简体繁体 English

在 ASP.NET Core MVC 中实现身份验证时是否应该使用“IdentityUser”

[英]Should I use 'IdentityUser' when I implement an authentication in ASP.NET Core MVC

原文 2021-05-14 02:41:49 3 2 c#/ asp.net/ sql-server/ entity-framework/ asp.net-core

I was working on implementing username and password authentication.我正在努力实现用户名和密码身份验证。

We didn't use any authentication templates.我们没有使用任何身份验证模板。

And I thought IdentityUser has a lot of columnn.而且我认为IdentityUser有很多专栏。

Username, password, nickname are enough columns for us.用户名、密码、昵称对我们来说已经足够了。

Old Method.旧方法。 Login API has logged user information in session.登录 API 已在 session 中记录了用户信息。

And other controllers use it.其他控制器使用它。

But I'm not sure It's right way or not in .NET Core Web dev.但我不确定它在 .NET Core Web 开发中是否正确。

Should I use IdentityUser ?我应该使用IdentityUser吗？ or Was that method I implemented okay?或者我实施的那个方法好吗？

2 个解决方案

I have been developing in.Net for nearly 20 years and I still ask my self the same question.我已经在.Net 中开发了近 20 年，但我仍然问自己同样的问题。 There is always the "latest and greatest" being hyped by Microsoft and other talking heads and honestly, 99% of the time what is being pushed as the "right" and "correct" thing to do is no longer "right and correct" after a few years pass.总是有“最新和最伟大的”被微软和其他说话的人大肆宣传，老实说，99% 的时间被推动为“正确”和“正确”的事情在之后不再是“正确和正确”几年过去了。

If you asking about how you should do it in ".net core" then using the IdentityUser interface is the way to go because WHEN (not if but WHEN) Microsoft decides to scrap .NET Core (everyone can pounce on me all they want) for backward compatibility purposes they will "LIKELY" continue use of the interface.如果您询问应该如何在“.net core”中执行此操作，那么使用IdentityUser界面是通往 go 的方法，因为何时（不是如果，而是何时）微软决定废弃 .NET Core（每个人都可以随心所欲地扑向我）出于向后兼容的目的，他们将“LIKELY”继续使用该接口。

However, Even if they do it might be 1 or 3 or 5 years until Microsoft says, NOPE.但是，即使他们这样做，也可能需要 1 年或 3 年或 5 年，直到微软说，NOPE。 That's legacy you need to redo it.这是你需要重做的遗产。

So my answer is, without knowing all the facts, is if you have a custom implementation that suites your needs then stick with it.所以我的回答是，在不了解所有事实的情况下，如果您有一个适合您需求的自定义实现，那么请坚持下去。 You aren't going to forced to change it in a few years because Microsoft decided the latest hottest open fad is the way everyone should be doing thing.你不会在几年内被迫改变它，因为微软认为最新最热门的开放时尚是每个人都应该做的事情。

I thought IdentityUser has a lot of columnn.我认为 IdentityUser 有很多专栏。 Username, password, nickname are enough columns for us.用户名、密码、昵称对我们来说已经足够了。

Please note that the most of properties of IdentityUser in ASP.NET Core Identity system are required for user management.请注意 ASP.NET Core Identity 系统中IdentityUser的大部分属性是用户管理所必需的。

I was working on implementing username and password authentication.我正在努力实现用户名和密码身份验证。

If you just want to implement and integrate simple authentication and authorization mechanism in your ASP.NET Core MVC app, you can try to implement and use cookie authentication without ASP.NET Core Identity.如果您只想在 ASP.NET Core MVC 应用程序中实现和集成简单的身份验证和授权机制，您可以尝试在没有 ASP.NET Core Identity 的情况下实现和使用 cookie 身份验证。

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-5.0 https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-5.0