1 using System; 2 using System.Security.Claims; 3 using System.Security.Principal; 4 using System.Threading.Tasks; 5 using Microsoft.AspNetCore.Authentication; 6 using Microsoft.AspNetCore.Authentication.Cookies; 7 using Microsoft.AspNetCore.Authorization; 8 using Microsoft.AspNetCore.Authorization.Infrastructure; 9 using Microsoft.AspNetCore.Builder; 10 using Microsoft.AspNetCore.Hosting; 11 using Microsoft.AspNetCore.Http; 12 using Microsoft.EntityFrameworkCore; 13 using Microsoft.Extensions.DependencyInjection; 14 using Microsoft.Extensions.Hosting; 15 16 namespace ConsoleApp4 17 { 18 class Program 19 { 20 static void Main(string[] args) 21 { 22 Host.CreateDefaultBuilder() 23 .ConfigureWebHostDefaults(builder => builder 24 .ConfigureServices(collection => collection 25 .AddDbContext<UserDbContext>(options => options 26 .UseSqlServer("Server=(localdb)\\mssqllocaldb;Database=AuthorizationDemo;Trusted_Connection=True;MultipleActiveResultSets=true") 27 ) 28 .AddRouting() 29 .AddAuthorization(options => { //授权全局注册 30 var requirement = new RolesAuthorizationRequirement(new [] { "ADMIN" }); //角色授权要求对象 31 var policy = new AuthorizationPolicy(new IAuthorizationRequirement[] { requirement }, new string[0]); //授权策略,第二个是授权方案名称 32 options.AddPolicy("HomePage", policy); //随便起个名字 33 }) 34 .AddAuthentication(options => options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme).AddCookie()) 35 .Configure(app => app 36 .UseAuthentication() 37 .UseRouting() 38 .UseEndpoints(endpoints => 39 { 40 endpoints.Map("/", RenderHomePageAsync); 41 endpoints.Map("Account/Login", SignInAsync); 42 endpoints.Map("Account/Logout", SignOutAsync); 43 endpoints.Map("Account/AccessDenied", DenyAccessAsync); 44 }))) 45 .Build() 46 .Run(); 47 } 48 49 public static async Task RenderHomePageAsync(HttpContext context) 50 { 51 if (context?.User?.Identity?.IsAuthenticated == true) 52 { 53 var authorizationService = context.RequestServices.GetRequiredService<IAuthorizationService>(); //获取授权服务 54 var result = await authorizationService.AuthorizeAsync(context.User, "HomePage"); //传递策略,在mvc中修改为特性 55 if (result.Succeeded) 56 { 57 await context.Response.WriteAsync( 58 @"<html> 59 <head><title>Index</title></head> 60 <body>" + 61 $"<h3>{context.User.Identity.Name}, you are authorized.</h3>" + 62 @"<a href='Account/Logout'>Sign Out</a> 63 </body> 64 </html>"); 65 } 66 else 67 { 68 await context.ForbidAsync(); 69 } 70 } 71 else 72 { 73 await context.ChallengeAsync(); 74 } 75 } 76 77 public static async Task SignInAsync(HttpContext context) 78 { 79 if (string.Compare(context.Request.Method, "GET") == 0) 80 { 81 await RenderLoginPageAsync(context, null, null, null); 82 } 83 else 84 { 85 string userName = context.Request.Form["username"]; 86 string password = context.Request.Form["password"]; 87 var dbContext = context.RequestServices.GetRequiredService<UserDbContext>(); 88 var user = await dbContext.Users.Include(it => it.Roles).SingleOrDefaultAsync(it => it.UserName == userName.ToUpper()); 89 if (user?.Password == password) 90 { 91 var identity = new GenericIdentity(userName, CookieAuthenticationDefaults.AuthenticationScheme); 92 foreach (var role in user.Roles) 93 { 94 identity.AddClaim(new Claim(ClaimTypes.Role, role.NormalizedRoleName)); 95 } 96 var principal = new ClaimsPrincipal(identity); 97 await context.SignInAsync(principal); 98 } 99 else 100 { 101 await RenderLoginPageAsync(context, userName, password, "Invalid user name or password!"); 102 } 103 } 104 } 105 106 private static Task RenderLoginPageAsync(HttpContext context, string userName, string password, string errorMessage) 107 { 108 context.Response.ContentType = "text/html"; 109 return context.Response.WriteAsync( 110 @"<html> 111 <head><title>Login</title></head> 112 <body> 113 <form method='post'>" + 114 $"<input type='text' name='username' placeholder='User name' value = '{userName}' /> " + 115 $"<input type='password' name='password' placeholder='Password' value = '{password}' /> " + 116 @"<input type='submit' value='Sign In' /> 117 </form>" + 118 $"<p style='color:red'>{errorMessage}</p>" + 119 @"</body> 120 </html>"); 121 } 122 123 public static async Task SignOutAsync(HttpContext context) 124 { 125 await context.SignOutAsync(); 126 await context.ChallengeAsync(new AuthenticationProperties { RedirectUri = "/" }); 127 } 128 129 public static Task DenyAccessAsync(HttpContext context) 130 { 131 return context.Response.WriteAsync( 132 @"<html> 133 <head><title>Index</title></head> 134 <body>" + 135 $"<h3>{context.User.Identity.Name}, your access is denied.</h3>" + 136 @"<a href='/Account/Logout'>Sign Out</a> 137 </body> 138 </html>"); 139 } 140 141 142 } 143 }
标签:注册,await,new,context,using,var,授权,全局,Microsoft From: https://www.cnblogs.com/zzhpebg/p/17590954.html