亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

asp.net core的認證和授權

發布時間:2020-08-11 19:03:36 來源:網絡 閱讀:6126 作者:桂素偉 欄目:編程語言

在asp.net core中,微軟提供了基于認證(Authentication)和授權(Authorization)的方式,來實現權限管理的,本篇博文,介紹基于固定角色的權限管理和自定義角色權限管理,本文內容,更適合傳統行業的BS應用,而非互聯網應用。

在asp.net core中,我們認證(Authentication)通常是在Login的Post Action中進行用戶名或密碼來驗證用戶是否正確,如果通過驗證,即該用戶就會獲得一個或幾個特定的角色,通過ClaimTypes.Role來存儲角色,從而當一個請求到達時,用這個角色和Controller或Action上加的特性 [Authorize(Roles = "admin,system")]來授權是否有權訪問該Action。本文中的自定義角色,會把驗證放在中間件中進行處理。


  • 固定角色:

即把角色與具體的Controller或Action直接關聯起來,整個系統中的角色是固定的,每種角色可以訪問那些Controller或Action也是固定的,這做法比較適合小型項目,角色分工非常明確的項目。

項目代碼:

https://github.com/axzxs2001/Asp.NetCoreExperiment/tree/master/Asp.NetCoreExperiment/%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86/RolePrivilegeManagement

始于startup.cs

需要在ConfigureServices中注入Cookie的相關信息,options是CookieAuthenticationOptions,關于這個類型提供如下屬性,可參考:https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x

 

它提供了登錄的一些信息,或登錄生成Cookie的一些信息,用以后

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;

namespace RolePrivilegeManagement
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }


        public void ConfigureServices(IServiceCollection services)
        {        
            services.AddMvc();
            //添加認證Cookie信息
            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
             .AddCookie(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.AccessDeniedPath = new PathString("/denied");
             });
        }

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }
            app.UseStaticFiles();
            //驗證中間件
            app.UseAuthentication();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

HomeController.cs

對于Login Get的Action,把returnUrl用戶想要訪問的地址(有可能用戶記錄下想要訪問的url了,但系統會轉到登錄頁,登錄成功后直接跳轉到想要訪問的returnUrl頁)

對于Login Post的Action,驗證用戶密和密碼,成功能,定義一個ClaimsIdentity,把用戶名和角色,和用戶姓名的聲明都添回進來(這個角色,就是用來驗證可訪問action的角色 )作來該用戶標識,接下來調用HttpContext.SignInAsync進行登錄,注意此方法的第一個參數,必需與StartUp.cs中services.AddAuthentication的參數相同,AddAuthentication是設置登錄,SigninAsync是按設置參數進行登錄

對于Logout Get的Action,是退出登錄

HomeController上的[Authorize(Roles=”admin,system”)]角色和權限的關系時,所有Action只有admin和system兩個角色能訪問到,About上的[Authorize(Roles=”admin”)]聲明這個action只能admin角色訪問,Contact上的[Authorize(Roles=”system”)]聲明這個action只能system角色訪問,如果action上聲明的是[AllowAnomymous],說明不受授權管理,可以直接訪問。

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using RolePrivilegeManagement.Models;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;

namespace RolePrivilegeManagement.Controllers
{
    [Authorize(Roles = "admin,system")]
    public class HomeController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
        [Authorize(Roles = "admin")]
        public IActionResult About()
        {
            ViewData["Message"] = "Your application description page.";
            return View();
        }
        [Authorize(Roles = "system")]
        public IActionResult Contact()
        {
            ViewData["Message"] = "Your contact page.";
            return View();
        }
        public IActionResult Error()
        {
            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
        }
        [AllowAnonymous]
        [HttpGet("login")]
        public IActionResult Login(string returnUrl = null)
        {
            TempData["returnUrl"] = returnUrl;
            return View();
        }
        [AllowAnonymous]
        [HttpPost("login")]
        public async Task<IActionResult> Login(string userName, string password, string returnUrl = null)
        {
            var list = new List<dynamic> {
                new { UserName = "gsw", Password = "111111", Role = "admin",Name="桂素偉" },
                new { UserName = "aaa", Password = "222222", Role = "system",Name="測試A" }
            };
            var user = list.SingleOrDefault(s => s.UserName == userName && s.Password == password);
            if (user!=null)
            {
                //用戶標識
                var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
                identity.AddClaim(new Claim(ClaimTypes.Sid, userName));
                identity.AddClaim(new Claim(ClaimTypes.Name, user.Name));
                identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
                if (returnUrl == null)
                {
                    returnUrl = TempData["returnUrl"]?.ToString();
                }
                if (returnUrl != null)
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction(nameof(HomeController.Index), "Home");
                }
            }
            else
            {
                const string badUserNameOrPasswordMessage = "用戶名或密碼錯誤!";
                return BadRequest(badUserNameOrPasswordMessage);
            }
        }
        [HttpGet("logout")]
        public async Task<IActionResult> Logout()
        {
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            return RedirectToAction("Index", "Home");
        }
        [AllowAnonymous]
        [HttpGet("denied")]
        public IActionResult Denied()
        {
            return View();
        }
    }
}

