Question

我有兴趣建立自己的登录系统，这使我远离开箱即用的Identity，它隐藏了很多细节。

我正在使用Cookie查看身份验证。

https://dotnetcoretutorials.com/2017/09/16/cookie-authentication-asp-net-core-2-0/

谈论在幕后发生的签名过程的细节（保存会话，cookie，写入数据库等等）。我很想知道：

HTTPContext.SignInAsync函数对我的HTTP请求和响应的确切做什么？或者换句话说，这个功能如何与某人签约？

Answer 1

请注意，代码已更改，以下是在提出问题时于2017年启用的版本。

https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions/

https://github.com/aspnet/HttpAbstractions

新的github链接：

https://github.com/dotnet/aspnetcore

这是一个开始，从这里开始，您可以根据自己想知道的内容遵循代码。

AuthenticationService中的默认Microsoft.AspNetCore.Authentication

public virtual async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

    if (scheme == null)
    {
        var defaultScheme = await Schemes.GetDefaultSignInSchemeAsync();
        scheme = defaultScheme?.Name;
        if (scheme == null)
        {
            throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found.");
        }
    }

    var handler = await Handlers.GetHandlerAsync(context, scheme);
    if (handler == null)
    {
        throw await CreateMissingSignInHandlerException(scheme);
    }

    var signInHandler = handler as IAuthenticationSignInHandler;
    if (signInHandler == null)
    {
        throw await CreateMismatchedSignInHandlerException(scheme, handler);
    }

    await signInHandler.SignInAsync(principal, properties);
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs#L142

可能从Microsoft.AspNetCore.Http.Authentication.Internal DefaultAuthenticationManager

覆盖

public override async Task SignInAsync(string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (string.IsNullOrEmpty(authenticationScheme))
    {
        throw new ArgumentException(nameof(authenticationScheme));
    }

    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

#pragma warning disable CS0618 // Type or member is obsolete
    var handler = HttpAuthenticationFeature.Handler;
#pragma warning restore CS0618 // Type or member is obsolete

    var signInContext = new SignInContext(authenticationScheme, principal, properties?.Items);
    if (handler != null)
    {
        await handler.SignInAsync(signInContext);
    }

    if (!signInContext.Accepted)
    {
        throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}");
    }
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Http/Authentication/DefaultAuthenticationManager.cs#L133

“HTTPContext.SignInAsync”在幕后做了什么？

1 个答案: