ASP.NET Identity简介及简单使用
2018-03-08 22:31
417 查看
ASP.NET Identity简介Why Identity?ASP.NET Identity wasdesigned to solve site membership requirements.Reference: http://www.asp.net/identity 一、Advantageof ASP.Net Identity
微软在.NET Framework 4.5 中推出了ASP.NET Identity,它为ASP.NET 应用程序提供了一系列的API用来管理和维护用户,有以下优点:易于集成:ASP.NET Identity 可以用在所有的 ASP.NET 框架上,例如 ASP.NET MVC, Web Forms,Web Pages,ASP.NET Web API持久化:默认情况下,ASP.NET Identity将用户所有的数据存储在数据库中。ASP.NET Identity 使用 Entity Framework 实现其所有的检索和持久化机制。通过Code First,你可以对数据库架构的完全控制,一些常见的任务例如改变表名称、改变主键数据类型等都可以很轻易地完成。基于声明的:ASP.NET Identity 支持基于声明的身份验证,它使用一组"声明"来表示用户的身份标识。相对于"角色","声明"能使开发人员能够更好地描述用户的身份标识。"角色"本质上只是一个布尔类型(即"属于"或"不属于"特定角色),而一个"声明"可以包含更多关于用户标识和成员资格的信息。 二、ASP.NETIdentity主要组成部分
ApplicationUser和ApplicationDbContext分别继承自己Microsoft.AspNet.Identity.EntityFramework的IdentityUser和IdentityDbContext。但与用户相关的操作实际上是通过Microsoft.AspNet.Identity.Core的 UserManager类来完成的,而UserManager的所有操作最终是由UserStore实现。
三、传统ASP.NET身份验证方式安全问题一直是ASP.NET的关注点。其中,Windows验证和表单验证(Forms Authentication)就是ASP.NET两种主要的安全机制。 Windows验证:一般用于局域网应用。使用Windows验证时,用户的Windows安全令牌在用户访问整个网站期间使用HTTP请求,进行消息发送。应用程序会使用这个令牌在本地(或者域)里验证用户账号的有效性,也会评估用户所在角色所具备的权限。当用户验证失败或者未授权时,浏览器就会定向到特定的页面让用户输入自己的安全凭证(用户名和密码)。 Forms验证:Windows验证的局限性非常明显,一旦用户有超出本地域控制器范围的外网用户访问网站,就会出现问题。ASP.NET表单验证(Forms Authentication)很好的弥补了这一缺陷。使用表单验证,ASP.NET需要验证加密的HTTP cookie或者查询字符串来识别用户的所有请求。cookie与ASP.NET会话机制(session)的关系密切,在会话超时或者用户关闭浏览器之后,会话和cookie就会失效,用户需要重新登录网站建立新的会话。 四、ASP.NETIdentity验证的原理讲到Identity的验证方式就绕不过Claims的认证方式,Claims认证最大的好处就是简单的隔离了验证(Authentication)和授权(Authorization)两个部分,但这也是它最大的优势。
.NET下Claims-based认证的主要由ClaimsIdentity以及ClaimsPrincipal这两个类组成,ClaimsIdentity可以理解为携带用户信息的证书,而ClaimsPrincipal可以理解为应用颁发的令牌,当然,认证机构可以是应用本身,也可以是实现Owin(OpenWeb Interface for .NET)方式的第三方认证。
来源:http://blog.csdn.net/MosMovon/article/details/50630390
public class AppUser : IdentityUser {
// 在这里添加额外的属性
}
$ DB Context一般我们需要改变Identity用到的数据库表的名称。默认的数据库表为:AspNetUsers、AspNetUserRoles、AspNetUserLogins、AspNetUserCliams、AspNetRoles。[c#] view plain copyusing System.Data.Entity;
using Microsoft.Asp.Net.Identity.EntityFramework;
public class AppIdentityDbContext : IdentityDbContext<AppUser> {
public AppIdentityDbContext() : base("IdentityDb") { }
public AppIdentityDbContext(string connectionString)
: base(connectionString) {
}
protected override void OnModelCreating(DbModelBuilder modelBuilder {
base.OnModelCreating(modelBuilder);
modelBuilder.Entity<AppUser>().ToTable("user");
modelBuilder.Entity<IdentityRole>().ToTable("role");
modelBuilder.Entity<IdentityUserRole>().ToTable("userrole");
modelBuilder.Entity<IdentityUserClaim>().ToTable("userclaim");
modelBuilder.Entity<IdentituUserLogin>().ToTable("userlogin");
}
}
$ DB 初始化如果你不熟悉Identity的数据库表的结构,可以通过代码让Identity自动创建。如果你比较熟悉,那我推荐用专业的数据库管理工具来创建,如MySQL Workbench。代码示例。一般初始化代码只需要执行一次,好好斟酌策略,防止数据被删。[c#] view plain copyusing System.Data.Entity;
public class AppIdentityDbContext : IdentityDbContext<AppUser> {
...
