asp.netcore的认证和授权

在asp.net core中，微软提供了基于认证（Authentication）和授权（Authorization）的方式，来实现权限管理的，本篇博文，介绍基于固定角色的权限管理和自定义角色权限管理，本文内容，更适合传统行业的BS应用，而非互联网应用。

成都创新互联公司公司2013年成立，先为淳安等服务建站，淳安等地企业，进行企业商务咨询服务。为淳安企业网站制作PC+手机+微官网三网同步一站式服务解决您的所有建站问题。

在asp.net core中，我们认证（Authentication）通常是在Login的Post Action中进行用户名或密码来验证用户是否正确，如果通过验证，即该用户就会获得一个或几个特定的角色，通过ClaimTypes.Role来存储角色，从而当一个请求到达时，用这个角色和Controller或Action上加的特性 [Authorize(Roles = "admin,system")]来授权是否有权访问该Action。本文中的自定义角色，会把验证放在中间件中进行处理。

固定角色：

即把角色与具体的Controller或Action直接关联起来，整个系统中的角色是固定的，每种角色可以访问那些Controller或Action也是固定的，这做法比较适合小型项目，角色分工非常明确的项目。

项目代码：

https://github.com/axzxs2001/Asp.NetCoreExperiment/tree/master/Asp.NetCoreExperiment/%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86/RolePrivilegeManagement

始于startup.cs

需要在ConfigureServices中注入Cookie的相关信息，options是CookieAuthenticationOptions，关于这个类型提供如下属性，可参考：https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x

它提供了登录的一些信息，或登录生成Cookie的一些信息，用以后

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;

namespace RolePrivilegeManagement
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }


        public void ConfigureServices(IServiceCollection services)
        {        
            services.AddMvc();
            //添加认证Cookie信息
            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
             .AddCookie(options =>
             {
                 options.LoginPath = new PathString("/login");
                 options.AccessDeniedPath = new PathString("/denied");
             });
        }

        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }
            app.UseStaticFiles();
            //验证中间件
            app.UseAuthentication();
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

HomeController.cs

对于Login Get的Action，把returnUrl用户想要访问的地址（有可能用户记录下想要访问的url了，但系统会转到登录页，登录成功后直接跳转到想要访问的returnUrl页）

对于Login Post的Action，验证用户密和密码，成功能，定义一个ClaimsIdentity，把用户名和角色，和用户姓名的声明都添回进来（这个角色，就是用来验证可访问action的角色）作来该用户标识，接下来调用HttpContext.SignInAsync进行登录，注意此方法的第一个参数，必需与StartUp.cs中services.AddAuthentication的参数相同，AddAuthentication是设置登录，SigninAsync是按设置参数进行登录

对于Logout Get的Action，是退出登录

HomeController上的[Authorize(Roles=”admin,system”)]角色和权限的关系时，所有Action只有admin和system两个角色能访问到，About上的[Authorize(Roles=”admin”)]声明这个action只能admin角色访问，Contact上的[Authorize(Roles=”system”)]声明这个action只能system角色访问，如果action上声明的是[AllowAnomymous]，说明不受授权管理，可以直接访问。

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using RolePrivilegeManagement.Models;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;

namespace RolePrivilegeManagement.Controllers
{
    [Authorize(Roles = "admin,system")]
    public class HomeController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
        [Authorize(Roles = "admin")]
        public IActionResult About()
        {
            ViewData["Message"] = "Your application description page.";
            return View();
        }
        [Authorize(Roles = "system")]
        public IActionResult Contact()
        {
            ViewData["Message"] = "Your contact page.";
            return View();
        }
        public IActionResult Error()
        {
            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
        }
        [AllowAnonymous]
        [HttpGet("login")]
        public IActionResult Login(string returnUrl = null)
        {
            TempData["returnUrl"] = returnUrl;
            return View();
        }
        [AllowAnonymous]
        [HttpPost("login")]
        public async Task Login(string userName, string password, string returnUrl = null)
        {
            var list = new List {
                new { UserName = "gsw", Password = "111111", Role = "admin",Name="桂素伟" },
                new { UserName = "aaa", Password = "222222", Role = "system",Name="测试A" }
            };
            var user = list.SingleOrDefault(s => s.UserName == userName && s.Password == password);
            if (user!=null)
            {
                //用户标识
                var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
                identity.AddClaim(new Claim(ClaimTypes.Sid, userName));
                identity.AddClaim(new Claim(ClaimTypes.Name, user.Name));
                identity.AddClaim(new Claim(ClaimTypes.Role, user.Role));

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
                if (returnUrl == null)
                {
                    returnUrl = TempData["returnUrl"]?.ToString();
                }
                if (returnUrl != null)
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction(nameof(HomeController.Index), "Home");
                }
            }
            else
            {
                const string badUserNameOrPasswordMessage = "用户名或密码错误！";
                return BadRequest(badUserNameOrPasswordMessage);
            }
        }
        [HttpGet("logout")]
        public async Task Logout()
        {
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            return RedirectToAction("Index", "Home");
        }
        [AllowAnonymous]
        [HttpGet("denied")]
        public IActionResult Denied()
        {
            return View();
        }
    }
}

前端_Layout.cshtml布局页，在登录成功后的任何页面都可以用@User.Identity.Name就可以获取用户姓名，同时用@User.Claims.SingleOrDefault(s=>s.Type==System.Security.Claims.ClaimTypes.Sid).Value可以获取用户名或角色。




    
    
    @ViewData["Title"] - RolePrivilegeManagement

    
        
