Asp.Net Core登陆授权及身份认证

Asp.Net Core依然借助于 Microsoft.AspNetCore.Authentication的认证组件。

首先在启动类Start中，添加入下代码：

/// <summary>
///
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = "_AdminTicketCookie";
o.LoginPath = new PathString("/Account/Login");
o.LogoutPath = new PathString("/Account/Login");
o.AccessDeniedPath = new PathString("/Error/Forbidden");
});
services.AddTransient<TiKu.Application.Interfaces.IAdminService, TiKu.Application.AdminService>();
services.AddMvc();
}

主要是添加认证和Cookie服务。

其次，配置中间件：

app.UseAuthentication();//添加授权中间件 必须卸载app.UseMvc();之前。

登陆页面处理：

/// <summary>
/// <![CDATA[登陆]]>
/// </summary>
/// <param name="model"></param>
/// <returns></returns>
[HttpPost]
public async Task<ActionResult> Login(Models.LoginViewModel model)
{
//模型验证通过后
if (ModelState.IsValid)
{
TiKu.Domain.Entity.tb_Admin admin = null;
//验证用户名密码
if (_AdminService.CheckAccountAndPassword(account: model.account,
password: model.password,
admin: out admin))
{
var identity = new
ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);//一定要声明AuthenticationScheme
identity.AddClaim(new Claim(ClaimTypes.Name, admin.Id.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Sid, model.account));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, model.account));

await HttpContext.SignInAsync(identity.AuthenticationType,
new ClaimsPrincipal(identity),
new AuthenticationProperties
{
IsPersistent = true,
RedirectUri = "/Home/Index",
});
}
else
{
await HttpContext.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
ModelState.AddModelError("", "用户名或密码错误！");
}
}
return View(model);
}

通过调用HttpContext的SignInAsync方法，实现登陆授权。这里需要注意的是保证前后AuthenticationType类型一致。