static AppIdentityDbContext() {
Database.SetInitializer<AppIdentityDbContext>(new IdentityDbInit());
}
}
[c#] view plain copyusing System.Data.Entity;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
public class IdentityDbInit : DropCreateDatabaseAlways<AppIdentityDbContext> {
protectedd override void Seed(AppIdentityDbContext context) {
this.InitAdmin(context);
base.Seed(context);
}
public void InitAdmin(AppIdentityDbContext context) {
string adminName = "admin";
string adminPassword = "changeme";
string adminRoleName = "Administrators";
// 创建用户
UserManager<AppUser> userManager = new UserManager<AppUser>(
new UserStore<AppUser>(context));
var user = new AppUser { UserName = adminName };
userManager.Create(user, adminPassword);
// 创建角色
RoleManager<IdentityRole> roleManager = new RoleManager<IdentityRole>(
new RoleStore<IdentityRole>(context));
var adminRole = roleManager.Create(new IdentityRole(adminRoleName));
// 给用户赋予角色
userManager.AddToRole(user.Id, adminRoleName);
}
}
$ 配置[c#] view plain copyusing Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Owin;
public class IdentityConfig {
public void Configuration(IAppBuilder app) {
app.CreatePerOwinContext<AppIdentityDbContext>(() => new AppIdentityDbContext());
app.CreatePerOwinContext<UserManager<AppUser>>(
(o, c) => new UserManager<AppUser>(new UserStore<AppUser>(
c.Get<AppIdentityDbContext>())));
app.CreatePerOwinContext<RoleManager<IdentityRole>>(
(o, c) => new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(
c.Get<AppIdentityDbContext>())));
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
}
}
<appSettings>
<add key="owin:AppStartup" value="IdentityConfig" />
...
</appSettings>
...
</configuration>
<configSections>
<section name="entityFramework"
type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework">
</configSections>
<system.data>
<DbProviderFactories>
<remove invariant="MySql.Data.MySqlClient" />
<add name="MySQL Data Provider"
invariant="MySql.Data.MySqlClient"
description=".Net Framework Data Provider for MySQL"
type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data" />
</DbProviderFactories>
</system.data>
<connectionStrings>
<add name="IdentityDb"
connectionString="server=192.168.0.9;user id=tester;password=changeme;database=IdentityDb"
providerName="MySql.Data.MySqlClient" />
</connectionStrings>
<entityFramework>
<providers>
<provider invariantName="MySql.Data.MySqlClient"
type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6" />
</providers>
</entityFramework>
</configuration>
[sql] view plain copyCREATE TABLE `user` (
`Id` varchar(128) NOT NULL,
`Email` varchar(256) DEFAULT NULL,
`EmailConfirmed` tinyint(1) NOT NULL,
`PasswordHash` longtext,
`SecurityStamp` longtext,
`PhoneNumber` longtext,
`PhoneNumberConfirmed` tinyint(1) NOT NULL,
`TwoFactorEnabled` tinyint(1) NOT NULL,
`LockoutEndDateUtc` datetime DEFAULT NULL,
`LockoutEnabled` tinyint(1) NOT NULL,
`AccessFailedCount` int(11) NOT NULL,
`UserName` varchar(256) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ Role
