![\"alt](\"\/images\/aspnetcoreinaction\/2301.png\")
<\/p>\nPart 4 Securing and deploying your applications
\n\u7b2c 4 \u90e8\u5206\uff1a\u4fdd\u62a4\u548c\u90e8\u7f72\u5e94\u7528\u7a0b\u5e8f<\/p>\n
So far in the book you\u2019ve learned how to use minimal APIs,Razor Pages, and Model-View-Controller (MVC) controllers to build both server-rendered applications and APIs. You know how to dynamically generate JavaScript Object Notation (JSON) and HTML code based on incoming requests, and how to use configuration and dependency injection to customize your app\u2019s behavior at runtime. In part 4 you\u2019ll learn how to add users and profiles to your app and how to publish and secure your apps.
\n\u5230\u76ee\u524d\u4e3a\u6b62\uff0c\u5728\u672c\u4e66\u4e2d\uff0c\u60a8\u5df2\u7ecf\u5b66\u4e60\u4e86\u5982\u4f55\u4f7f\u7528\u6700\u5c11\u7684 API\u3001Razor Pages \u548c\u6a21\u578b-\u89c6\u56fe-\u63a7\u5236\u5668 \uff08MVC\uff09 \u63a7\u5236\u5668\u6765\u6784\u5efa\u670d\u52a1\u5668\u6e32\u67d3\u7684\u5e94\u7528\u7a0b\u5e8f\u548c API\u3002\u60a8\u77e5\u9053\u5982\u4f55\u6839\u636e\u4f20\u5165\u8bf7\u6c42\u52a8\u6001\u751f\u6210 JavaScript \u5bf9\u8c61\u8868\u793a\u6cd5 \uff08JSON\uff09 \u548c HTML \u4ee3\u7801\uff0c\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u914d\u7f6e\u548c\u4f9d\u8d56\u9879\u6ce8\u5165\u6765\u81ea\u5b9a\u4e49\u5e94\u7528\u7a0b\u5e8f\u5728\u8fd0\u884c\u65f6\u7684\u884c\u4e3a\u3002\u5728\u7b2c 4 \u90e8\u5206\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u5c06\u7528\u6237\u548c\u914d\u7f6e\u6587\u4ef6\u6dfb\u52a0\u5230\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u53ca\u5982\u4f55\u53d1\u5e03\u548c\u4fdd\u62a4\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n
In chapters 23 through 25 you\u2019ll learn how to protect your applications with authentication and authorization. In chapter 23 you\u2019ll see how you can add ASP.NET Core Identity to your apps so that users can log in and enjoy a customized experience. You\u2019ll learn how to protect your Razor Pages apps using authorization in chapter 24 so that only some users can access certain pages in your app. In chapter 25 you\u2019ll learn how to apply the same protections to your minimal API and web API applications.
\n\u5728\u7b2c 23 \u7ae0\u5230\u7b2c 25 \u7ae0\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u4f7f\u7528\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u4fdd\u62a4\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u7b2c 23 \u7ae0\u4e2d\uff0c\u60a8\u5c06\u4e86\u89e3\u5982\u4f55\u5c06 ASP.NET Core Identity \u6dfb\u52a0\u5230\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u767b\u5f55\u5e76\u4eab\u53d7\u81ea\u5b9a\u4e49\u4f53\u9a8c\u3002\u60a8\u5c06\u5728\u7b2c 24 \u7ae0\u4e2d\u4e86\u89e3\u5982\u4f55\u4f7f\u7528\u6388\u6743\u4fdd\u62a4 Razor Pages \u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u4fbf\u53ea\u6709\u90e8\u5206\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u67d0\u4e9b\u9875\u9762\u3002\u5728\u7b2c 25 \u7ae0\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u5c06\u76f8\u540c\u7684\u4fdd\u62a4\u5e94\u7528\u4e8e\u60a8\u7684\u6700\u5c0f API \u548c Web API \u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n
Adding logging to your application is one of those activities that\u2019s often left until after you discover a problem in production. Adding sensible logging from the get-go will help you quickly diagnose and fix errors as they arise. Chapter 26 introduces the logging framework built into ASP.NET Core. You\u2019ll see how you can use it to write log messages to a wide variety of locations, whether it\u2019s the console, a file, or a third-party remote-logging service.
\n\u5411\u5e94\u7528\u7a0b\u5e8f\u6dfb\u52a0\u65e5\u5fd7\u8bb0\u5f55\u662f\u901a\u5e38\u8981\u7b49\u5230\u60a8\u5728\u751f\u4ea7\u4e2d\u53d1\u73b0\u95ee\u9898\u540e\u624d\u8fdb\u884c\u7684\u6d3b\u52a8\u4e4b\u4e00\u3002\u4ece\u4e00\u5f00\u59cb\u5c31\u6dfb\u52a0\u5408\u7406\u7684\u65e5\u5fd7\u8bb0\u5f55\u5c06\u5e2e\u52a9\u60a8\u5feb\u901f\u8bca\u65ad\u548c\u4fee\u590d\u51fa\u73b0\u7684\u9519\u8bef\u3002\u7b2c 26 \u7ae0\u4ecb\u7ecd\u4e86 ASP.NET Core \u4e2d\u5185\u7f6e\u7684\u65e5\u5fd7\u8bb0\u5f55\u6846\u67b6\u3002\u60a8\u5c06\u4e86\u89e3\u5982\u4f55\u4f7f\u7528\u5b83\u5c06\u65e5\u5fd7\u6d88\u606f\u5199\u5165\u5404\u79cd\u4f4d\u7f6e\uff0c\u65e0\u8bba\u662f\u63a7\u5236\u53f0\u3001\u6587\u4ef6\u8fd8\u662f\u7b2c\u4e09\u65b9\u8fdc\u7a0b\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u3002<\/p>\n
By this point you\u2019ll have all the fundamentals to build a production application with ASP.NET Core. In chapter 27 I cover the steps required to make your app live, including how to publish an app to Internet Information Services (IIS) and how to configure the URLs your app listens on.
