[英]ASP.NET Core. How can i create an auth cookie without an identity user account?
My app creates an Guid
Event token我的应用程序创建了一个
Guid
Event 令牌
The customer visits the url of the event like so.客户访问事件的url是这样的。 https://example.com/event/a3b2e538-e87c-4444-a655-5171f263ac70
https://example.com/event/a3b2e538-e87c-4444-a655-5171f263ac70
The customer is then redirected to a login form to provide the event password.然后将客户重定向到登录表单以提供活动密码。
If the password maches the event token customer will be able to see the event.如果密码匹配事件令牌,客户将能够看到该事件。 Can i acomblish this without an Identity user account?
我可以在没有身份用户帐户的情况下完成这个吗? (I do not wish to follow the classical user identity login approach, in this case).
(在这种情况下,我不希望遵循经典的用户身份登录方法)。
Maybe something like creating an auth cookie and use it, in the upcoming requests.也许在即将到来的请求中创建一个 auth cookie 并使用它。
[HttpPost]
[Route("validate/{code}")]
public IActionResult Cookie(string code)
{
var user = true; //Validate event token against event password supplied by user
if (user == true)
{
var ident = _userManager.CreateAuthCookie(user, DefaultAuthenticationTypes.ApplicationCookie);
HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = false }, ident);
return Redirect("Wherever");
}
ModelState.AddModelError("", "Invalid login attempt");
return View();
}
I guess, I understand your point.我想,我理解你的意思。 You want to create a custom Owin Authentication Framework.
您想要创建自定义 Owin 身份验证框架。 The same thing can be achieved using JWT token.
使用 JWT 令牌可以实现同样的事情。 It has advantages over OWIN Authentication.
它比 OWIN 身份验证具有优势。
But if you want to design something like this using OWIN, Please take care of these:但是如果你想使用 OWIN 设计这样的东西,请注意这些:
Now, when you get the call to your API end point, you can decode that token, validate and then extract that someID, and make a call to your DB to understand, if the user is valid.现在,当您收到对 API 端点的调用时,您可以解码该令牌、验证然后提取该 someID,然后调用您的数据库以了解用户是否有效。
Important: Encoding and decoding algorithm plays a very important role here.重要:编码和解码算法在这里起着非常重要的作用。 So, your encoding and decoding token should not be exposed anywhere.
因此,您的编码和解码令牌不应暴露在任何地方。
If he is a valid user, then create a claimsIdentity object.如果他是有效用户,则创建 claimsIdentity object。
ClaimsIdentity identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identity.FindFirst("sub").Value));
identity.AddClaim(new Claim("Name", <<add your claims like this>>));
identity = new ClaimsIdentity(identity.Claims, "ApplicationCookie");
AuthenticationProperties properties = new AuthenticationProperties();
AuthenticationManager.SignIn(properties, identity);
Setup Authentication class object in your controller or to a seperate file:在您的 controller 或单独的文件中设置身份验证 class object:
using Microsoft.Owin.Security;
private IAuthenticationManager authenticationManager;
public IAuthenticationManager AuthenticationManager
{
get
{
if (authenticationManager == null)
authenticationManager = HttpContext.GetOwinContext().Authentication;
return authenticationManager;
}
set { authenticationManager = value; }
}
You should also have OWIN layer configured in the middlelayer.您还应该在中间层配置 OWIN 层。 You can configure OWIN middle layer based on.Net framework or.Net Core
可以基于.Net framework或者.Net Core配置OWIN中间层
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.