[c#] view plain copyCREATE TABLE `role` (
`Id` varchar(128) NOT NULL,
`Name` varchar(256) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserRole
[sql] view plain copyCREATE TABLE `userrole` (
`UserId` varchar(128) NOT NULL,
`RoleId` varchar(128) NOT NULL,
PRIMARY KEY (`UserId`,`RoleId`),
KEY `IdentityRole_Users` (`RoleId`),
CONSTRAINT `AppUser_Roles` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `IdentityRole_Users` FOREIGN KEY (`RoleId`) REFERENCES `role` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserClaim
[sql] view plain copyCREATE TABLE `userclaim` (
`Id` int(11) NOT NULL AUTO_INCREMENT,
`UserId` varchar(128) NOT NULL,
`ClaimType` longtext,
`ClaimValue` longtext,
PRIMARY KEY (`Id`),
UNIQUE KEY `Id` (`Id`),
KEY `UserId` (`UserId`),
CONSTRAINT `AppUser_Claims` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserLogin
[sql] view plain copyCREATE TABLE `userlogin` (
`LoginProvider` varchar(128) NOT NULL,
`ProviderKey` varchar(128) NOT NULL,
`UserId` varchar(128) NOT NULL,
PRIMARY KEY (`LoginProvider`,`ProviderKey`,`UserId`),
KEY `AppUser_Logins` (`UserId`),
CONSTRAINT `AppUser_Logins` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
public class AccountController : Controller {
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(string name, string password, string returnUrl) {
var userManager = HttpContext.GetOwinContext()
.GetUserManager<UserManager<AppUser>>();
var authManager = HttpContext.GetOwinContext().Authentication;
var user = userManager.Find(name, password);
if (user == null) {
// Invalid name or password
}
else {
ClaimsIdentity identity = userManager.CreateIdentity(
user, DefaultAuthenticationTypes.ApplicationCookie);
authManager.SignOut();
authManager.SignIn(identity);
return Redirect(returnUrl);
}
return View();
}
}
using System.Web;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
var userManager = HttpContext.Current.GetOwinContext()
.GetUserManager<UserManager<AppUser>>();
// 获取当前用户
IPrincipal principal = HttpContext.Current.User;
AppUser user = userManager.FindByName(principal.Identity.Name);
// 创建用户
var newUser = new AppUser { UserName = "Alice" };
varr password = "changeme";
userManager.Create(newUser, password);
// 删除用户
userManager.Delete(user);
// 修改用户信息
user.Email = "huangc126@126.com";
user.PasswordHash = userManager.PasswordHasher.HashPassword("secret");
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
var roleManager = HttpContext.Current.GetOwinContext()
.GetUserManager<RoleManager<IdentityRole>>();
// 创建角色
var newRole = new IdentityRole { Name = "Admin" };
roleManager.Create(newRole);
// 将角色授予用户
userManager.AddToRole(userId, role: "Admin");
// 移除用户的角色
userManager.RemoveFromRole(userId, role: "Admin");
// 删除角色
var role = roleManager.FindByName("Admin");
roleManager.Delete(role);
[Authorize(Roles = "Administrators")]
public class AdminController : Controller {
...
}
using System.Web;
using System.Web.Mvc;
[ClaimsAccess(Issuer = "RemoteClaims", ClaimType = ClaimTypes.PostalCode, Value = "123456")]
public ActionResult Action() {
...
