认证authentication,基于声明式认证
基于HttpContext的认证的扩展,SignIn、SignOut、Authenticate 、Challenge、 Forbid 、 GetTocken,调用AuthenticationService同名方法执行
在aspnetcore的http下authentication.abstrations与authentication.core对关键抽象进行描述,Security下则是Authentication则是具体的实现
服务注入 AddAuthentication,最重要三个对象AuthenticationService、 AuthenticationHandlerProvider、AuthenticationSchemeProvider三个重要对象
services.AddAuthenticationCore(); services.AddDataProtection(); services.AddWebEncoders(); services.TryAddSingleton(); return new AuthenticationBuilder(services); public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, string defaultScheme) => services.AddAuthentication(o => o.DefaultScheme = defaultScheme); public static AuthenticationBuilder AddAuthentication(this IServiceCollection services, Action configureOptions) services.Configure(configureOptions);
通过AddAuthentication返回的AuthenticationBuilder 通过AddJwtBearer(或者AddCookie)来指定Scheme类型和需要验证的参数
在Startup类中的Configure方法通过添加UseAuthentication注册认证中间件(AuthenticationMiddleware),在认证过程中,通过AuthenticationSchemeProvider获取正确的Scheme,在AuthenticationService中通过Scheme和AuthenticationHandlerProvider获取正确的AuthenticationHandler,最后通过对应的AuthenticationHandler的AuthenticateAsync方法进行认证流程
1、AuthenticationOption
scheme:有cookie, bearer, oauth, openid等等,保存着IList
DefaultScheme、DefaultAuthenticateScheme、DefaultSignInScheme、DefaultSignOutScheme、DefaultChallengeScheme、DefaultForbidScheme??
什么时候赋值??schememap对应是哪个AuthenticationSchemeBuilder,即使用哪个IAuthenticationHandle(方法有InitializeAsync、AuthenticateAsync、ChallengeAsync、ForbidAsync,Signin SignOut方法单独出来)处理
public interface IAuthenticationRequestHandler : IAuthenticationHandler { ////// Returns true if request processing should stop. /// /// if request processing should stop. Task<bool> HandleRequestAsync(); } /// /// Used to determine if a handler supports SignIn. /// public interface IAuthenticationSignInHandler : IAuthenticationSignOutHandler { /// /// Handle sign in. /// /// The user. /// The that contains the extra meta-data arriving with the authentication. /// A task. Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties); } public interface IAuthenticationSignOutHandler : IAuthenticationHandler { /// /// Signout behavior. /// /// The that contains the extra meta-data arriving with the authentication. /// A task. Task SignOutAsync(AuthenticationProperties properties); }
它的通用方法是AddScheme(),即增加到IList