gpt4 book ai didi

c# - 如何在 ASP.NET Core 2.0 中设置多个身份验证方案?

转载 作者:行者123 更新时间:2023-12-02 00:00:13 25 4
gpt4 key购买 nike

我正在尝试将我的身份验证内容迁移到 Core 2.0,但在使用我自己的身份验证方案时遇到问题。我的服务启动时的设置如下所示:

var authenticationBuilder = services.AddAuthentication(options =>
{
options.AddScheme("myauth", builder =>
{
builder.HandlerType = typeof(CookieAuthenticationHandler);
});
})
.AddCookie();

我在 Controller 中的登录代码如下所示:

var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, user.Name)
};

var props = new AuthenticationProperties
{
IsPersistent = persistCookie,
ExpiresUtc = DateTime.UtcNow.AddYears(1)
};

var id = new ClaimsIdentity(claims);
await HttpContext.SignInAsync("myauth", new ClaimsPrincipal(id), props);

但是当我在 Controller 或操作过滤器中时,我只有一个身份,而且它不是经过身份验证的身份:

var identity = context.HttpContext.User.Identities.SingleOrDefault(x => x.AuthenticationType == "myauth");

浏览这些更改很困难,但我猜我做的 .AddScheme 是错误的。有什么建议吗?

编辑:这是(本质上)一个干净的应用程序,不会在 User.Identities 上产生两组身份:

namespace WebApplication1.Controllers
{
public class Testy : Controller
{
public IActionResult Index()
{
var i = HttpContext.User.Identities;
return Content("index");
}

public async Task<IActionResult> In1()
{
var claims = new List<Claim> { new Claim(ClaimTypes.Name, "In1 name") };
var props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddYears(1) };
var id = new ClaimsIdentity(claims);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(id), props);
return Content("In1");
}

public async Task<IActionResult> In2()
{
var claims = new List<Claim> { new Claim(ClaimTypes.Name, "a2 name") };
var props = new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddYears(1) };
var id = new ClaimsIdentity(claims);
await HttpContext.SignInAsync("a2", new ClaimsPrincipal(id), props);
return Content("In2");
}

public async Task<IActionResult> Out1()
{
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return Content("Out1");
}

public async Task<IActionResult> Out2()
{
await HttpContext.SignOutAsync("a2");
return Content("Out2");
}
}
}

和启动:

namespace WebApplication1
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}

public IConfiguration Configuration { get; }

public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie("a2");

services.AddMvc();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();

app.UseMvc(routes =>
{
routes.MapRoute(name: "default", template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}

最佳答案

2019 年 12 月编辑:请先考虑这个答案: Use multiple JWT Bearer Authentication

我的旧答案(不适合使用多个 JWT,而只适合使用 JWT + API key ,正如用户评论的那样):

另一种可能性是在运行时确定选择哪种身份验证策略方案,我曾经遇到过可以拥有 http 身份验证承载 token header 或 cookie 的情况。

所以,感谢https://github.com/aspnet/Security/issues/1469

如果请求 header 中有 JWT token ,则为 OpenIdConnect (Azure AD) 或其他任何 token 。

public void ConfigureServices(IServiceCollection services)
{
// Add CORS
services.AddCors();

// Add authentication before adding MVC
// Add JWT and Azure AD (that uses OpenIdConnect) and cookies.
// Use a smart policy scheme to choose the correct authentication scheme at runtime
services
.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = "smart";
sharedOptions.DefaultChallengeScheme = "smart";
})
.AddPolicyScheme("smart", "Authorization Bearer or OIDC", options =>
{
options.ForwardDefaultSelector = context =>
{
var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
if (authHeader?.StartsWith("Bearer ") == true)
{
return JwtBearerDefaults.AuthenticationScheme;
}
return OpenIdConnectDefaults.AuthenticationScheme;
};
})
.AddJwtBearer(o =>
{
o.Authority = Configuration["JWT:Authentication:Authority"];
o.Audience = Configuration["JWT:Authentication:ClientId"];
o.SaveToken = true;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddAzureAd(options => Configuration.Bind("AzureAd", options));

services
.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
// Authentication is required by default
config.Filters.Add(new AuthorizeFilter(policy));
config.RespectBrowserAcceptHeader = true;
});

...

}

2019 年 7 月编辑:我必须添加以下提案的链接,因为它也非常有帮助:您不能像我一样在 AddAuthentication() 中使用参数,因为这会设置一个默认方案。一切都在这里得到了很好的解释: Use multiple JWT Bearer Authentication 。我真的很喜欢这种其他方法!

关于c# - 如何在 ASP.NET Core 2.0 中设置多个身份验证方案?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45695382/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com