\n\u6b64\u65f6\uff0c\u60a8\u5c06\u62e5\u6709\u4f7f\u7528 ASP.NET Core \u6784\u5efa\u751f\u4ea7\u5e94\u7528\u7a0b\u5e8f\u7684\u6240\u6709\u57fa\u7840\u77e5\u8bc6\u3002\u5728\u7b2c 27 \u7ae0\u4e2d\uff0c\u6211\u5c06\u4ecb\u7ecd\u4f7f\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u4e0a\u7ebf\u6240\u9700\u7684\u6b65\u9aa4\uff0c\u5305\u62ec\u5982\u4f55\u5c06\u5e94\u7528\u7a0b\u5e8f\u53d1\u5e03\u5230 Internet Information Services \uff08IIS\uff09 \u4ee5\u53ca\u5982\u4f55\u914d\u7f6e\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u4fa6\u542c\u7684 URL\u3002<\/p>\n
Before you expose your application to the world, an important part of web development is securing your app correctly. Even if you don\u2019t feel you have any sensitive data in your application, you must make sure to protect your users from attacks by adhering to security best practices. You\u2019ll learn how to configure HTTPS for your application in chapter 28 and why this is a vital step for modern web development. Similarly, in chapter 29 I describe some common security vulnerabilities, how attackers can exploit them, and what you can do to protect your applications.
\n\u5728\u5411\u5168\u4e16\u754c\u516c\u5f00\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u4e4b\u524d\uff0cWeb \u5f00\u53d1\u7684\u4e00\u4e2a\u91cd\u8981\u90e8\u5206\u662f\u6b63\u786e\u4fdd\u62a4\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u5373\u4f7f\u60a8\u8ba4\u4e3a\u5e94\u7528\u7a0b\u5e8f\u4e2d\u6ca1\u6709\u4efb\u4f55\u654f\u611f\u6570\u636e\uff0c\u4e5f\u5fc5\u987b\u786e\u4fdd\u901a\u8fc7\u9075\u5b88\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u6765\u4fdd\u62a4\u60a8\u7684\u7528\u6237\u514d\u53d7\u653b\u51fb\u3002\u60a8\u5c06\u5728\u7b2c 28 \u7ae0\u4e2d\u5b66\u4e60\u5982\u4f55\u4e3a\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e HTTPS\uff0c\u4ee5\u53ca\u4e3a\u4ec0\u4e48\u8fd9\u662f\u73b0\u4ee3 Web \u5f00\u53d1\u7684\u5173\u952e\u6b65\u9aa4\u3002\u540c\u6837\uff0c\u5728\u7b2c 29 \u7ae0\u4e2d\uff0c\u6211\u63cf\u8ff0\u4e86\u4e00\u4e9b\u5e38\u89c1\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5982\u4f55\u5229\u7528\u5b83\u4eec\uff0c\u4ee5\u53ca\u60a8\u53ef\u4ee5\u91c7\u53d6\u54ea\u4e9b\u63aa\u65bd\u6765\u4fdd\u62a4\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n
23 Authentication: Adding users to your application with Identity
\n23 \u8eab\u4efd\u9a8c\u8bc1\uff1a\u4f7f\u7528 Identity \u5c06\u7528\u6237\u6dfb\u52a0\u5230\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f<\/p>\n
This chapter covers
\n\u672c\u7ae0\u4ecb\u7ecd<\/p>\n
\u2022 Seeing how authentication works in web apps in ASP.NET Core
\n\u4e86\u89e3\u8eab\u4efd\u9a8c\u8bc1\u5728 ASP.NET Core\u4e2d\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u5de5\u4f5c\u539f\u7406
\n\u2022 Creating a project using the ASP.NET Core Identity system
\n\u4f7f\u7528 ASP.NET Core Identity \u7cfb\u7edf\u521b\u5efa\u9879\u76ee
\n\u2022 Adding user functionality to an existing web app
\n\u5411\u73b0\u6709 Web \u5e94\u7528\u7a0b\u5e8f\u6dfb\u52a0\u7528\u6237\u529f\u80fd
\n\u2022 Customizing the default ASP.NET Core Identity UI
\n\u81ea\u5b9a\u4e49\u9ed8\u8ba4 ASP.NET Core Identity UI<\/p>\n
One of the selling points of a web framework like ASP.NET Core is the ability to provide a dynamic app, customized to individual users. Many apps have the concept of an \u201caccount\u201d with the service, which you can \u201csign in\u201d to and get a different experience.