}
public class ClaimsAccessAttribute : AuthorizeAttribute {
public string Issuer { get; set; }
public string ClaimType { get; set; }
public string Value { get; set; }
protected override bool AuthorizeCore(HttpContextBase context) {
return context.User.Identity.IsAuthenticated
&& context.User.Identity is ClaimsIdentity
&& ((ClaimnsIdentity)context.User.Identity).HasClaim(
c => c.Issuer == this.Issuer
&& c.Type == this.ClaimType
&& c.Value == this.Value);
}
}
微软在.NET Framework 4.5 中推出了ASP.NET Identity,它为ASP.NET 应用程序提供了一系列的API用来管理和维护用户,有以下优点:易于集成:ASP.NET Identity 可以用在所有的 ASP.NET 框架上,例如 ASP.NET MVC, Web Forms,Web Pages,ASP.NET Web API持久化:默认情况下,ASP.NET Identity将用户所有的数据存储在数据库中。ASP.NET Identity 使用 Entity Framework 实现其所有的检索和持久化机制。通过Code First,你可以对数据库架构的完全控制,一些常见的任务例如改变表名称、改变主键数据类型等都可以很轻易地完成。基于声明的:ASP.NET Identity 支持基于声明的身份验证,它使用一组"声明"来表示用户的身份标识。相对于"角色","声明"能使开发人员能够更好地描述用户的身份标识。"角色"本质上只是一个布尔类型(即"属于"或"不属于"特定角色),而一个"声明"可以包含更多关于用户标识和成员资格的信息。 二、ASP.NETIdentity主要组成部分
ApplicationUser和ApplicationDbContext分别继承自己Microsoft.AspNet.Identity.EntityFramework的IdentityUser和IdentityDbContext。但与用户相关的操作实际上是通过Microsoft.AspNet.Identity.Core的 UserManager类来完成的,而UserManager的所有操作最终是由UserStore实现。
三、传统ASP.NET身份验证方式安全问题一直是ASP.NET的关注点。其中,Windows验证和表单验证(Forms Authentication)就是ASP.NET两种主要的安全机制。 Windows验证:一般用于局域网应用。使用Windows验证时,用户的Windows安全令牌在用户访问整个网站期间使用HTTP请求,进行消息发送。应用程序会使用这个令牌在本地(或者域)里验证用户账号的有效性,也会评估用户所在角色所具备的权限。当用户验证失败或者未授权时,浏览器就会定向到特定的页面让用户输入自己的安全凭证(用户名和密码)。 Forms验证:Windows验证的局限性非常明显,一旦用户有超出本地域控制器范围的外网用户访问网站,就会出现问题。ASP.NET表单验证(Forms Authentication)很好的弥补了这一缺陷。使用表单验证,ASP.NET需要验证加密的HTTP cookie或者查询字符串来识别用户的所有请求。cookie与ASP.NET会话机制(session)的关系密切,在会话超时或者用户关闭浏览器之后,会话和cookie就会失效,用户需要重新登录网站建立新的会话。 四、ASP.NETIdentity验证的原理讲到Identity的验证方式就绕不过Claims的认证方式,Claims认证最大的好处就是简单的隔离了验证(Authentication)和授权(Authorization)两个部分,但这也是它最大的优势。
.NET下Claims-based认证的主要由ClaimsIdentity以及ClaimsPrincipal这两个类组成,ClaimsIdentity可以理解为携带用户信息的证书,而ClaimsPrincipal可以理解为应用颁发的令牌,当然,认证机构可以是应用本身,也可以是实现Owin(OpenWeb Interface for .NET)方式的第三方认证。
来源:http://blog.csdn.net/MosMovon/article/details/50630390
ASP.NET Identity 使用简介
2017-04-06 15:55 32人阅读 评论(0) 收藏 举报版权声明:本文为博主原创文章,未经博主允许不得转载。目录(?)[+]1. 什么是 ASP.NET Identity
ASP.NET Identity 是微软推出,用于在ASP.Net应用中管理用户的组件。 The mainstay for user management in recent years has been ASP.NET Membership, which has suffered from design choices. The biggest limitation is that the schema used to store the data worked only with SQL Server and was difficult to extend without re-implementing a lot of provider classes. The schema itself was overly complex, which made it harder to implement changes than it should have been. --Pro ASP.NET MVC 5 Platform2. 如何配置ASP.NET Identity with MySQL
2.1 配置ASP.NET Identity
2.1.1 安装相应的组件包
Microsoft.AspNet.Identity.EntityFrameworkMicrosoft.AspNet.Identity.OWINMicrosoft.Owin.Host.SystemWeb2.1.2 自定义核心组件
