简短(而且没有那么有帮助)答案:
具体来说它来自于microsoft.aspnetcore.identity
包在类中Microsoft.AspNetCore.Identity.IdentityConstants.ApplicationScheme
长答案,包含整个细分:
您需要添加身份 - 该方案已建立并连接到身份验证AddIdentity
扩展方法
扩展方法在Microsoft.Extensions.DependencyInjection.IdentityServiceCollectionExtensions
public static IdentityBuilder AddIdentity<TUser, TRole>(this IServiceCollection services, Action<IdentityOptions> setupAction) where TUser: class where TRole: class
{
services.AddAuthentication(delegate (AuthenticationOptions options) {
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
}).AddCookie(IdentityConstants.ApplicationScheme, delegate (CookieAuthenticationOptions o) {
o.LoginPath = new PathString("/Account/Login");
CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidatePrincipalAsync);
o.Events = events1;
}).AddCookie(IdentityConstants.ExternalScheme, delegate (CookieAuthenticationOptions o) {
o.Cookie.Name = IdentityConstants.ExternalScheme;
o.ExpireTimeSpan = TimeSpan.FromMinutes((double) 5.0);
}).AddCookie(IdentityConstants.TwoFactorRememberMeScheme, delegate (CookieAuthenticationOptions o) {
o.Cookie.Name = IdentityConstants.TwoFactorRememberMeScheme;
CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidateAsync<ITwoFactorSecurityStampValidator>);
o.Events = events1;
}).AddCookie(IdentityConstants.TwoFactorUserIdScheme, delegate (CookieAuthenticationOptions o) {
o.Cookie.Name = IdentityConstants.TwoFactorUserIdScheme;
o.ExpireTimeSpan = TimeSpan.FromMinutes((double) 5.0);
});
services.AddHttpContextAccessor();
services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();
services.TryAddScoped<IdentityErrorDescriber>();
services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>();
services.TryAddScoped<ITwoFactorSecurityStampValidator, TwoFactorSecurityStampValidator<TUser>>();
services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>();
services.TryAddScoped<UserManager<TUser>>();
services.TryAddScoped<SignInManager<TUser>>();
services.TryAddScoped<RoleManager<TRole>>();
if (setupAction != null)
{
services.Configure<IdentityOptions>(setupAction);
}
return new IdentityBuilder(typeof(TUser), typeof(TRole), services);
}
如果你遵循这个AddCookie
call
.AddCookie(IdentityConstants.ApplicationScheme, delegate (CookieAuthenticationOptions o) {
o.LoginPath = new PathString("/Account/Login");
CookieAuthenticationEvents events1 = new CookieAuthenticationEvents();
events1.OnValidatePrincipal = new Func<CookieValidatePrincipalContext, Task>(SecurityStampValidator.ValidatePrincipalAsync);
o.Events = events1;
它最终配置AuthenticationOptions
与“Identity.Application”方案和CookieAuthenticationHandler
你打电话时SignInManager.PasswordSignInAsync
:
-
SignInManager
检查数据库中的用户名/密码(如果启用,则执行两个因素流),然后如果好
- 创造了
ClaimsPrincipal
并将其发送至HttpContext.SignInAsync
(一种扩展方法)与身份申请方案,参见here
- 哪个得到
IAuthenticationService
(通过以下方式添加到 DIAddAuthentication
), see here
- In
AuthenticationService
, it uses a chain of objects
-
IAuthenticationHandlerProvider
=> IAuthenticationSchemeProvider
=> 之前配置的AuthenticationOptions
构建一个AuthenticationScheme
它提供了IAuthenticationHandler
在这种情况下CookieAuthenticationHandler
. see here and here and here
-
CookieAuthenticationHandler.HandleSignInAsync
创建、加密并添加 cookie。
现在 cookie 已经存在,因此下一个请求(通常是登录后的重定向)AuthenticationMiddleware
, the HttpContext.AuthenticateAsync
方法被调用,它遵循类似的流程
-
CookieAuthenticationHandler.HandleAuthenticateAsync
它读取 cookie 并传回ClaimsPrincipal
,
- 这被分配给
HttpContext.User
,使其可以访问请求管道的所有其他区域,例如授权,请参阅here