\n\u50cf ASP.NET Core \u8fd9\u6837\u7684 Web \u6846\u67b6\u7684\u5356\u70b9\u4e4b\u4e00\u662f\u80fd\u591f\u63d0\u4f9b\u9488\u5bf9\u4e2a\u4eba\u7528\u6237\u5b9a\u5236\u7684\u52a8\u6001\u5e94\u7528\u7a0b\u5e8f\u3002\u8bb8\u591a\u5e94\u7528\u7a0b\u5e8f\u90fd\u5177\u6709\u8be5\u670d\u52a1\u7684\u201c\u5e10\u6237\u201d\u6982\u5ff5\uff0c\u60a8\u53ef\u4ee5\u201c\u767b\u5f55\u201d\u8be5\u5e10\u6237\u5e76\u83b7\u5f97\u4e0d\u540c\u7684\u4f53\u9a8c\u3002<\/p>\n
Depending on the service, an account gives you varying things. On some apps you may have to sign in to get access to additional features, and on others you might see suggested articles. On an e-commerce app, you\u2019d be able to place orders and view your past orders; on Stack Overflow you can post questions and answers; on a news site you might get a customized experience based on previous articles you\u2019ve viewed.
\n\u6839\u636e\u670d\u52a1\u7684\u4e0d\u540c\uff0c\u8d26\u6237\u4f1a\u4e3a\u60a8\u63d0\u4f9b\u4e0d\u540c\u7684\u5185\u5bb9\u3002\u5728\u67d0\u4e9b\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u60a8\u53ef\u80fd\u5fc5\u987b\u767b\u5f55\u624d\u80fd\u8bbf\u95ee\u5176\u4ed6\u529f\u80fd\uff0c\u800c\u5728\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u60a8\u53ef\u80fd\u4f1a\u770b\u5230\u63a8\u8350\u7684\u6587\u7ae0\u3002\u5728\u7535\u5b50\u5546\u52a1\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u60a8\u5c06\u80fd\u591f\u4e0b\u8ba2\u5355\u5e76\u67e5\u770b\u60a8\u8fc7\u53bb\u7684\u8ba2\u5355;\u5728 Stack Overflow \u4e0a\uff0c\u60a8\u53ef\u4ee5\u53d1\u5e03\u95ee\u9898\u548c\u7b54\u6848;\u5728\u65b0\u95fb\u7f51\u7ad9\u4e0a\uff0c\u60a8\u53ef\u80fd\u4f1a\u6839\u636e\u60a8\u4ee5\u524d\u67e5\u770b\u8fc7\u7684\u6587\u7ae0\u83b7\u5f97\u81ea\u5b9a\u4e49\u4f53\u9a8c\u3002<\/p>\n
When you think about adding users to your application, you typically have two aspects to consider:
\n\u5f53\u60a8\u8003\u8651\u5411\u5e94\u7528\u7a0b\u5e8f\u6dfb\u52a0\u7528\u6237\u65f6\uff0c\u901a\u5e38\u9700\u8981\u8003\u8651\u4e24\u4e2a\u65b9\u9762\uff1a<\/p>\n
\u2022 Authentication\u2014The process of creating users and letting them log in to your app
\n\u8eab\u4efd\u9a8c\u8bc1 - \u521b\u5efa\u7528\u6237\u5e76\u5141\u8bb8\u5176\u767b\u5f55\u5e94\u7528\u7a0b\u5e8f\u7684\u8fc7\u7a0b
\n\u2022 Authorization\u2014Customizing the experience and controlling what users can do, based on the current logged-in user
\n\u6388\u6743 - \u6839\u636e\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u81ea\u5b9a\u4e49\u4f53\u9a8c\u5e76\u63a7\u5236\u7528\u6237\u53ef\u4ee5\u6267\u884c\u7684\u4f5c<\/p>\n
In this chapter I\u2019m going to be discussing the first of these points, authentication and membership. In the next chapter I\u2019ll tackle the second point, authorization. In section 23.1 I discuss the difference between authentication and authorization, how authentication works in a traditional ASP.NET Core web app, and ways you can architect your system to provide sign-in functionality. I don\u2019t discuss API applications in detail in this chapter, though many of the authentication principles apply to both styles of app. I discuss API applications chapter 25.
