls to. For example:/// Context.AuthenticateAsync("ThisScheme") =>/// Context.AuthenticateAsync("ForwardAuthenticateValue");/// Set the target to the current scheme to disable forwarding and allow/// normal processing./// </summary>public string ForwardAuthenticate { get; set; }/// <summary>/// If set, this specifies the target scheme that this scheme should forward/// ChallengeAsync calls to. For example:/// Context.ChallengeAsync("ThisScheme") =>/// Context.ChallengeAsync("ForwardChallengeValue");/// Set the target to the current scheme to disable forwarding and allow normal/// processing./// </summary>public string ForwardChallenge { get; set; }/// <summary>/// If set, this specifies the target scheme that this scheme should forward/// ForbidAsync calls to.For example:/// Context.ForbidAsync("ThisScheme")/// => Context.ForbidAsync("ForwardForbidValue");/// Set the target to the current scheme to disable forwarding and allow normal/// processing./// </summary>public string ForwardForbid { get; set; }/// <summary>/// If set, this specifies the target scheme that this scheme should forward/// SignInAsync calls to. For example:/// Context.SignInAsync("ThisScheme") =>/// Context.SignInAsync("ForwardSignInValue");/// Set the target to the current scheme to disable forwarding and allow normal/// processing./// </summary>public string ForwardSignIn { get; set; }/// <summary>/// If set, this specifies the target scheme that this scheme should forward/// SignOutAsync calls to. For example:/// Context.SignOutAsync("ThisScheme") =>/// Context.SignOutAsync("ForwardSignOutValue");/// Set the target to the current scheme to disable forwarding and allow normal/// processing./// </summary>public string ForwardSignOut { get; set; }/// <summary>/// Used to select a default scheme for the current request that authentication/// handlers should forward all authentication operations to by default. The/// default forwarding checks in this order:/// 1. The most specific ForwardAuthenticate/Challenge/Forbid/SignIn/SignOut/// 2. The ForwardDefaultSelector/// 3. ForwardDefault./// The first non null result will be used as the target scheme to forward to./// </summary>public Func<HttpContext, string> ForwardDefaultSelector { get; set; }}
示例Examples
下面的示例演示了结合较低级别方案的更高级别的方案。Google 身份验证用于质询,cookie 身份验证用于所有其他操作:
public void ConfigureServices(IServiceCollection services){services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options => options.ForwardChallenge = "Google").AddGoogle(options => { });}
下面的示例基于每个请求启用动态选择方案。也就是说,如何混合使用 cookie 和 API 身份验证:
public void ConfigureServices(IServiceCollection services){services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>{// For example, can foward any requests that start with /api// to the api scheme.options.ForwardDefaultSelector = ctx =>ctx.Request.Path.StartsWithSegments("/api") ? "Api" : null;}).AddYourApiAuth("Api");}