$ User model默认的user model是 IdentityUser(Microsoft.AspNet.Identity.EntityFramework)。这个类有12个内建的属性,如 Id、UserName、PasswordHash、Email等一般,根据业务需求,我们需要其它额外的属性。我们可以创建一个继承自IdentityUser的自定义类,在这个自定义类中添加额外的属性。[c#] view plain copyusing Microsoft.AspNet.Identity.EntityFrameworkpublic class AppUser : IdentityUser {
// 在这里添加额外的属性
}
$ DB Context一般我们需要改变Identity用到的数据库表的名称。默认的数据库表为:AspNetUsers、AspNetUserRoles、AspNetUserLogins、AspNetUserCliams、AspNetRoles。[c#] view plain copyusing System.Data.Entity;
using Microsoft.Asp.Net.Identity.EntityFramework;
public class AppIdentityDbContext : IdentityDbContext<AppUser> {
public AppIdentityDbContext() : base("IdentityDb") { }
public AppIdentityDbContext(string connectionString)
: base(connectionString) {
}
protected override void OnModelCreating(DbModelBuilder modelBuilder {
base.OnModelCreating(modelBuilder);
modelBuilder.Entity<AppUser>().ToTable("user");
modelBuilder.Entity<IdentityRole>().ToTable("role");
modelBuilder.Entity<IdentityUserRole>().ToTable("userrole");
modelBuilder.Entity<IdentityUserClaim>().ToTable("userclaim");
modelBuilder.Entity<IdentituUserLogin>().ToTable("userlogin");
}
}
$ DB 初始化如果你不熟悉Identity的数据库表的结构,可以通过代码让Identity自动创建。如果你比较熟悉,那我推荐用专业的数据库管理工具来创建,如MySQL Workbench。代码示例。一般初始化代码只需要执行一次,好好斟酌策略,防止数据被删。[c#] view plain copyusing System.Data.Entity;
public class AppIdentityDbContext : IdentityDbContext<AppUser> {
...
static AppIdentityDbContext() {
Database.SetInitializer<AppIdentityDbContext>(new IdentityDbInit());
}
}
[c#] view plain copyusing System.Data.Entity;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
public class IdentityDbInit : DropCreateDatabaseAlways<AppIdentityDbContext> {
protectedd override void Seed(AppIdentityDbContext context) {
this.InitAdmin(context);
base.Seed(context);
}
public void InitAdmin(AppIdentityDbContext context) {
string adminName = "admin";
string adminPassword = "changeme";
string adminRoleName = "Administrators";
// 创建用户
UserManager<AppUser> userManager = new UserManager<AppUser>(
new UserStore<AppUser>(context));
var user = new AppUser { UserName = adminName };
userManager.Create(user, adminPassword);
// 创建角色
RoleManager<IdentityRole> roleManager = new RoleManager<IdentityRole>(
new RoleStore<IdentityRole>(context));
var adminRole = roleManager.Create(new IdentityRole(adminRoleName));
// 给用户赋予角色
userManager.AddToRole(user.Id, adminRoleName);
}
}
$ 配置[c#] view plain copyusing Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Owin;
public class IdentityConfig {
public void Configuration(IAppBuilder app) {
app.CreatePerOwinContext<AppIdentityDbContext>(() => new AppIdentityDbContext());
app.CreatePerOwinContext<UserManager<AppUser>>(
(o, c) => new UserManager<AppUser>(new UserStore<AppUser>(
c.Get<AppIdentityDbContext>())));
app.CreatePerOwinContext<RoleManager<IdentityRole>>(
(o, c) => new RoleManager<IdentityRole>(new RoleStore<IdentityRole>(
c.Get<AppIdentityDbContext>())));
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
}
}
2.1.3 配置web.config
[xml] view plain copy<configuration><appSettings>
<add key="owin:AppStartup" value="IdentityConfig" />
...
</appSettings>
...