\n\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u5c06\u8ba8\u8bba\u7b2c\u4e00\u70b9\uff0c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6210\u5458\u8d44\u683c\u3002\u5728\u4e0b\u4e00\u7ae0\u4e2d\uff0c\u6211\u5c06\u8ba8\u8bba\u7b2c\u4e8c\u70b9\uff0c\u6388\u6743\u3002\u5728\u7b2c 23.1 \u8282\u4e2d\uff0c\u6211\u5c06\u8ba8\u8bba\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u4e4b\u95f4\u7684\u533a\u522b\u3001\u8eab\u4efd\u9a8c\u8bc1\u5728\u4f20\u7edf ASP.NET Core Web \u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u5de5\u4f5c\u539f\u7406\uff0c\u4ee5\u53ca\u6784\u5efa\u7cfb\u7edf\u4ee5\u63d0\u4f9b\u767b\u5f55\u529f\u80fd\u7684\u65b9\u6cd5\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4e0d\u4f1a\u8be6\u7ec6\u8ba8\u8bba API \u5e94\u7528\u7a0b\u5e8f\uff0c\u5c3d\u7ba1\u8bb8\u591a\u8eab\u4efd\u9a8c\u8bc1\u539f\u5219\u9002\u7528\u4e8e\u8fd9\u4e24\u79cd\u7c7b\u578b\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u6211\u5c06\u8ba8\u8bba API \u5e94\u7528\u7a0b\u5e8f\u7b2c 25 \u7ae0\u3002<\/p>\n
In section 23.2 I introduce a user-management system called ASP.NET Core Identity (Identity for short). Identity integrates with Entity Framework Core (EF Core) and provides services for creating and managing users, storing and validating passwords, and signing users in and out of your app.
\n\u5728 Section 23.2 \u4e2d\uff0c\u6211\u4ecb\u7ecd\u4e86\u4e00\u4e2a\u540d\u4e3a ASP.NET Core Identity\uff08\u7b80\u79f0 Identity\uff09\u7684\u7528\u6237\u7ba1\u7406\u7cfb\u7edf\u3002Identity \u4e0e Entity Framework Core \uff08EF Core\uff09 \u96c6\u6210\uff0c\u5e76\u63d0\u4f9b\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u7528\u6237\u3001\u5b58\u50a8\u548c\u9a8c\u8bc1\u5bc6\u7801\u4ee5\u53ca\u8ba9\u7528\u6237\u767b\u5f55\u548c\u6ce8\u9500\u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u3002<\/p>\n
In section 23.3 you\u2019ll create an app using a default template that includes ASP.NET Core Identity out of the box. This gives you an app to explore and see the features Identity provides, as well as everything it doesn\u2019t.
\n\u5728 Section 23.3 \u4e2d\uff0c\u60a8\u5c06\u4f7f\u7528\u9ed8\u8ba4\u6a21\u677f\u521b\u5efa\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff0c\u8be5\u6a21\u677f\u5305\u542b\u5f00\u7bb1\u5373\u7528 ASP.NET Core Identity\u3002\u8fd9\u4e3a\u60a8\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6765\u63a2\u7d22\u548c\u67e5\u770b Identity \u63d0\u4f9b\u7684\u529f\u80fd\uff0c\u4ee5\u53ca\u5b83\u4e0d\u63d0\u4f9b\u7684\u6240\u6709\u5185\u5bb9\u3002<\/p>\n
Creating an app is great for seeing how the pieces fit together, but you\u2019ll often need to add users and authentication to an existing app. In section 23.4 you\u2019ll see the steps required to add ASP.NET Core Identity to an existing app.
\n\u521b\u5efa\u5e94\u7528\u7a0b\u5e8f\u975e\u5e38\u9002\u5408\u67e5\u770b\u5404\u4e2a\u90e8\u5206\u5982\u4f55\u7ec4\u5408\u5728\u4e00\u8d77\uff0c\u4f46\u60a8\u901a\u5e38\u9700\u8981\u5411\u73b0\u6709\u5e94\u7528\u7a0b\u5e8f\u6dfb\u52a0\u7528\u6237\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728 Section 23.4 \u4e2d\uff0c\u60a8\u5c06\u770b\u5230\u5c06 ASP.NET Core Identity \u6dfb\u52a0\u5230\u73b0\u6709\u5e94\u7528\u7a0b\u5e8f\u6240\u9700\u7684\u6b65\u9aa4\u3002<\/p>\n
In sections 23.5 and 23.6 you\u2019ll learn how to replace pages from the default Identity UI by scaffolding individual pages. In section 23.5 you\u2019ll see how to customize the Razor templates to generate different HTML on the user registration page, and in section 23.6 you\u2019ll learn how to customize the logic associated with a Razor Page. You\u2019ll see how to store additional information about a user (such as their name or date of birth) and how to provide them permissions that you can later use to customize the app\u2019s behavior (if the user is a VIP, for example).
\n\u5728\u7b2c 23.5 \u8282\u548c\u7b2c 23.6 \u8282\u4e2d\uff0c\u60a8\u5c06\u5b66\u4e60\u5982\u4f55\u901a\u8fc7\u642d\u5efa\u5355\u4e2a\u9875\u9762\u7684\u57fa\u67b6\u6765\u66ff\u6362\u9ed8\u8ba4 Identity UI \u4e2d\u7684\u9875\u9762\u3002\u5728\u7b2c 23.5 \u8282\u4e2d\uff0c\u4f60\u5c06\u4e86\u89e3\u5982\u4f55\u81ea\u5b9a\u4e49 Razor \u6a21\u677f\u4ee5\u5728\u7528\u6237\u6ce8\u518c\u9875\u4e0a\u751f\u6210\u4e0d\u540c\u7684 HTML\uff0c\u5728\u7b2c 23.6 \u8282\u4e2d\uff0c\u4f60\u5c06\u4e86\u89e3\u5982\u4f55\u81ea\u5b9a\u4e49\u4e0e Razor \u9875\u9762\u5173\u8054\u7684\u903b\u8f91\u3002\u60a8\u5c06\u4e86\u89e3\u5982\u4f55\u5b58\u50a8\u6709\u5173\u7528\u6237\u7684\u5176\u4ed6\u4fe1\u606f\uff08\u4f8b\u5982\u4ed6\u4eec\u7684\u59d3\u540d\u6216\u51fa\u751f\u65e5\u671f\uff09\uff0c\u4ee5\u53ca\u5982\u4f55\u4e3a\u4ed6\u4eec\u63d0\u4f9b\u7a0d\u540e\u53ef\u7528\u4e8e\u81ea\u5b9a\u4e49\u5e94\u7528\u7a0b\u5e8f\u884c\u4e3a\u7684\u6743\u9650\uff08\u4f8b\u5982\uff0c\u5982\u679c\u7528\u6237\u662f VIP\uff09\u3002<\/p>\n
Before we look at the ASP.NET Core Identity system specifically, let\u2019s take a look at authentication and authorization in ASP.NET Core\u2014what\u2019s happening when you sign in to a website and how you can design your apps to provide this functionality.
