.NET Core 已经热了好一阵子,1.1版本发布后其可用性也越来越高,开源、组件化、跨平台、性能优秀、社区活跃等等标签再加上“微软爸爸”主推和大力支持,尽管现阶段对比.net framework还是比较“稚嫩”,但可以想象到它光明的前景。作为.net 开发者你是否已经开始尝试将项目迁移到.net core上?这其中要解决的一个较大的问题就是如何让你的.net core和老.net framework站点实现身份验证兼容!
1、第一篇章
我们先来看看.net core中对identity的实现,在Startup.cs的Configure中配置Cookie认证的相关属性
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "test", CookieName = "MyCookie" }); }
Controller
public IActionResult Index() { return View(); } public IActionResult Login() { return View(); } [HttpPost] public async Task<IActionResult> Login(string name) { var identity = new ClaimsIdentity( new List<Claim> { new Claim(ClaimTypes.Name,name, ClaimValueTypes.String) }, ClaimTypes.Authentication, ClaimTypes.Name, ClaimTypes.Role); var principal = new ClaimsPrincipal(identity); var properties = new AuthenticationProperties { IsPersistent = true }; await HttpContext.Authentication.SignInAsync("test", principal, properties); return RedirectToAction("Index"); }
login 视图
<!DOCTYPE html> <html> <head> <title>登录</title> </head> <body> <form asp-controller="Account" asp-action="Login" method="post"> <input type="text" /><input type="submit" value="提交" /> </form> </body> </html>
index 视图
<!DOCTYPE html> <html> <head> <title>欢迎您-@User.Identity.Name</title> </head> <body> @if (User.Identity.IsAuthenticated) { <p>登录成功!</p> } </body> </html>
下面是实现效果的截图:
ok,到此我们用.net core比较简单地实现了用户身份验证信息的保存和读取。
接着思考,如果我的.net framework项目想读取.net core项目保存的身份验证信息应该怎么做?
要让两个项目都接受同一个Identity至少需要三个条件:
CookieName必须相同。
Cookie的作用域名必须相同。
两个项目的Cookie认证必须使用同一个Ticket。
首先我们对.net core的Cookie认证添加domain属性和ticket属性
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\keyPath\")); var dataProtector = protectionProvider.CreateProtector("MyCookieAuthentication"); var ticketFormat = new TicketDataFormat(dataProtector); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "test", CookieName = "MyCookie", CookieDomain = "localhost", TicketDataFormat = ticketFormat }); }
此时我们在.net core 项目中执行用户登录,程序会在我们指定的目录下生成key.xml
我们打开文件看看程序帮我们记录了那些信息
<?xml version="1.0" encoding="utf-8"?> <key version="1"> <creationDate>2016-12-04T08:27:27.8435415Z</creationDate> <activationDate>2016-12-04T08:27:27.8214603Z</activationDate> <expirationDate>2017-03-04T08:27:27.8214603Z</expirationDate> <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60"> <descriptor> <encryption algorithm="AES_256_CBC" /> <validation algorithm="HMACSHA256" /> <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection"> <value>yHdMEYlEBzcwpx0bRZVIbcGJ45/GqRwFjMfq8PJ+k7ZWsNMic0EMBgP33FOq9MFKX0XE/a1plhDizbb92ErQYw==</value> </masterKey> </descriptor> </descriptor> </key>
ok,接下来我们开始配置.net framework项目,同样,在Startup.cs中配置Cookie认证的相关属性。
public partial class Startup { public void Configuration(IAppBuilder app) { var protectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\keyPath\")); var dataProtector = protectionProvider.CreateProtector("MyCookieAuthentication"); var ticketFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "test", CookieName = "MyCookie", CookieDomain = "localhost", TicketDataFormat = ticketFormat }); } }
view