.NET CORE 2.2 Identity + WebAPI 基本认证
.NET CORE 2.2 Identity + Basic Auth for WebAPI
我正在开发一个包含用户界面和 API 的软件。对于身份验证和授权,我使用了 .NET CORE Identity 2.2!
我工作很好。现在我有 API 函数,它们有两个不同的要求:
1. API 用户界面使用的端点(AJAX 调用等等...)
2. API 其他软件可以使用的端点
因此我想使用两种不同的授权方法。对于第 1 点,我使用 .NET CORE 身份授权和身份验证。对于第 2 点,我想使用 BASIC AUTH
我如何配置这些不同的授权方法。这是一个示例代码:
基本授权码
尝试在ConfigureServices中添加对BasuicAuth的Service-Support
services.AddAuthentication("BasicAuth").AddScheme<AuthenticationSchemeOptions, BasicAuthHandler>("BasicAuth", null);
构建基本身份验证处理程序
public class BasicAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
IConfiguration _configuration;
/// <summary>
/// Constructor
/// </summary>
/// <param name="options"></param>
/// <param name="logger"></param>
/// <param name="encoder"></param>
/// <param name="clock"></param>
/// <param name="configuration"></param>
public BasicAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IConfiguration configuration) : base(options, logger, encoder, clock)
{
_configuration = configuration;
}
/// <summary>
/// Handels the Authentication by using Basic Auth
/// --> Checks the configured values by
/// </summary>
/// <returns></returns>
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
{
return AuthenticateResult.Fail("Missing Authorization Header");
}
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentialsByes = Convert.FromBase64String(authHeader.Parameter);
var credentials = Encoding.UTF8.GetString(credentialsByes).Split(':');
var configuredUserName = _configuration["BasicAuth:Username"];
var configuredPassword = _configuration["BasicAuth:Password"];
if (configuredUserName.Equals(credentials[0]) & configuredPassword.Equals(credentials[1]))
{
var claims = new[] {
new Claim(ClaimTypes.Name, credentials[0])
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
else
{
return AuthenticateResult.Fail("Invalid Credentials");
}
}
catch
{
return AuthenticateResult.Fail("Invalid Authorization Header");
}
}
}
尝试将 Authentication Basic-Auth 添加到 Controller
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize]
public class MasterDataController : ControllerBase
{...}
Authorize Annotation 每次都使用.NET CORE Identity Authorize
另一种情况是使用 AUTHORIZE BY .NET CORE IDENTITY FOR UI-APIs
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(Roles = "SuperUser,PlantAdministrator,EndUser")]
public class UploadController : ControllerBase
{...}
这很好用 - 但我想使用组合...
我找到了解决办法。您可以通过向 Authorize 注释添加参数来完成此操作,如下所示:
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(ActiveAuthenticationSchemes = "BasicAuth")]
public class MasterDataController : ControllerBase
{...}
如果您将 ActiveAuthenticationSchemes 设置为 Basic Auth,它会查找兼容的 AuthenticationHandler!
我正在开发一个包含用户界面和 API 的软件。对于身份验证和授权,我使用了 .NET CORE Identity 2.2!
我工作很好。现在我有 API 函数,它们有两个不同的要求: 1. API 用户界面使用的端点(AJAX 调用等等...) 2. API 其他软件可以使用的端点
因此我想使用两种不同的授权方法。对于第 1 点,我使用 .NET CORE 身份授权和身份验证。对于第 2 点,我想使用 BASIC AUTH
我如何配置这些不同的授权方法。这是一个示例代码:
基本授权码
尝试在ConfigureServices中添加对BasuicAuth的Service-Support
services.AddAuthentication("BasicAuth").AddScheme<AuthenticationSchemeOptions, BasicAuthHandler>("BasicAuth", null);构建基本身份验证处理程序
public class BasicAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions> { IConfiguration _configuration; /// <summary> /// Constructor /// </summary> /// <param name="options"></param> /// <param name="logger"></param> /// <param name="encoder"></param> /// <param name="clock"></param> /// <param name="configuration"></param> public BasicAuthHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IConfiguration configuration) : base(options, logger, encoder, clock) { _configuration = configuration; } /// <summary> /// Handels the Authentication by using Basic Auth /// --> Checks the configured values by /// </summary> /// <returns></returns> protected override async Task<AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.ContainsKey("Authorization")) { return AuthenticateResult.Fail("Missing Authorization Header"); } try { var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); var credentialsByes = Convert.FromBase64String(authHeader.Parameter); var credentials = Encoding.UTF8.GetString(credentialsByes).Split(':'); var configuredUserName = _configuration["BasicAuth:Username"]; var configuredPassword = _configuration["BasicAuth:Password"]; if (configuredUserName.Equals(credentials[0]) & configuredPassword.Equals(credentials[1])) { var claims = new[] { new Claim(ClaimTypes.Name, credentials[0]) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return AuthenticateResult.Success(ticket); } else { return AuthenticateResult.Fail("Invalid Credentials"); } } catch { return AuthenticateResult.Fail("Invalid Authorization Header"); } } }尝试将 Authentication Basic-Auth 添加到 Controller
[ApiController] [ApiVersion("1.0", Deprecated = false)] [Produces("application/json")] [Route("api/v{version:apiVersion}/[controller]")] [Authorize] public class MasterDataController : ControllerBase {...}Authorize Annotation 每次都使用.NET CORE Identity Authorize
另一种情况是使用 AUTHORIZE BY .NET CORE IDENTITY FOR UI-APIs
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(Roles = "SuperUser,PlantAdministrator,EndUser")]
public class UploadController : ControllerBase
{...}
这很好用 - 但我想使用组合...
我找到了解决办法。您可以通过向 Authorize 注释添加参数来完成此操作,如下所示:
[ApiController]
[ApiVersion("1.0", Deprecated = false)]
[Produces("application/json")]
[Route("api/v{version:apiVersion}/[controller]")]
[Authorize(ActiveAuthenticationSchemes = "BasicAuth")]
public class MasterDataController : ControllerBase
{...}
如果您将 ActiveAuthenticationSchemes 设置为 Basic Auth,它会查找兼容的 AuthenticationHandler!