在 ASP.NET Core 2.0 中对针对Cookie的配置集中放到CookieBuilder类型当中,相比之前更加清晰:
public class CookieBuilder : object { public virtual string Name { get; set; } public virtual string Path { get; set; } public virtual string Domain { get; set; } public virtual bool HttpOnly { get; set; } public virtual SameSiteMode SameSite { get; set; } public virtual CookieSecurePolicy SecurePolicy { get; set; } public virtual TimeSpan? Expiration { get; set; } public virtual TimeSpan? MaxAge { get; set; } public CookieOptions Build(HttpContext context); }都是一些针对Cookie配置的标准用法,无需多说。
CookieAuthenticationEventsCookieAuthenticationEvents为我们提供了在Cookie认证的各个阶段(如,登录前后,退出前后,重定向等)注册事件的机会,以便我们拦截一些默认行为,来自定义处理逻辑。
public class CookieAuthenticationEvents { public virtual Task ValidatePrincipal(CookieValidatePrincipalContext context) => OnValidatePrincipal(context); public virtual Task SigningIn(CookieSigningInContext context) => OnSigningIn(context); public virtual Task SignedIn(CookieSignedInContext context) => OnSignedIn(context); public virtual Task SigningOut(CookieSigningOutContext context) => OnSigningOut(context); public virtual Task RedirectToLogout(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToLogout(context); public virtual Task RedirectToLogin(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToLogin(context); public virtual Task RedirectToReturnUrl(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToReturnUrl(context); public virtual Task RedirectToAccessDenied(RedirectContext<CookieAuthenticationOptions> context) => OnRedirectToAccessDenied(context); }每一个事件都有它的默认实现,这里就不再多说,我们可以根据实际情况进行注册。
CookieAuthenticationHandlerCookieAuthenticationHandler便是Cookie认证的具体实现:
public class CookieAuthenticationHandler : AuthenticationHandler<CookieAuthenticationOptions>, IAuthenticationSignInHandler, IAuthenticationSignOutHandler { ... protected override async Task<AuthenticateResult> HandleAuthenticateAsync() { var result = await EnsureCookieTicket(); if (!result.Succeeded) { return result; } var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket); // 执行前而介绍的服务端验证 await Events.ValidatePrincipal(context); if (context.ShouldRenew) { // 重新生成Cookie RequestRefresh(result.Ticket); } return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name)); } public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) { ... var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.Scheme.Name); .... var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding()); Options.CookieManager.AppendResponseCookie(Context, Options.Cookie.Name, cookieValue, signInContext.CookieOptions); var signedInContext = new CookieSignedInContext(Context, Scheme, signInContext.Principal, signInContext.Properties, Options); await Events.SignedIn(signedInContext); var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath; await ApplyHeaders(shouldRedirect, signedInContext.Properties); Logger.SignedIn(Scheme.Name); } }