@model TestBasicAuthor.Model.User <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> @using (Html.BeginForm()) { <table> <tr> <td></td> <td>@ViewBag.ErrMsg</td> </tr> <tr> <td>UserName</td> <td>@Html.TextBoxFor(m => m.UserName)</td> </tr> <tr> <td>Password</td> <td>@Html.PasswordFor(m => m.Password)</td> </tr> <tr> <td></td> <td><button>Login</button></td> </tr> </table> } </body> </html>
打开HomeController.cs
添加一个Action, AuthPage.
[Authorize] [HttpGet] public IActionResult AuthPage() { return View(); }
在Views/Home下添加一个视图,名为AuthPage.cshtml
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <h1>Auth page</h1> <p>if you are not authorized, you can't visit this page.</p> </body> </html>
到此,一个基础的身份认证就完成了,核心登陆方法如下:
await HttpContext.Authentication.SignInAsync("Cookie", userPrincipal, new AuthenticationProperties { ExpiresUtc = DateTime.UtcNow.AddMinutes(20), IsPersistent = false, AllowRefresh = false });
启用验证如下:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie", LoginPath = new PathString("/Account/Login"), AccessDeniedPath = new PathString("/Account/Forbidden"), AutomaticAuthenticate = true, AutomaticChallenge = true }); }
在某个Controller或Action添加[Author],即可配置位需要登陆验证的页面。