Asp.net Identity 2.0自定义登录方法
本文关键字:自定义 登录 方法 net Identity Asp | 更新日期: 2023-09-27 18:08:47
我正在开发ASP。使用Identity 2.0的。NET 5应用程序。我有两种类型的用户:
- Normal -使用标准登录方法进行身份验证。
- 临时-他们应该基于提供的令牌登录。
我不想存储临时用户,除了验证用户所需的信息(一些用户名和令牌)。如果用户提供了用户名和有效密码,就应该登录。
我不知道如何做到这一点
您也可以同时在这两个场景中使用Identity。对于第一种情况,使用身份就像你以前做过的,没有任何改变,但对于第二种情况,你在登录方法略有修改。
public ActionResoult TempLogin(string username, string password)
{
// imaging you have own temp user manager, completely independent from identity
if(_tempUserManager.IsValid(username,password))
{
// user is valid, going to authenticate user for my App
var ident = new ClaimsIdentity(
new[]
{
// adding following 2 claim just for supporting default antiforgery provider
new Claim(ClaimTypes.NameIdentifier, username),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", "http://www.w3.org/2001/XMLSchema#string"),
// an optional claim you could omit this
new Claim(ClaimTypes.Name, username),
// you could even add some role
new Claim(ClaimTypes.Role, "TempUser"),
new Claim(ClaimTypes.Role, "AnotherRole"),
// and so on
},
DefaultAuthenticationTypes.ApplicationCookie);
// Identity is sign in user based on claim don't matter
// how you generated it Identity
HttpContext.GetOwinContext().Authentication.SignIn(
new AuthenticationProperties { IsPersistent = false }, ident);
// auth is succeed,
return RedirectToAction("MyAction");
}
ModelState.AddModelError("", "We could not authorize you :(");
return View();
}
既然我们把逻辑注入了Identity,就不需要做任何额外的事情了。
[Authorize]
public ActionResult MySecretAction()
{
// all authorized users could use this method don't matter how has been authenticated
// we have access current user principal by calling also
// HttpContext.User
}
[Authorize(Roles="TempUser")]
public ActionResult MySecretAction()
{
// just temp users have accesses to this method
}
您需要扩展ASP。. NET身份库,使用自定义逻辑和/或存储。
在这里,你可以在我的Github帐户中找到一个例子,其中有一些有用的链接,我曾经在试图理解ASP时阅读过。. NET Identity stuff: https://github.com/hernandgr/AspNetIdentityDemo
希望有帮助!