[英]Using multiple authentication schemes in ASP.NET Core
我使用ASP.NET Core開發了Web API,我需要能夠為同一服務使用Basic和Bearer身份驗證方案。 由於某種原因,它不起作用:它總是將呼叫視為持有者。 這是我的代碼:
這是我在控制器中的屬性:
[Authorize(ActiveAuthenticationSchemes = "Basic,Bearer")]
[ResponseCache(NoStore = true, Duration = 0, VaryByHeader = "Authorization")]
這是我的startup.cs:
這部分是基本的auth:
app.UseBasicAuthentication(new BasicAuthenticationOptions
{
AutomaticAuthenticate = false,
AutomaticChallenge = false,
Realm = "test",
Events = new BasicAuthenticationEvents
{
OnValidateCredentials = context =>
{
if (svc.IsValidCredential(context.Username, context.Password))
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, context.Username),
new Claim(ClaimTypes.Name, context.Username)
};
context.Ticket = new AuthenticationTicket(
new ClaimsPrincipal(
new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
}
return Task.FromResult<object>(null);
}
}
});
這段代碼用於承載認證:
app.UseAPIKeyAuthentication(new BearerApiKeyOptions
{
AuthenticationScheme = BearerApiKeySchema,
AutomaticAuthenticate = false
});
您可以從官方Microsoft GitHub中查看此內容以供參考。
我的用例略有不同,我需要結合使用Cookie和Windows身份驗證。 您需要使用PolicyBuilder來強制執行“require authentication”部分。
在ConfigureServices方法上:
// add additional authorisation for cookie
services.AddAuthorization(options =>
{
options.AddPolicy("CookiePolicy", policy =>
{
policy.AddAuthenticationSchemes("NTLM", "MyCookie"); // order does matter. The last scheme specified here WILL become the default Identity when accessed from User.Identity
policy.RequireAuthenticatedUser();
});
});
在配置方法上:
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = "MyCookie",
LoginPath = new PathString("/Account/Login/"),
AccessDeniedPath = new PathString("/Account/AccessDenied/"),
AutomaticAuthenticate = false, // this will be handled by the authorisation policy
AutomaticChallenge = false // this will be handled by the authorisation policy
});
在控制器上:
[Authorize("CookiePolicy")] // will check policy with the required authentication scheme (cookie in this case)
public IActionResult AuthorisedPageCookie()
{
return View();
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.