关于登录授权这一块这两天看了很多教程和博客,感觉太复杂了。挣扎了两天总算是满意了。
自定义一个认证过滤器,没有登录不允许访问。
过滤器是全局的,也就是说不用在每个控制器上加标签,如果有控制器不需要认证,加[AllowAnonymous]
标签就行。
用户名和密码提交到这个Action,用于登录。
LoginConroller.cs
[AllowAnonymous]//访问这个action不需要登录
[HttpPost]
public async Task<IActionResult> RequestLogin(Users users)
{
var user = _context.Users.Where(m => m.Name == users.Name && m.PassWord == users.PassWord).FirstOrDefault();//假装从数据库中取用户信息
if (user == null)
{
return Json(new { code = 200, msg = "账号密码错误" });
}
//一个claim 把它想作一对key和value。 new Claim(Key, Value),
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Name, user.Name),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
};
//ClaimsIdentity 把它想作一个身份证
var indentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
//ClaimsPrincipal表示一个人,把身份证给这个人
var principal = new ClaimsPrincipal(indentity);
//登录,写入cookie 把这个人传进去
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
return RedirectToAction("Index", "Home", _context.EnterAndLeaves.ToList());
}
然后登录了之后就有了Cookie存在浏览器中,还需要过滤器
新建一个类AuthenFilterAttribute .cs
namespace CeWenAdmin.Filter
{
public class AuthenFilterAttribute : IAuthorizationFilter
{
//每个action执行之前都会进入这个方法
public void OnAuthorization(AuthorizationFilterContext context)
{
//如果不通过认证 重定向到/Login/User页
if (context.HttpContext.User.Identity.IsAuthenticated || HasAllowAnonymous(context)==true) return;
context.Result = new RedirectToActionResult("Login", "User",null);
}
//用于判断Action有没有AllowAnonymous标签,微软写的
private bool HasAllowAnonymous(AuthorizationFilterContext context)
{
var filters = context.Filters;
for (var i = 0; i < filters.Count; i++)
{
if (filters[i] is IAllowAnonymousFilter)
{
return true;
}
}
var endpoint = context.HttpContext.GetEndpoint();
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
{
return true;
}
return false;
}
}
}
Startup.cs
一些配置
public void ConfigureServices(IServiceCollection services)
{
//添加过滤器
services.AddControllersWithViews(option=> { option.Filters.Add(typeof(AuthenFilterAttribute)); });
....
//配置authorrize
services.AddAuthentication(b =>
{
b.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
b.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
b.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie(b =>
{
b.LoginPath = "/User/Login";
b.Cookie.Name = "msc_auth_name";
b.Cookie.Path = "/";
b.Cookie.HttpOnly = true;
b.ExpireTimeSpan = TimeSpan.FromHours(5);
});
....
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env){
....
app.UseAuthentication();
app.UseAuthorization();
...
}