通过前面对AddCookie 或者 AddOpenIdConnect 等了解,其实里面都实现了一个AuthenticationHandler<TOptions>的认证处理,接下来我们来简单自定义一个试试
首先我来实现下面这个方式,我添加了一个AddLIYOUMING()
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "LIYOUMINGScheme";
options.DefaultChallengeScheme = "LIYOUMINGScheme";
})
.AddLIYOUMING(o=> { });
扩展下AuthenticationBuilder就行了,看下扩展
/// <summary>
/// 黎又铭自定义可扩展
/// </summary>
public static class LIYOUMINGExtensions
{
public static AuthenticationBuilder AddLIYOUMING(this AuthenticationBuilder builder)
{ builder.AddLIYOUMING("LIYOUMINGScheme", o => { });
return builder;
} public static AuthenticationBuilder AddLIYOUMING(this AuthenticationBuilder builder, Action<LIYOUMINGOptions> configureOptions)
{
builder.AddLIYOUMING("LIYOUMINGScheme", configureOptions);
return builder;
} public static AuthenticationBuilder AddLIYOUMING(this AuthenticationBuilder builder, string defaultScheme, Action<LIYOUMINGOptions> configureOptions)
{
builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<LIYOUMINGOptions>, LIYOUMINGPostConfigureOptions>());
builder.AddScheme<LIYOUMINGOptions, LIYOUMINGHandler>(defaultScheme, "", configureOptions);
return builder;
}
}
我定义了LIYOUMINGOptions参数类,但是我并没有添加任何参数明白原理即可,需要继承AuthenticationSchemeOptions,可以重写验证处理,为什么要继承AuthenticationSchemeOptions,是因为AuthenticationHandler<TOptions>泛型限定
public abstract class AuthenticationHandler<TOptions> : IAuthenticationHandler where TOptions : AuthenticationSchemeOptions, new()
public class LIYOUMINGOptions : AuthenticationSchemeOptions
{
public override void Validate()
{
base.Validate();
}
public override void Validate(string scheme)
{
base.Validate(scheme);
}
}
还需要处理下配置,需要去实现IPostConfigureOptions
builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<LIYOUMINGOptions>, LIYOUMINGPostConfigureOptions>());
public class LIYOUMINGPostConfigureOptions :IPostConfigureOptions<LIYOUMINGOptions>
{
public void PostConfigure(string name, LIYOUMINGOptions options)
{ }
}
现在我们需要一个Handler来继承AuthenticationHandler<TOptions>,这里我定义了一个LIYOUMINGHandler,里面去重写相关认证方法即可,这里关键是AddScheme中的具体处理如下,配置绑定配置,注册Handler服务:
public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
where TOptions : AuthenticationSchemeOptions, new()
where THandler : AuthenticationHandler<TOptions>
{
Services.Configure<AuthenticationOptions>(o =>
{
o.AddScheme(authenticationScheme, scheme => {
scheme.HandlerType = typeof(THandler);
scheme.DisplayName = displayName;
});
});
if (configureOptions != null)
{
Services.Configure(authenticationScheme, configureOptions);
}
Services.AddTransient<THandler>();
return this;
}
下面就来看下我自定义的Handler中的处理
public class LIYOUMINGHandler : AuthenticationHandler<LIYOUMINGOptions>
{
public LIYOUMINGHandler(IOptionsMonitor<LIYOUMINGOptions> options, ILoggerFactory logger, UrlEncoder encoder,IDataProtectionProvider dataProtection, ISystemClock clock)
: base(options, logger, encoder, clock)
{ } /// <summary>
/// 这里就是具体的认证处理了
/// </summary>
/// <returns></returns>
protected async override Task<AuthenticateResult> HandleAuthenticateAsync()
{ AuthenticationTicket ticket = new AuthenticationTicket(new System.Security.Claims.ClaimsPrincipal { }, "LIYOUMINGScheme");
AuthenticateResult result = AuthenticateResult.Success(ticket); return await Task.FromResult(result);
}
protected override Task HandleChallengeAsync(AuthenticationProperties properties)
{ return base.HandleChallengeAsync(properties);
} protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
{
return base.HandleForbiddenAsync(properties);
} protected override Task InitializeEventsAsync()
{
return base.InitializeEventsAsync();
}
}
有些东西就没写了,无论你是cookie认证,还是OpenId 或者其他的都是在这里来处理的,只是具体的处理细节不一样,前面一篇文章说过HandleAuthenticateAsync 其实是抽象方法在父类中AuthenticateAsync()被调用,而AuthenticateAsync(),在IAuthenticationHandleProvider被调用,所以这里具体看业务了
AuthenticationTicket ticket = new AuthenticationTicket(new System.Security.Claims.ClaimsPrincipal { }, "LIYOUMINGScheme");
AuthenticateResult result = AuthenticateResult.Success(ticket);
return await Task.FromResult(result);
这里我举个例子,返回的是AuthenticateResult包裹的AuthenticationTicket,AuthenticationTicket中包含了身份信息,当然还有HandleChallengeAsync、HandleForbiddenAsync、InitializeEventsAsync等就不做介绍了
其实算下加上扩展就4个类LIYOUMINGExtensions、LIYOUMINGHandler、LIYOUMINGOptions、LIYOUMINGPostConfigureOptions就基本上描述了
下面来体验下:
在Configure中添加调试运行断点进入了Handler中的HandleAuthenticateAsync,就实现了HandleAuthenticateAsync认证在手,天下你有,任你发挥你的能力
app.UseAuthentication();
app.Use(async (context, next) =>
{
var user = context.User;
if (user?.Identity?.IsAuthenticated ?? false)
{
await next();
}
else
{
await context.ChallengeAsync();
}
await context.Response.WriteAsync("Hello World!");
});
加深下,在LIYOUMINGHandler我在继承接口IAuthenticationSignInHandler实现SignInAsync、SignOutAsync, 当然这里IAuthenticationSignInHandler继承了IAuthenticationSignOutHandler、IAuthenticationHandler,所以这里可通过SignIn写入信息了,下来来改造下代码,能通过LIYOUMINGHandler进行签入、签出,细节就略了
public class LIYOUMINGHandler : AuthenticationHandler<LIYOUMINGOptions>,IAuthenticationSignInHandler
{
public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
{
return Task.CompletedTask;
} public Task SignOutAsync(AuthenticationProperties properties)
{
return Task.CompletedTask;
} }
app.Use(async (context, next) =>
{
var user = context.User;
if (user?.Identity?.IsAuthenticated ?? false)
{
await next();
}
else
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim("Test", "LIYOUMING"));
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
//签入
await context.SignInAsync("LIYOUMINGScheme", claimsPrincipal); await context.Response.WriteAsync("SignInAsync");
} });
AddAuthentication中间件会先调用HandleAuthenticateAsync处理认证情况,其次上面代码执行后,输出了 SignInAsync,再次刷新的时候再次进入中间件的HandleAuthenticateAsync,这个时候处理认证信息 ,最后也没没有输出