详解ASP.NET Core和ASP.NET Framework共享身份验证(2)

<!DOCTYPE html> <html> <head> <title>.net framewor欢迎您-@User.Identity.Name</title> </head> <body> @if (User.Identity.IsAuthenticated) { <p>.net framework登录成功!</p> } </body> </html>

写法和.net core 基本上是一致的，我们来看下能否成功获取用户名：

反之在.net framework中登录在.net core中获取身份验证信息的方法是一样的，这里就不重复写了。

然而，到此为止事情就圆满解决了吗？很遗憾，麻烦才刚刚开始！

--------------------------------------------------------------------------------

2、第二篇章

如果你的子项目不多，也不复杂的情况下，新增一个.net core 站点，然后适当修改以前的.net framework站点，上述实例确实能够满足需求。可是如果你的子站点足够多，或者项目太过复杂，牵扯到的业务过于庞大或重要，这种情况下我们通常是不愿意动老项目的。或者说我们没有办法将所有的项目都进行更改，然后和新增的.net core站点同时上线，如果这么做了，那么更新周期会拉的很长不说，测试和更新之后的维护阶段压力都会很大。所以我们必须要寻找到一种方案，让.net core的身份验证机制完全迎合.net framwork。

因为.net framework 的cookie是对称加密，而.net core是非对称加密，所以要在.net core中动手的话必须要对.net core 默认的加密和解密操作进行拦截，如果可行的话最好的方案应该是将.net framework的FormsAuthentication类移植到.net core中。但是用reflector看了下，牵扯到的代码太多，剪不断理还乱，github上也没找到其源码，瞎忙活了一阵之后终于感慨：臣妾做不到（>﹏< ）。

Cookie认证的相关属性

app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "test", CookieName = "MyCookie", CookieDomain = "localhost", TicketDataFormat = new FormsAuthTicketDataFormat("") });

FormsAuthTicketDataFormat

public class FormsAuthTicketDataFormat : ISecureDataFormat<AuthenticationTicket> { private string _authenticationScheme; public FormsAuthTicketDataFormat(string authenticationScheme) { _authenticationScheme = authenticationScheme; } public AuthenticationTicket Unprotect(string protectedText, string purpose) { var formsAuthTicket = GetFormsAuthTicket(protectedText); var name = formsAuthTicket.Name; DateTime issueDate = formsAuthTicket.IssueDate; DateTime expiration = formsAuthTicket.Expiration; var claimsIdentity = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, name) }, "Basic"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var authProperties = new Microsoft.AspNetCore.Http.Authentication.AuthenticationProperties { IssuedUtc = issueDate, ExpiresUtc = expiration }; var ticket = new AuthenticationTicket(claimsPrincipal, authProperties, _authenticationScheme); return ticket; } FormsAuthTicket GetFormsAuthTicket(string cookie) { return DecryptCookie(cookie).Result; } async Task<FormsAuthTicket> DecryptCookie(string cookie) { HttpClient _httpClient = new HttpClient(); var response = await _httpClient.GetAsync("http://192.168.190.134/user/getMyTicket?cookie={cookie}"); response.EnsureSuccessStatusCode(); return await response.Content.ReadAsAsync<FormsAuthTicket>(); } }

FormsAuthTicket

public class FormsAuthTicket { public DateTime Expiration { get; set; } public DateTime IssueDate { get; set; } public string Name { get; set; } }

以上实现了对cookie的解密拦截，然后通过webapi从.net framework获取ticket

[Route("getMyTicket")] public IHttpActionResult GetMyTicket(string cookie) { var formsAuthTicket = FormsAuthentication.Decrypt(cookie); return Ok(new { formsAuthTicket.Name, formsAuthTicket.IssueDate, formsAuthTicket.Expiration }); }

有了webapi这条线，解密解决了，加密就更简单了，通过webapi获取加密后的cookie，.net core要做的只有一步，保存cookie就行了

[HttpPost] public async Task<IActionResult> Login(string name) { HttpClient _httpClient = new HttpClient(); var response = await _httpClient.GetAsync($"http://192.168.190.134/user/getMyCookie?name={name}"); response.EnsureSuccessStatusCode(); string cookieValue = (await response.Content.ReadAsStringAsync()).Trim('\"'); CookieOptions options = new CookieOptions(); options.Expires = DateTime.MaxValue; HttpContext.Response.Cookies.Append("MyCookie", cookieValue, options); return RedirectToAction("Index"); }

webapi获取cookie

[Route("getMyCookie")] public string GetMyCookie(string name) { FormsAuthentication.SetAuthCookie(name, false); return FormsAuthentication.GetAuthCookie(name, false).Value; }

其余代码不用做任何更改，ok，我们来测试一下