</configuration>
2.2 配置MySQL DB
2.2.1 安装相应的组件包
MySql.Data.Entity2.2.2 配置web.config
[xml] view plain copy<configuration><configSections>
<section name="entityFramework"
type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework">
</configSections>
<system.data>
<DbProviderFactories>
<remove invariant="MySql.Data.MySqlClient" />
<add name="MySQL Data Provider"
invariant="MySql.Data.MySqlClient"
description=".Net Framework Data Provider for MySQL"
type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data" />
</DbProviderFactories>
</system.data>
<connectionStrings>
<add name="IdentityDb"
connectionString="server=192.168.0.9;user id=tester;password=changeme;database=IdentityDb"
providerName="MySql.Data.MySqlClient" />
</connectionStrings>
<entityFramework>
<providers>
<provider invariantName="MySql.Data.MySqlClient"
type="MySql.Data.MySqlClient.MySqlProviderServices, MySql.Data.Entity.EF6" />
</providers>
</entityFramework>
</configuration>
2.2.3 创建DB
方法一:创建一个没有表的空DB,通过代码让Identity自动创建表。(见上文)方法二:创建一个带有所有Identity相关表的DB $ User[sql] view plain copyCREATE TABLE `user` (
`Id` varchar(128) NOT NULL,
`Email` varchar(256) DEFAULT NULL,
`EmailConfirmed` tinyint(1) NOT NULL,
`PasswordHash` longtext,
`SecurityStamp` longtext,
`PhoneNumber` longtext,
`PhoneNumberConfirmed` tinyint(1) NOT NULL,
`TwoFactorEnabled` tinyint(1) NOT NULL,
`LockoutEndDateUtc` datetime DEFAULT NULL,
`LockoutEnabled` tinyint(1) NOT NULL,
`AccessFailedCount` int(11) NOT NULL,
`UserName` varchar(256) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ Role
[c#] view plain copyCREATE TABLE `role` (
`Id` varchar(128) NOT NULL,
`Name` varchar(256) NOT NULL,
PRIMARY KEY (`Id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserRole
[sql] view plain copyCREATE TABLE `userrole` (
`UserId` varchar(128) NOT NULL,
`RoleId` varchar(128) NOT NULL,
PRIMARY KEY (`UserId`,`RoleId`),
KEY `IdentityRole_Users` (`RoleId`),
CONSTRAINT `AppUser_Roles` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION,
CONSTRAINT `IdentityRole_Users` FOREIGN KEY (`RoleId`) REFERENCES `role` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserClaim
[sql] view plain copyCREATE TABLE `userclaim` (
`Id` int(11) NOT NULL AUTO_INCREMENT,
`UserId` varchar(128) NOT NULL,
`ClaimType` longtext,
`ClaimValue` longtext,
PRIMARY KEY (`Id`),
UNIQUE KEY `Id` (`Id`),
KEY `UserId` (`UserId`),
CONSTRAINT `AppUser_Claims` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
$ UserLogin
[sql] view plain copyCREATE TABLE `userlogin` (
`LoginProvider` varchar(128) NOT NULL,
`ProviderKey` varchar(128) NOT NULL,
`UserId` varchar(128) NOT NULL,
PRIMARY KEY (`LoginProvider`,`ProviderKey`,`UserId`),
KEY `AppUser_Logins` (`UserId`),
CONSTRAINT `AppUser_Logins` FOREIGN KEY (`UserId`) REFERENCES `user` (`Id`)
ON DELETE CASCADE ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8
3. 如何使用ASP.NET Identity
3.1 认证(Authenticate)
[c#] view plain copyusing System.Security.Claims;using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
public class AccountController : Controller {
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(string name, string password, string returnUrl) {
var userManager = HttpContext.GetOwinContext()
.GetUserManager<UserManager<AppUser>>();
