为什么Asp.Net核心认证方案是强制性的
[英]Why is Asp.Net Core Authentication Scheme mandatory
问题描述
I'm quite frustrated about the fact that an authentication scheme appears to be mandatory in Asp.Net Core. 
我非常沮丧的是,在Asp.Net Core中,身份验证方案似乎是强制性的。 My objective is to build an API and I don't want to know anything about the client. 我的目标是构建一个API,我不想知道客户端的任何信息。 I've built custom authentication and authorization, which works fine. 我已经建立了自定义身份验证和授权,工作正常。 I'm not using identity or cookies. 我没有使用身份或cookie。 However, I can't return a 403 Forbid result without a valid authentication scheme, otherwise I get the following exception... 但是,如果没有有效的身份验证方案,我无法返回403 Forbid结果,否则我会收到以下异常...
System.InvalidOperationException: No authentication handler is configured to handle the scheme: Automatic
My question is, can I configure MVC to not use an authentication scheme or create an authentication scheme without the reliance on a login path or any path for that matter? 我的问题是,我是否可以将MVC配置为不使用身份验证方案或创建身份验证方案而不依赖于登录路径或任何路径?
1 个解决方案
解决方案1
2 已采纳 2016-10-01 17:39:17
After poring over the Asp.net Core security source code, I've managed to create a custom authentication handler. 在仔细阅读Asp.net Core安全源代码之后,我设法创建了一个自定义身份验证处理程序。 To do this you need to implement 3 classes. 为此,您需要实现3个类。
The first class implements an abstract AuthenticationOptions. 第一个类实现抽象AuthenticationOptions。
public class AwesomeAuthenticationOptions : AuthenticationOptions {
public AwesomeAuthenticationOptions() {
AuthenticationScheme = "AwesomeAuthentication";
AutomaticAuthenticate = false;
}
}
The second class implements an abstract AuthenticationHandler. 第二个类实现了一个抽象的AuthenticationHandler。
public class AwesomeAuthentication : AuthenticationHandler<AwesomeAuthenticationOptions>
{
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var prop = new AuthenticationProperties();
var ticket = new AuthenticationTicket(Context.User, prop, "AwesomeAuthentication");
//this is where you setup the ClaimsPrincipal
//if auth fails, return AuthenticateResult.Fail("reason for failure");
return await Task.Run(() => AuthenticateResult.Success(ticket));
}
}
The third class implements an abstract AuthenticationMiddleware. 第三个类实现了一个抽象的AuthenticationMiddleware。
public class AwesomeAuthenticationMiddleware : AuthenticationMiddleware<AwesomeAuthenticationOptions>
{
public AwesomeAuthenticationMiddleware(RequestDelegate next,
IOptions<AwesomeAuthenticationOptions> options,
ILoggerFactory loggerFactory,
UrlEncoder urlEncoder) : base(next, options, loggerFactory, urlEncoder) {
}
protected override AuthenticationHandler<AwesomeAuthenticationOptions> CreateHandler()
{
return new AwesomeAuthentication();
}
}
Finally, you use the middleware component in the Startup.cs Configure method. 最后,使用Startup.cs Configure方法中的中间件组件。
app.UseMiddleware<AwesomeAuthenticationMiddleware>();
Now you can build your own Authentication Schemes. 现在,您可以构建自己的身份验证方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.