如何在ASP.NET Core MVC中将授权扩展到其他相关项目?

问题描述 投票:0回答:1

如何让ASP.NET Core MVC项目中的相关项目受到一次授权保护?集中式认证和授权系统。无需第三方应用程序的参与。

最简单的例子。提前非常感谢您。

Program.cs
(身份项目)

builder.Services.AddAuthorization();
builder.Services.AddAuthorization();

// ...

app.UseAuthentication();
app.UseAuthorization();


AccountController
(身份项目)

public class AccountController : Controller
{
    private readonly UserManager<IdentityUser> _userManager;
    private readonly SignInManager<IdentityUser> _signInManager;

    public AccountController(UserManager<IdentityUser> userManager,
        SignInManager<IdentityUser> signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
    }

    // ...
}


Program.cs
(其他项目)

builder.Services.AddAuthorization();
builder.Services.AddAuthorization();

// ...

app.UseAuthentication();
app.UseAuthorization();


HomeController
(其他项目)

public class HomeController : Controller
{
    [Authorize]
    public IActionResult Index()
    {
        return View();
    }
}

在此输入图片描述

asp.net-core-mvc
1个回答
0
投票

在所有应用程序中配置具有相同名称和加密密钥的共享 cookie。一个项目中的 ASP.NET Core Identity 应发出 cookie,其他项目应接受相同的 cookie 进行身份验证。

Program.cs(身份项目):

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found.");
builder.Services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(connectionString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();

builder.Services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddControllersWithViews();


// Configure cookie authentication for shared cookie
builder.Services.AddDataProtection()
    .PersistKeysToFileSystem(new DirectoryInfo(@"c:\PATH TO COMMON KEY RING FOLDER"))
    .SetApplicationName("SharedCookieApp");

builder.Services.ConfigureApplicationCookie(options => {
    options.Cookie.Name = ".AspNet.SharedCookie";
});

var app = builder.Build();    
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseMigrationsEndPoint();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapRazorPages();

app.Run();

Program.cs(其他项目):

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddControllersWithViews();

builder.Services.AddAuthentication("Identity.Application") // Identity cookie scheme
    .AddCookie("Identity.Application", options =>
    {
        options.Cookie.Name = ".AspNet.SharedCookie";   // Must match the identity project's cookie name
    });
builder.Services.AddDataProtection()
    .PersistKeysToFileSystem(new DirectoryInfo(@"c:\PATH TO COMMON KEY RING FOLDER"))
    .SetApplicationName("SharedCookieApp");
builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

app.Run();

参考:在 ASP.NET 应用程序之间共享身份验证 cookie

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.