前端_Layout.cshtml布局頁,在登錄成功后的任何頁面都可以用@User.Identity.Name就可以獲取用戶姓名,同時用@User.Claims.SingleOrDefault(s=>s.Type==System.Security.Claims.ClaimTypes.Sid).Value可以獲取用戶名或角色。

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>@ViewData["Title"] - RolePrivilegeManagement</title>

    <environment include="Development">
        <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" />
        <link rel="stylesheet" href="~/css/site.css" />
    </environment>
    <environment exclude="Development">
        <link rel="stylesheet" href="https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css"
              asp-fallback-href="~/lib/bootstrap/dist/css/bootstrap.min.css"
              asp-fallback-test-class="sr-only" asp-fallback-test-property="position" asp-fallback-test-value="absolute" />
        <link rel="stylesheet" href="~/css/site.min.css" asp-append-version="true" />
    </environment>
    <style>

        /* 未訪問的鏈接 */
        a.logout:link {
            color: #9d9d9d
        }
        /* 已訪問的鏈接 */
        a.logout:visited {
            color: #9d9d9d
        }
        /* 當有鼠標懸停在鏈接上 */
        a.logout:hover {
            color: #ffffff
        }
        /* 被選擇的鏈接 */
        a.logout:active {
            color: #9d9d9d
        }
        a.logout{
            text-decoration:none;
        }
        
    </style>
</head>
<body>
    <nav class="navbar navbar-inverse navbar-fixed-top">
        <div class="container">
            <div class="navbar-header">
                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
                    <span class="sr-only">Toggle navigation</span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                </button>
                <a asp-area="" asp-controller="Home" asp-action="Index" class="navbar-brand">RolePrivilegeManagement</a>
            </div>
            <div class="navbar-collapse collapse">
                <ul class="nav navbar-nav">
                    <li><a asp-area="" asp-controller="Home" asp-action="Index">Home</a></li>
                    <li><a asp-area="" asp-controller="Home" asp-action="About">About</a></li>
                    <li><a asp-area="" asp-controller="Home" asp-action="Contact">Contact</a></li>
                </ul>
                <ul class="" >
                    <li >
                        <div >
                            <span >當前用戶:@User.Identity.Name</span>
                        </div>
                        <div >
                            <a asp-area="" asp-controller="Home" asp-action="Logout" class="logout">注銷</a>
                        </div>
                    </li>
                </ul>
            </div>
        </div>
    </nav>
    <div class="container body-content">
        @RenderBody()
        <hr />
        <footer>
            <p>&copy; 2017 - RolePrivilegeManagement</p>
        </footer>
    </div>

    <environment include="Development">
        <script src="~/lib/jquery/dist/jquery.js"></script>
        <script src="~/lib/bootstrap/dist/js/bootstrap.js"></script>
        <script src="~/js/site.js" asp-append-version="true"></script>
    </environment>
    <environment exclude="Development">
        <script src="https://ajax.aspnetcdn.com/ajax/jquery/jquery-2.2.0.min.js"
                asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
                asp-fallback-test="window.jQuery"
                crossorigin="anonymous"
                integrity="sha384-K+ctZQ+LL8q6tP7I94W+qzQsfRV2a+AfHIi9k8z8l9ggpc8X+Ytst4yBo/hH+8Fk">
        </script>
        <script src="https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js"
                asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.min.js"
                asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
                crossorigin="anonymous"
                integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa">
        </script>
        <script src="~/js/site.min.js" asp-append-version="true"></script>
    </environment>

    @RenderSection("Scripts", required: false)
</body>
</html>

現在可以用chrome運行了,進行登錄頁后F12,查看Network—Cookies,可以看到有一個Cookie,這個是記錄returnUrl的Cookie,是否記得HomeController.cs中的Login Get的Action中代碼:TempData["returnUrl"]= returnUrl;這個TempData最后轉成了一個Cookie返回到客戶端了,如下圖:

asp.net core的認證和授權

輸入用戶名,密碼登錄,再次查看Cookies,發現多了一個.AspNetCore.Cookies,即把用戶驗證信息加密碼保存在了這個Cookie中,當跳轉到別的頁面時,這兩個Cookie會繼續在客戶端和服務傳送,用以驗證用戶角色。

asp.net core的認證和授權

  • 自定義角色

系統的角色可以自定義,用戶是自寫到義,權限是固定的,角色對應權限可以自定義,用戶對應角色也是自定義的,如下圖:

asp.net core的認證和授權

項目代碼:

https://github.com/axzxs2001/Asp.NetCoreExperiment/tree/master/Asp.NetCoreExperiment/%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86/PrivilegeManagement

始于startup.cs

自定義角色與固定角色不同之處在于多了一個中間件(關于中間件學習參看:https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware),即在Configure方法中,一定要在app.UseAuthentication下面添加驗證權限的中間件,因為UseAuthentication要從Cookie中加載通過驗證的用戶信息到Context.User中,所以一定放在加載完后才能去驗用戶信息(當然自己讀取Cookie也可以)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;
using PrivilegeManagement.Middleware;

namespace PrivilegeManagement
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }
        public IConfiguration Configuration { get; }

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
           .AddCookie(options =>
           {
               options.LoginPath = new PathString("/login");
               options.AccessDeniedPath = new PathString("/denied");
           }
           );
            services.AddMvc();
        }

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }

            app.UseStaticFiles();
            //驗證中間件
            app.UseAuthentication();
            ////添加權限中間件, 一定要放在app.UseAuthentication后
            app.UsePermission(new PermissionMiddlewareOption()
            {
                LoginAction = @"/login",
                NoPermissionAction = @"/denied",
                //這個集合從數據庫中查出所有用戶的全部權限
                UserPerssions = new List<UserPermission>()
                 {
                     new UserPermission { Url="/", UserName="gsw"},
                     new UserPermission { Url="/home/contact", UserName="gsw"},
                     new UserPermission { Url="/home/about", UserName="aaa"},
                     new UserPermission { Url="/", UserName="aaa"}
                 }
            });
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

下面看看中間件PermissionMiddleware.cs,在Invoke中用了context.User,如上面所述,首先要調用app.UseAuthentication加載用戶信息后才能在這里使用,這個中間件邏輯較簡單,如果沒有驗證的一律放過去,不作處理,如果驗證過(登錄成功了),就要查看本次請求的url和這個用戶可以訪問的權限是否匹配,如不匹配,就跳轉到拒絕頁面(這個是在Startup.cs中添加中間件時,用NoPermissionAction = @"/denied"設置的),這里定義了一個靜態的List<UserPermission>,這是為了熱更新此集合,而不需要用戶權限變更后重新整個web應用。

using Microsoft.AspNetCore.Http;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Claims;
using System.Threading.Tasks;

namespace PrivilegeManagement.Middleware
{
    /// <summary>
    /// 權限中間件
    /// </summary>
    public class PermissionMiddleware
    {
        /// <summary>
        /// 管道代理對象
        /// </summary>
        private readonly RequestDelegate _next;
        /// <summary>
        /// 權限中間件的配置選項
        /// </summary>
        private readonly PermissionMiddlewareOption _option;

        /// <summary>
        /// 用戶權限集合
        /// </summary>
        internal static List<UserPermission> _userPermissions;

        /// <summary>
        /// 權限中間件構造
        /// </summary>
        /// <param name="next">管道代理對象</param>
        /// <param name="permissionResitory">權限倉儲對象</param>
        /// <param name="option">權限中間件配置選項</param>
        public PermissionMiddleware(RequestDelegate next, PermissionMiddlewareOption option)
        {
            _option = option;
            _next = next;
            _userPermissions = option.UserPerssions;
        }       
        /// <summary>
        /// 調用管道
        /// </summary>
        /// <param name="context">請求上下文</param>
        /// <returns></returns>
        public Task Invoke(HttpContext context)
        {
            //請求Url
            var questUrl = context.Request.Path.Value.ToLower();
       
            //是否經過驗證
            var isAuthenticated = context.User.Identity.IsAuthenticated;
            if (isAuthenticated)
            {
                if (_userPermissions.GroupBy(g=>g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0)
                {
                    //用戶名
                    var userName = context.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Sid).Value;
                    if (_userPermissions.Where(w => w.UserName == userName&&w.Url.ToLower()==questUrl).Count() > 0)
                    {
                        return this._next(context);
                    }
                    else
                    {
                        //無權限跳轉到拒絕頁面
                        context.Response.Redirect(_option.NoPermissionAction);
                    }
                }
            }
            return this._next(context);
        }
    }
}

擴展中間件類PermissionMiddlewareExtensions.cs

using Microsoft.AspNetCore.Builder;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace PrivilegeManagement.Middleware
{
    /// <summary>
    /// 擴展權限中間件
    /// </summary>
    public static class PermissionMiddlewareExtensions
    {
        /// <summary>
        /// 引入權限中間件
        /// </summary>
        /// <param name="builder">擴展類型</param>
        /// <param name="option">權限中間件配置選項</param>
        /// <returns></returns>
        public static IApplicationBuilder UsePermission(
              this IApplicationBuilder builder, PermissionMiddlewareOption option)
        {
            return builder.UseMiddleware<PermissionMiddleware>(option);
        }

    }
}

中間件屬性PermissionMiddlewareOption.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace PrivilegeManagement.Middleware
{
    /// <summary>
    /// 權限中間件選項
    /// </summary>
    public class PermissionMiddlewareOption
    {
        /// <summary>
        /// 登錄action
        /// </summary>
        public string LoginAction
        { get; set; }
        /// <summary>
        /// 無權限導航action
        /// </summary>
        public string NoPermissionAction
        { get; set; }

        /// <summary>
        /// 用戶權限集合
        /// </summary>
        public List<UserPermission> UserPerssions
        { get; set; } = new List<UserPermission>();
    }
}

中間件實體類UserPermission.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace PrivilegeManagement.Middleware
{
    /// <summary>
    /// 用戶權限
    /// </summary>
    public class UserPermission
    {
        /// <summary>
        /// 用戶名
        /// </summary>
        public string UserName
        { get; set; }
        /// <summary>
        /// 請求Url
        /// </summary>
        public string Url
        { get; set; }
    }
}

關于自定義角色,因為不需要授權時帶上角色,所以可以定義一個基Controller類BaseController.cs,其他的Controller都繼承BaseController,這樣所有的action都可以通過中間件來驗證,當然像登錄,無權限提示頁面還是在Action上加[AllowAnomymous]

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace PrivilegeManagement.Controllers
{
    [Authorize]
    public class BaseController:Controller
    {
    }
}

HomeController.cs如下,與固定角色的HomeController.cs差異只在Controller和Action上的Authorize特性。

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using PrivilegeManagement.Models;
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication;

namespace PrivilegeManagement.Controllers
{
 
    public class HomeController : BaseController
    {
        public IActionResult Index()
        {
            return View();
        }

        public IActionResult About()
        {
            ViewData["Message"] = "Your application description page.";
            
            return View();
        }

        public IActionResult Contact()
        {
            ViewData["Message"] = "Your contact page.";

            return View();
        }

        public IActionResult Error()
        {
            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
        }
        [AllowAnonymous]
        [HttpGet("login")]
        public IActionResult Login(string returnUrl = null)
        {
            TempData["returnUrl"] = returnUrl;
            return View();
        }
        [AllowAnonymous]
        [HttpPost("login")]
        public async Task<IActionResult> Login(string userName,string password, string returnUrl = null)
        {
            var list = new List<dynamic> {
                new { UserName = "gsw", Password = "111111", Role = "admin",Name="桂素偉" },
                new { UserName = "aaa", Password = "222222", Role = "system",Name="測試A" }
            };
            var user = list.SingleOrDefault(s => s.UserName == userName && s.Password == password);
            if (user != null)
            {
                //用戶標識
                var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
                identity.AddClaim(new Claim(ClaimTypes.Sid, userName));
                identity.AddClaim(new Claim(ClaimTypes.Name, user.Name));
                identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
                if (returnUrl == null)
                {
                    returnUrl = TempData["returnUrl"]?.ToString();
                }
                if (returnUrl != null)
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction(nameof(HomeController.Index), "Home");
                }
            }
            else
            {
                const string badUserNameOrPasswordMessage = "用戶名或密碼錯誤!";
                return BadRequest(badUserNameOrPasswordMessage);
            }
        }
        [HttpGet("logout")]
        public async Task<IActionResult> Logout()
        {
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            return RedirectToAction("Index", "Home");
        }
        [HttpGet("denied")]
        public IActionResult Denied()
        {
            return View();
        }
    }

 
}


全部代碼:https://github.com/axzxs2001/Asp.NetCoreExperiment/tree/master/Asp.NetCoreExperiment/%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

闽侯县| 万安县| 滨州市| 沂南县| 鹰潭市| 岐山县| 十堰市| 探索| 平邑县| 息烽县| 长阳| 弋阳县| 凤翔县| 景东| 中西区| 肥东县| 三门峡市| 德庆县| 渝北区| 绥江县| 华亭县| 纳雍县| 柞水县| 甘洛县| 鹰潭市| 临猗县| 镇坪县| 新竹市| 浦县| 临安市| 东乡| 德庆县| 泗阳县| 平利县| 方正县| 年辖:市辖区| 寻甸| 武义县| 雅安市| 金平| 体育|