        
    
    
        
        
    
    


    
        
            
                
                    Toggle navigation
                    
                    
                    
                
                RolePrivilegeManagement

Home

About

Contact

当前用户：@User.Identity.Name

注销

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Http; using PrivilegeManagement.Middleware; namespace PrivilegeManagement { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { options.LoginPath = new PathString("/login"); options.AccessDeniedPath = new PathString("/denied"); } ); services.AddMvc(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); //验证中间件 app.UseAuthentication(); ////添加权限中间件, 一定要放在app.UseAuthentication后 app.UsePermission(new PermissionMiddlewareOption() { LoginAction = @"/login", NoPermissionAction = @"/denied", //这个集合从数据库中查出所有用户的全部权限 UserPerssions = new List() { new UserPermission { Url="/", UserName="gsw"}, new UserPermission { Url="/home/contact", UserName="gsw"}, new UserPermission { Url="/home/about", UserName="aaa"}, new UserPermission { Url="/", UserName="aaa"} } }); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } } }

using Microsoft.AspNetCore.Http; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Reflection; using System.Security.Claims; using System.Threading.Tasks; namespace PrivilegeManagement.Middleware { ///

/// 权限中间件 ///

public class PermissionMiddleware { ///

/// 管道代理对象 ///

private readonly RequestDelegate _next; ///

/// 权限中间件的配置选项 ///

private readonly PermissionMiddlewareOption _option; ///

/// 用户权限集合 ///

internal static List _userPermissions; ///

/// 权限中间件构造 ///

/// 管道代理对象 /// 权限仓储对象 /// 权限中间件配置选项 public PermissionMiddleware(RequestDelegate next, PermissionMiddlewareOption option) { _option = option; _next = next; _userPermissions = option.UserPerssions; } ///

/// 调用管道 ///

/// 请求上下文 /// public Task Invoke(HttpContext context) { //请求Url var questUrl = context.Request.Path.Value.ToLower(); //是否经过验证 var isAuthenticated = context.User.Identity.IsAuthenticated; if (isAuthenticated) { if (_userPermissions.GroupBy(g=>g.Url).Where(w => w.Key.ToLower() == questUrl).Count() > 0) { //用户名 var userName = context.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Sid).Value; if (_userPermissions.Where(w => w.UserName == userName&&w.Url.ToLower()==questUrl).Count() > 0) { return this._next(context); } else { //无权限跳转到拒绝页面 context.Response.Redirect(_option.NoPermissionAction); } } } return this._next(context); } } }

using Microsoft.AspNetCore.Builder; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace PrivilegeManagement.Middleware { ///

/// 扩展权限中间件 ///

public static class PermissionMiddlewareExtensions { ///

/// 引入权限中间件 ///

/// 扩展类型 /// 权限中间件配置选项 /// public static IApplicationBuilder UsePermission( this IApplicationBuilder builder, PermissionMiddlewareOption option) { return builder.UseMiddleware(option); } } }

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace PrivilegeManagement.Middleware { ///

/// 权限中间件选项 ///

public class PermissionMiddlewareOption { ///

/// 登录action ///

public string LoginAction { get; set; } ///

/// 无权限导航action ///

public string NoPermissionAction { get; set; } ///

/// 用户权限集合 ///

public List UserPerssions { get; set; } = new List(); } }

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace PrivilegeManagement.Middleware { ///

/// 用户权限 ///

public class UserPermission { ///

/// 用户名 ///

public string UserName { get; set; } ///

/// 请求Url ///

public string Url { get; set; } } }

using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace PrivilegeManagement.Controllers { [Authorize] public class BaseController:Controller { } }

using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Mvc; using PrivilegeManagement.Models; using Microsoft.AspNetCore.Authorization; using System.Security.Claims; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication; namespace PrivilegeManagement.Controllers { public class HomeController : BaseController { public IActionResult Index() { return View(); } public IActionResult About() { ViewData["Message"] = "Your application description page."; return View(); } public IActionResult Contact() { ViewData["Message"] = "Your contact page."; return View(); } public IActionResult Error() { return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); } [AllowAnonymous] [HttpGet("login")] public IActionResult Login(string returnUrl = null) { TempData["returnUrl"] = returnUrl; return View(); } [AllowAnonymous] [HttpPost("login")] public async Task Login(string userName,string password, string returnUrl = null) { var list = new List { new { UserName = "gsw", Password = "111111", Role = "admin",Name="桂素伟" }, new { UserName = "aaa", Password = "222222", Role = "system",Name="测试A" } }; var user = list.SingleOrDefault(s => s.UserName == userName && s.Password == password); if (user != null) { //用户标识 var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme); identity.AddClaim(new Claim(ClaimTypes.Sid, userName)); identity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); identity.AddClaim(new Claim(ClaimTypes.Role, user.Role)); await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); if (returnUrl == null) { returnUrl = TempData["returnUrl"]?.ToString(); } if (returnUrl != null) { return Redirect(returnUrl); } else { return RedirectToAction(nameof(HomeController.Index), "Home"); } } else { const string badUserNameOrPasswordMessage = "用户名或密码错误！"; return BadRequest(badUserNameOrPasswordMessage); } } [HttpGet("logout")] public async Task Logout() { await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return RedirectToAction("Index", "Home"); } [HttpGet("denied")] public IActionResult Denied() { return View(); } } }

定制建站费用3500元

品牌网站建设费用6000元

商城网站建设费用8000元

手机微信网站建站3000元

建站知识

asp.netcore的认证和授权

其他资讯