\n\u5728\u6211\u4eec\u5177\u4f53\u7814\u7a76 ASP.NET Core Identity \u7cfb\u7edf\u4e4b\u524d\uff0c\u8ba9\u6211\u4eec\u5148\u770b\u4e00\u4e0b ASP.NET Core \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 - \u5f53\u60a8\u767b\u5f55\u7f51\u7ad9\u65f6\u4f1a\u53d1\u751f\u4ec0\u4e48\uff0c\u4ee5\u53ca\u5982\u4f55\u8bbe\u8ba1\u60a8\u7684\u5e94\u7528\u7a0b\u5e8f\u6765\u63d0\u4f9b\u6b64\u529f\u80fd\u3002<\/p>\n
23.1 \u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7b80\u4ecb<\/p>\n
When you add sign-in functionality to your app and control access to certain functions based on the currently signed-in user, you\u2019re using two distinct aspects of security:
\n\u5f53\u60a8\u5411\u5e94\u7528\u6dfb\u52a0\u767b\u5f55\u529f\u80fd\u5e76\u6839\u636e\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u63a7\u5236\u5bf9\u67d0\u4e9b\u529f\u80fd\u7684\u8bbf\u95ee\u65f6\uff0c\u60a8\u5c06\u4f7f\u7528\u4e24\u4e2a\u4e0d\u540c\u7684\u5b89\u5168\u6027\u65b9\u9762\uff1a<\/p>\n
\u2022 Authentication\u2014The process of determining who you are
\n\u8eab\u4efd\u9a8c\u8bc1 - \u786e\u5b9a\u60a8\u662f\u8c01\u7684\u8fc7\u7a0b
\n\u2022 Authorization\u2014The process of determining what you\u2019re allowed to do
\n\u6388\u6743 - \u786e\u5b9a\u5141\u8bb8\u60a8\u6267\u884c\u7684\u4f5c\u7684\u8fc7\u7a0b<\/p>\n
Generally you need to know who the user is before you can determine what they\u2019re allowed to do, so authentication always comes first, followed by authorization. In this chapter we\u2019re looking only at authentication; we\u2019ll cover authorization in chapter 24.
\n\u901a\u5e38\uff0c\u60a8\u9700\u8981\u5148\u77e5\u9053\u7528\u6237\u662f\u8c01\uff0c\u7136\u540e\u624d\u80fd\u786e\u5b9a\u5141\u8bb8\u4ed6\u4eec\u505a\u4ec0\u4e48\uff0c\u56e0\u6b64\u8eab\u4efd\u9a8c\u8bc1\u59cb\u7ec8\u6392\u5728\u7b2c\u4e00\u4f4d\uff0c\u7136\u540e\u662f\u6388\u6743\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u53ea\u5173\u6ce8\u8eab\u4efd\u9a8c\u8bc1;\u6211\u4eec\u5c06\u5728\u7b2c 24 \u7ae0\u4e2d\u4ecb\u7ecd\u6388\u6743\u3002<\/p>\n
In this section I start by discussing how ASP.NET Core thinks about users, and I cover some of the terminology and concepts that are central to authentication. I found this to be the hardest part to grasp when I learned about authentication, so I\u2019ll take it slow.
\n\u5728\u672c\u8282\u4e2d\uff0c\u6211\u9996\u5148\u8ba8\u8bba ASP.NET Core \u5982\u4f55\u770b\u5f85\u7528\u6237\uff0c\u5e76\u4ecb\u7ecd\u4e00\u4e9b\u5bf9\u8eab\u4efd\u9a8c\u8bc1\u81f3\u5173\u91cd\u8981\u7684\u672f\u8bed\u548c\u6982\u5ff5\u3002\u5f53\u6211\u4e86\u89e3\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u6211\u53d1\u73b0\u8fd9\u662f\u6700\u96be\u638c\u63e1\u7684\u90e8\u5206\uff0c\u56e0\u6b64\u6211\u4f1a\u6162\u6162\u6765\u3002<\/p>\n
Next, we\u2019ll look at what it means to sign in to a traditional web app. After all, you only provide your password and sign into an app on a single page; how does the app know the request came from you for subsequent requests?