var authManager = HttpContext.GetOwinContext().Authentication;
var user = userManager.Find(name, password);
if (user == null) {
// Invalid name or password
}
else {
ClaimsIdentity identity = userManager.CreateIdentity(
user, DefaultAuthenticationTypes.ApplicationCookie);
authManager.SignOut();
authManager.SignIn(identity);
return Redirect(returnUrl);
}
return View();
}
}
3.2 用户操作
[c#] view plain copyusing System.Security.Principal;using System.Web;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
var userManager = HttpContext.Current.GetOwinContext()
.GetUserManager<UserManager<AppUser>>();
// 获取当前用户
IPrincipal principal = HttpContext.Current.User;
AppUser user = userManager.FindByName(principal.Identity.Name);
// 创建用户
var newUser = new AppUser { UserName = "Alice" };
varr password = "changeme";
userManager.Create(newUser, password);
// 删除用户
userManager.Delete(user);
// 修改用户信息
user.Email = "huangc126@126.com";
user.PasswordHash = userManager.PasswordHasher.HashPassword("secret");
3.3 角色管理
[c#] view plain copyusing System.Web;using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
var roleManager = HttpContext.Current.GetOwinContext()
.GetUserManager<RoleManager<IdentityRole>>();
// 创建角色
var newRole = new IdentityRole { Name = "Admin" };
roleManager.Create(newRole);
// 将角色授予用户
userManager.AddToRole(userId, role: "Admin");
// 移除用户的角色
userManager.RemoveFromRole(userId, role: "Admin");
// 删除角色
var role = roleManager.FindByName("Admin");
roleManager.Delete(role);
3.4 授权(Authorization)
3.4.1 基于角色的授权
[c#] view plain copyusing System.Web.Mv;[Authorize(Roles = "Administrators")]
public class AdminController : Controller {
...
}
3.4.2 基于声明(Claim)的授权
[c#] view plain copyusing System.Security.Claims;using System.Web;
using System.Web.Mvc;
[ClaimsAccess(Issuer = "RemoteClaims", ClaimType = ClaimTypes.PostalCode, Value = "123456")]
public ActionResult Action() {
...
}
public class ClaimsAccessAttribute : AuthorizeAttribute {
public string Issuer { get; set; }
public string ClaimType { get; set; }
public string Value { get; set; }
protected override bool AuthorizeCore(HttpContextBase context) {
return context.User.Identity.IsAuthenticated
&& context.User.Identity is ClaimsIdentity
&& ((ClaimnsIdentity)context.User.Identity).HasClaim(
c => c.Issuer == this.Issuer
&& c.Type == this.ClaimType
&& c.Value == this.Value);
}
}
4. 小结
ASP.NET Identity非常灵活,支持各种扩展,对中小型系统来说足够用了。虽然看上去有点麻烦,但即使是小系统,我也建议用Identity。因为自己去搞一套太麻烦,又容易出错。我们应该把更多的精力花在业务实现上,而不是去抠底层技术细节来源:http://blog.csdn.net/hchaoh/article/details/69390918
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- ASP.NET Identity简介及简单使用
- ASP.NET Identity简介及简单使用
- ASP.NET Identity简介及简单使用
- Asp.Net MVC 5使用Identity之简单的注册和登陆
- Microsoft.AspNet.Identity 的简单使用
- Asp.Net MVC 5使用Identity之简单的注册和登陆
- ASP.NET Identity 使用简介
- 简介使用ASP.NET访问Oracle数据库的方法
- asp.net中水晶报表的简单使用
- 简介使用ASP.NET访问Oracle数据库的方法
- Asp.net中水晶报表的简单使用
- (五)asp.net ajax框架的简单使用
- ORM,ASP.NET中ORM学习,ASP.NET中ORM学习心得,WEB2.0中ORM实现原理,Asp.net简单ORM示例源码详细讲解,Asp.net2.0:如何使用ObjectDataSource(配合ORM )
- 在ASP.NET中使用AJAX的简单方法 转载
- 简介使用ASP.NET访问Oracle数据库的方法
- 使用ASP.NET实现Friendly URL的最简单方法
- IronPython for ASP.NET:使用IronPython创建一个简单的Web页面
- 使用xml+asp.net打造简单的站点导航&管理站点友情链接
- asp.net 2.0 FileUpload控件的简单使用
- 在ASP.NET中使用AJAX的简单方法