在 authenticationcontext asp.net 核心中保存对象
Save object in authenticationcontext asp.net core
我正在将我的 asp.net 框架转换为 asp.net 核心。
我面临的一件事是在授权处理程序的身份验证上下文中保存查询数据。
在我的 asp.net 框架中,我已经完成了 ASP.Net 框架中的 AuthorizeAttribute:
public override void OnAuthorization(HttpActionContext actionContext)
{
// Retrieve email and password.
var accountEmail =
actionContext.Request.Headers.Where(
x =>
!string.IsNullOrEmpty(x.Key) &&
x.Key.Equals(HeaderFields.RequestAccountEmail))
.Select(x => x.Value.FirstOrDefault())
.FirstOrDefault();
// Retrieve account password.
var accountPassword =
actionContext.Request.Headers.Where(
x =>
!string.IsNullOrEmpty(x.Key) &&
x.Key.Equals(HeaderFields.RequestAccountPassword))
.Select(x => x.Value.FirstOrDefault()).FirstOrDefault();
// Invalid account name or password.
if (string.IsNullOrEmpty(accountEmail) || string.IsNullOrEmpty(accountPassword))
{
// Treat this request is unauthorized.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnAccountNotLogin}"
});
return;
}
// Find the hashed password from the original one.
var accountHashedPassword = RepositoryAccountExtended.FindMd5Password(accountPassword);
// Retrieve person whose properties match conditions.
var person = RepositoryAccountExtended.FindPerson(null, accountEmail, accountHashedPassword, null, null);
// No person has been found.
if (person == null)
{
// Treat this request is unauthorized.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnAccountNotLogin}"
});
return;
}
// Account has been disabled.
if ((StatusAccount) person.Status == StatusAccount.Inactive)
{
// Treat the login isn't successful because of disabled account.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnDisabledAccount}"
});
return;
}
// Account is still pending.
if ((StatusAccount) person.Status == StatusAccount.Pending)
{
// Treat the login isn't successful because of pending account.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnPendingAccount}"
});
return;
}
// Account role isn't enough to access the function.
if (!Roles.Any(x => x == person.Role))
{
// Role isn't valid. Tell the client the access is forbidden.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, new
{
Error = $"{Language.WarnForbiddenAccessMethod}"
});
}
// Store the requester information in action argument.
actionContext.ActionArguments[HeaderFields.Account] = person;
}
如您所见,我将查询数据(帐户 - 在这种情况下)存储在 actionContext 中,稍后我可以在控制器中访问它。
我的问题是:我怎样才能在 ASP.NET Core 中实现同样的事情,因为我不想在我的每个 AuthorizationHandler 中查询我的数据库。
谢谢,
How can I achieve the same thing in ASP.NET Core
首先您需要一个身份验证中间件,对于您的情况,它可能是基本身份验证。对于 Aspnet Core,没有内置的基本身份验证中间件。一个解决方案是 here or you can implement own authentication middleware like .
I stored my query data (Account - in this situation) in the
actionContext, and I can access to it later in Controllers.
我想到了两种可能的方法:
- 将参数添加到
HttpContext.Items
- 正在为当前 User.Identity
添加声明
要实现这一点,您可以在身份验证中间件之后使用 ClaimsTransformation 或自定义中间件。如果您使用自己的实现,您也可以使用 HandleAuthenticateAsync 方法。
更新
保存查询数据的地方似乎是HandleAuthenticateAsync。如果您使用@blowdart 的 basic authentication 解决方案,您的代码可能如下所示:
.....
await Options.Events.ValidateCredentials(validateCredentialsContext);
if (validateCredentialsContext.Ticket != null)
{
HttpContext.Items[HeaderFields.Account] = person; // assuming you retrive person before this
Logger.LogInformation($"Credentials validated for {username}");
return AuthenticateResult.Success(validateCredentialsContext.Ticket);
}
我正在将我的 asp.net 框架转换为 asp.net 核心。
我面临的一件事是在授权处理程序的身份验证上下文中保存查询数据。
在我的 asp.net 框架中,我已经完成了 ASP.Net 框架中的 AuthorizeAttribute:
public override void OnAuthorization(HttpActionContext actionContext)
{
// Retrieve email and password.
var accountEmail =
actionContext.Request.Headers.Where(
x =>
!string.IsNullOrEmpty(x.Key) &&
x.Key.Equals(HeaderFields.RequestAccountEmail))
.Select(x => x.Value.FirstOrDefault())
.FirstOrDefault();
// Retrieve account password.
var accountPassword =
actionContext.Request.Headers.Where(
x =>
!string.IsNullOrEmpty(x.Key) &&
x.Key.Equals(HeaderFields.RequestAccountPassword))
.Select(x => x.Value.FirstOrDefault()).FirstOrDefault();
// Invalid account name or password.
if (string.IsNullOrEmpty(accountEmail) || string.IsNullOrEmpty(accountPassword))
{
// Treat this request is unauthorized.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnAccountNotLogin}"
});
return;
}
// Find the hashed password from the original one.
var accountHashedPassword = RepositoryAccountExtended.FindMd5Password(accountPassword);
// Retrieve person whose properties match conditions.
var person = RepositoryAccountExtended.FindPerson(null, accountEmail, accountHashedPassword, null, null);
// No person has been found.
if (person == null)
{
// Treat this request is unauthorized.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnAccountNotLogin}"
});
return;
}
// Account has been disabled.
if ((StatusAccount) person.Status == StatusAccount.Inactive)
{
// Treat the login isn't successful because of disabled account.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnDisabledAccount}"
});
return;
}
// Account is still pending.
if ((StatusAccount) person.Status == StatusAccount.Pending)
{
// Treat the login isn't successful because of pending account.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new
{
Error = $"{Language.WarnPendingAccount}"
});
return;
}
// Account role isn't enough to access the function.
if (!Roles.Any(x => x == person.Role))
{
// Role isn't valid. Tell the client the access is forbidden.
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, new
{
Error = $"{Language.WarnForbiddenAccessMethod}"
});
}
// Store the requester information in action argument.
actionContext.ActionArguments[HeaderFields.Account] = person;
}
如您所见,我将查询数据(帐户 - 在这种情况下)存储在 actionContext 中,稍后我可以在控制器中访问它。
我的问题是:我怎样才能在 ASP.NET Core 中实现同样的事情,因为我不想在我的每个 AuthorizationHandler 中查询我的数据库。
谢谢,
How can I achieve the same thing in ASP.NET Core
首先您需要一个身份验证中间件,对于您的情况,它可能是基本身份验证。对于 Aspnet Core,没有内置的基本身份验证中间件。一个解决方案是 here or you can implement own authentication middleware like
I stored my query data (Account - in this situation) in the actionContext, and I can access to it later in Controllers.
我想到了两种可能的方法:
- 将参数添加到
HttpContext.Items - 正在为当前 User.Identity 添加声明
要实现这一点,您可以在身份验证中间件之后使用 ClaimsTransformation 或自定义中间件。如果您使用自己的实现,您也可以使用 HandleAuthenticateAsync 方法。
更新
保存查询数据的地方似乎是HandleAuthenticateAsync。如果您使用@blowdart 的 basic authentication 解决方案,您的代码可能如下所示:
.....
await Options.Events.ValidateCredentials(validateCredentialsContext);
if (validateCredentialsContext.Ticket != null)
{
HttpContext.Items[HeaderFields.Account] = person; // assuming you retrive person before this
Logger.LogInformation($"Credentials validated for {username}");
return AuthenticateResult.Success(validateCredentialsContext.Ticket);
}