\n\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u4e86\u89e3\u767b\u5f55\u5230\u4f20\u7edf Web \u5e94\u7528\u7a0b\u5e8f\u610f\u5473\u7740\u4ec0\u4e48\u3002\u6bd5\u7adf\uff0c\u60a8\u53ea\u9700\u5728\u5355\u4e2a\u9875\u9762\u4e0a\u63d0\u4f9b\u5bc6\u7801\u5e76\u767b\u5f55\u5e94\u7528\u7a0b\u5e8f;\u5e94\u7528\u7a0b\u5e8f\u5982\u4f55\u77e5\u9053\u60a8\u7684\u540e\u7eed\u8bf7\u6c42\u6765\u81ea\u60a8\uff1f<\/p>\n
23.1.1 \u4e86\u89e3 ASP.NET Core \u4e2d\u7684\u7528\u6237\u548c\u58f0\u660e<\/p>\n
The concept of a user is baked into ASP.NET Core. In chapter 3 you learned that the HTTP server, Kestrel, creates an HttpContext object for every request it receives. This object is responsible for storing all the details related to that request, such as the request URL, any headers sent, and the body of the request.
\n\u7528\u6237\u7684\u6982\u5ff5\u5df2\u878d\u5165 ASP.NET Core\u3002\u5728\u7b2c 3 \u7ae0\u4e2d\uff0c\u60a8\u4e86\u89e3\u4e86 HTTP \u670d\u52a1\u5668 Kestrel \u4e3a\u5b83\u6536\u5230\u7684\u6bcf\u4e2a\u8bf7\u6c42\u521b\u5efa\u4e00\u4e2a HttpContext \u5bf9\u8c61\u3002\u6b64\u5bf9\u8c61\u8d1f\u8d23\u5b58\u50a8\u4e0e\u8be5\u8bf7\u6c42\u76f8\u5173\u7684\u6240\u6709\u8be6\u7ec6\u4fe1\u606f\uff0c\u4f8b\u5982\u8bf7\u6c42 URL\u3001\u53d1\u9001\u7684\u4efb\u4f55\u6807\u5934\u4ee5\u53ca\u8bf7\u6c42\u6b63\u6587\u3002<\/p>\n
The HttpContext object also exposes the current principal for a request as the User property. This is ASP.NET Core\u2019s view of which user made the request. Any time your app needs to know who the current user is or what they\u2019re allowed to do, it can look at the HttpContext.User principal.
\nHttpContext \u5bf9\u8c61\u8fd8\u5c06\u8bf7\u6c42\u7684\u5f53\u524d\u4e3b\u4f53\u516c\u5f00\u4e3a User \u5c5e\u6027\u3002\u8fd9\u662f ASP.NET Core \u5bf9\u54ea\u4e2a\u7528\u6237\u53d1\u51fa\u8bf7\u6c42\u7684\u89c6\u56fe\u3002\u6bcf\u5f53\u4f60\u7684\u5e94\u7528\u7a0b\u5e8f\u9700\u8981\u77e5\u9053\u5f53\u524d\u7528\u6237\u662f\u8c01\u6216\u5141\u8bb8\u4ed6\u4eec\u505a\u4ec0\u4e48\u65f6\uff0c\u5b83\u90fd\u53ef\u4ee5\u67e5\u770b HttpContext.User \u4e3b\u4f53\u3002<\/p>\n
DEFINITION<\/b> You can think of the principal as the user of your app.
\n\u5b9a\u4e49\uff1a\u60a8\u53ef\u4ee5\u5c06\u4e3b\u4f53\u89c6\u4e3a\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u3002<\/p>\n
In ASP.NET Core, principals are implemented using the ClaimsPrincipal class, which has a collection of claims associated with it, as shown in figure 23.1.
\n\u5728 ASP.NET Core \u4e2d\uff0c\u4e3b\u4f53\u662f\u4f7f\u7528 ClaimsPrincipal \u7c7b\u5b9e\u73b0\u7684\uff0c\u8be5\u7c7b\u5177\u6709\u4e0e\u4e4b\u5173\u8054\u7684\u58f0\u660e\u96c6\u5408\uff0c\u5982\u56fe 23.1 \u6240\u793a\u3002<\/p>\n
<\/p>\n
Figure 23.1 The principal is the current user, implemented as ClaimsPrincipal. It contains a collection of Claims that describe the user.
\n\u56fe 23.1 \u4e3b\u4f53\u662f\u5f53\u524d\u7528\u6237\uff0c\u5b9e\u73b0\u4e3a ClaimsPrincipal\u3002\u5b83\u5305\u542b\u63cf\u8ff0\u7528\u6237\u7684 Claims \u96c6\u5408\u3002<\/p>\n
You can think about claims as properties of the current user. For example, you could have claims for things like email, name, and date of birth.
\n\u60a8\u53ef\u4ee5\u5c06\u58f0\u660e\u89c6\u4e3a\u5f53\u524d\u7528\u6237\u7684\u5c5e\u6027\u3002\u4f8b\u5982\uff0c\u60a8\u53ef\u4ee5\u5bf9\u7535\u5b50\u90ae\u4ef6\u3001\u59d3\u540d\u548c\u51fa\u751f\u65e5\u671f\u7b49\u5185\u5bb9\u63d0\u51fa\u7d22\u8d54\u3002<\/p>\n
DEFINITION<\/b> A claim is a single piece of information about a principal; it consists of a claim type and an optional value.
