在一行ASP.NET Core 2.2中同时使用身份验证和Cookie验证

时间:2019-09-18 08:31:52

标签: c# asp.net authentication asp.net-identity asp.net-core-2.2

我正在设置一个新的ASP.NET Core 2.2 Web应用程序。我想连续使用两个单独的身份验证过程。首先,您注册为公司时,整个公司只有一个注册数据,因此每个员工的注册数据都相同。在“公司区域”中输入后,将出现每个员工的实际登录屏幕。

对于公司登录,我想使用身份验证。 对于员工的第二次身份验证过程,我想使用cookie身份验证,以便员工可以轻松登录和注销,但仍在其“公司环境”中。

有人知道如何配置这两个身份验证过程,以便我可以连续使用它们吗?

public void ConfigureServices(IServiceCollection services)
        {
            // 1. Authentication for the companies (tenants)
            services.AddIdentity<Tenant, Role>(options =>
                {
                    // Password settings.
                    options.Password.RequireDigit = false;
                    options.Password.RequireLowercase = true;
                    options.Password.RequireNonAlphanumeric = true;
                    options.Password.RequireUppercase = true;
                    options.Password.RequiredLength = 8;
                    options.Password.RequiredUniqueChars = 1;

                    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
                    options.Lockout.MaxFailedAccessAttempts = 10;
                    options.Lockout.AllowedForNewUsers = true;

                    options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
                    options.User.RequireUniqueEmail = true;
                })
                .AddEntityFrameworkStores<MyDataContext>()
                .AddDefaultTokenProviders();

            services.ConfigureApplicationCookie(options =>
                {
                    options.Cookie.HttpOnly = true;
                    options.ExpireTimeSpan = TimeSpan.FromMinutes(5);

                    options.LoginPath = "/Identity/Account/Login";
                    options.LogoutPath = "/Identity/Account/Logout";
                    options.AccessDeniedPath = "/Identity/Account/AccessDenied";
                    options.SlidingExpiration = true;
                });


            // 2. Authentication for the employees (users)
            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                {
                    options.Cookie.HttpOnly = true;
                    options.ExpireTimeSpan = TimeSpan.FromMinutes(5);

                    options.LoginPath = "/Users/Login";
                    options.LogoutPath = "/Users/Logout";
                    options.AccessDeniedPath = "/Users/AccessDenied";
                    options.SlidingExpiration = true;

                    options.EventsType = typeof(CustomCookieAuthenticationEvents);
                });

            services.AddScoped<CustomCookieAuthenticationEvents>();



            services.AddMvc(config =>
                {
//little trial two add both schemes to the AuthorizationPolicyBuilder, but does not really work... 
                    var policy = new AuthorizationPolicyBuilder(IdentityConstants.ApplicationScheme, CookieAuthenticationDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build(); // 1.Tenants, 2.User
                    config.Filters.Add(new AuthorizeFilter(policy));
                })
            .SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}

直到现在,仅出现租户(公司-身份)的登录屏幕。它不会强迫我也以用户身份登录(员工-Cookie身份验证)。 非常感谢。

0 个答案:

没有答案
相关问题
最新问题