\n\u5b9a\u4e49:\u7d22\u8d54\u662f\u6709\u5173\u59d4\u6258\u4eba\u7684\u5355\u4e2a\u4fe1\u606f;\u5b83\u7531 Claim \u7c7b\u578b\u548c Optional Value \u7ec4\u6210\u3002<\/p>\n
Claims can also be indirectly related to permissions and authorization, so you could have a claim called HasAdminAccess or IsVipCustomer. These would be stored in the same way\u2014as claims associated with the user principal.
\n\u58f0\u660e\u4e5f\u53ef\u4ee5\u4e0e\u6743\u9650\u548c\u6388\u6743\u95f4\u63a5\u76f8\u5173\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u6709\u4e00\u4e2a\u540d\u4e3a HasAdminAccess \u6216 IsVipCustomer \u7684\u58f0\u660e\u3002\u8fd9\u4e9b\u8bf7\u6c42\u7684\u5b58\u50a8\u65b9\u5f0f\u4e0e\u4e0e\u7528\u6237\u4e3b\u4f53\u5173\u8054\u7684\u58f0\u660e\u76f8\u540c\u3002<\/p>\n
NOTE<\/b> Earlier versions of ASP.NET used a role-based approach to security rather than a claims-based approach. The ClaimsPrincipal used in ASP.NET Core is compatible with this approach for legacy reasons, but you should use the claims-based approach for new apps.
\n\u6ce8\u610f:\u65e9\u671f\u7248\u672c\u7684 ASP.NET \u4f7f\u7528\u57fa\u4e8e\u89d2\u8272\u7684\u5b89\u5168\u65b9\u6cd5\uff0c\u800c\u4e0d\u662f\u57fa\u4e8e\u58f0\u660e\u7684\u65b9\u6cd5\u3002\u7531\u4e8e\u9057\u7559\u539f\u56e0\uff0cASP.NET Core \u4e2d\u4f7f\u7528\u7684 ClaimsPrincipal \u4e0e\u6b64\u65b9\u6cd5\u517c\u5bb9\uff0c\u4f46\u5bf9\u4e8e\u65b0\u5e94\u7528\uff0c\u5e94\u4f7f\u7528\u57fa\u4e8e\u58f0\u660e\u7684\u65b9\u6cd5\u3002<\/p>\n
Kestrel assigns a user principal to every request that arrives at your app. Initially, that principal is a generic, anonymous, unauthenticated principal with no claims. How do you log in, and how does ASP.NET Core know that you\u2019ve logged in on subsequent requests?
\nKestrel \u4e3a\u5230\u8fbe\u5e94\u7528\u7a0b\u5e8f\u7684\u6bcf\u4e2a\u8bf7\u6c42\u5206\u914d\u4e00\u4e2a\u7528\u6237\u4e3b\u4f53\u3002\u6700\u521d\uff0c\u8be5\u59d4\u6258\u4eba\u662f\u901a\u7528\u7684\u3001\u533f\u540d\u7684\u3001\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u59d4\u6258\u4eba\uff0c\u6ca1\u6709\u58f0\u660e\u3002\u60a8\u5982\u4f55\u767b\u5f55\uff0cASP.NET Core \u5982\u4f55\u77e5\u9053\u60a8\u5df2\u767b\u5f55\u540e\u7eed\u8bf7\u6c42\uff1f<\/p>\n
In the next section we\u2019ll look at how authentication works in a traditional web app using ASP.NET Core and the process of signing into a user account.
\n\u5728\u4e0b\u4e00\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u4e86\u89e3\u4f7f\u7528 ASP.NET Core \u5728\u4f20\u7edf Web \u5e94\u7528\u7a0b\u5e8f\u4e2d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u5de5\u4f5c\u539f\u7406\uff0c\u4ee5\u53ca\u767b\u5f55\u7528\u6237\u5e10\u6237\u7684\u8fc7\u7a0b\u3002<\/p>\n
23.1.2 ASP.NET Core \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\uff1a\u670d\u52a1\u548c\u4e2d\u95f4\u4ef6<\/p>\n
Adding authentication to any web app involves a few moving parts. The same general process applies whether you\u2019re building a traditional web app or a client-side app (though there are often differences in the latter, as I discuss in chapter 25):
\n\u5411\u4efb\u4f55 Web \u5e94\u7528\u7a0b\u5e8f\u6dfb\u52a0\u8eab\u4efd\u9a8c\u8bc1\u90fd\u6d89\u53ca\u4e00\u4e9b\u79fb\u52a8\u90e8\u4ef6\u3002\u65e0\u8bba\u60a8\u662f\u6784\u5efa\u4f20\u7edf\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u8fd8\u662f\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\uff0c\u76f8\u540c\u7684\u4e00\u822c\u8fc7\u7a0b\u90fd\u9002\u7528\uff08\u5c3d\u7ba1\u540e\u8005\u7ecf\u5e38\u5b58\u5728\u5dee\u5f02\uff0c\u6b63\u5982\u6211\u5728\u7b2c 25 \u7ae0\u4e2d\u8ba8\u8bba\u7684\u90a3\u6837\uff09\uff1a<\/p>\n
The client sends an identifier and a secret to the app to identify the current user. For example, you could send an email address (identifier) and a password (secret).
\n\u5ba2\u6237\u7aef\u5411\u5e94\u7528\u7a0b\u5e8f\u53d1\u9001\u6807\u8bc6\u7b26\u548c\u5bc6\u94a5\u4ee5\u8bc6\u522b\u5f53\u524d\u7528\u6237\u3002\u4f8b\u5982\uff0c\u60a8\u53ef\u4ee5\u53d1\u9001\u7535\u5b50\u90ae\u4ef6\u5730\u5740 \uff08identifier\uff09 \u548c\u5bc6\u7801 \uff08secret\uff09\u3002<\/p>\n<\/li>\n
The app verifies that the identifier corresponds to a user known by the app and that the corresponding secret is correct.
\n\u5e94\u7528\u7a0b\u5e8f\u9a8c\u8bc1\u6807\u8bc6\u7b26\u662f\u5426\u5bf9\u5e94\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5df2\u77e5\u7684\u7528\u6237\uff0c\u4ee5\u53ca\u76f8\u5e94\u7684\u5bc6\u94a5\u662f\u5426\u6b63\u786e\u3002<\/p>\n<\/li>\n
If the identifier and secret are valid, the app can set the principal for the current request, but it also needs a way of storing these details for subsequent requests. For traditional web apps, this is typically achieved by storing an encrypted version of the user principal in a cookie.
\n\u5982\u679c\u6807\u8bc6\u7b26\u548c\u5bc6\u94a5\u6709\u6548\uff0c\u5219\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u4e3a\u5f53\u524d\u8bf7\u6c42\u8bbe\u7f6e\u4e3b\u4f53\uff0c\u4f46\u5b83\u8fd8\u9700\u8981\u4e00\u79cd\u65b9\u6cd5\u6765\u5b58\u50a8\u8fd9\u4e9b\u8be6\u7ec6\u4fe1\u606f\u4ee5\u4f9b\u540e\u7eed\u8bf7\u6c42\u4f7f\u7528\u3002\u5bf9\u4e8e\u4f20\u7edf\u7684 Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd9\u901a\u5e38\u662f\u901a\u8fc7\u5c06\u7528\u6237\u4e3b\u4f53\u7684\u52a0\u5bc6\u7248\u672c\u5b58\u50a8\u5728 Cookie \u4e2d\u6765\u5b9e\u73b0\u7684\u3002<\/p>\n<\/li>\n<\/ol>\n
This is the typical flow for most web apps, but in this section I\u2019m going to look at how it works in ASP.NET Core. The overall process is the same, but it\u2019s good to see how this pattern fits into the services, middleware, and Model-View-Controller (MVC) aspects of an ASP.NET Core application. We\u2019ll step through the various pieces at play in a typical app when you sign in as a user, what that means, and how you can make subsequent requests as that user.
\n\u8fd9\u662f\u5927\u591a\u6570 Web \u5e94\u7528\u7a0b\u5e8f\u7684\u5178\u578b\u6d41\u7a0b\uff0c\u4f46\u5728\u672c\u8282\u4e2d\uff0c\u6211\u5c06\u4ecb\u7ecd\u5b83\u5728 ASP.NET Core \u4e2d\u7684\u5de5\u4f5c\u539f\u7406\u3002\u6574\u4e2a\u8fc7\u7a0b\u662f\u76f8\u540c\u7684\uff0c\u4f46\u5f88\u9ad8\u5174\u770b\u5230\u6b64\u6a21\u5f0f\u5982\u4f55\u9002\u5e94 ASP.NET Core \u5e94\u7528\u7a0b\u5e8f\u7684\u670d\u52a1\u3001\u4e2d\u95f4\u4ef6\u548c\u6a21\u578b-\u89c6\u56fe-\u63a7\u5236\u5668 \uff08MVC\uff09 \u65b9\u9762\u3002\u6211\u4eec\u5c06\u9010\u6b65\u4ecb\u7ecd\u5f53\u60a8\u4ee5\u7528\u6237\u8eab\u4efd\u767b\u5f55\u65f6\uff0c\u5178\u578b\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u5404\u4e2a\u90e8\u5206\u3001\u8fd9\u610f\u5473\u7740\u4ec0\u4e48\uff0c\u4ee5\u53ca\u60a8\u5982\u4f55\u4ee5\u8be5\u7528\u6237\u8eab\u4efd\u53d1\u51fa\u540e\u7eed\u8bf7\u6c42\u3002<\/p>\n
![\"alt](\"\/images\/aspnetcoreinaction\/2302.png\")
![\"alt](\"\/images\/aspnetcoreinaction\/2303.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2304.png\")
![\"alt](\"\/images\/aspnetcoreinaction\/2305.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2306.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2307.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2308.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2309.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2310.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2311.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2312.png\")
<\/p>\n![\"alt](\"\/images\/aspnetcoreinaction\/2313.png\")
<\/p>\n