feat: 更新.net版本，安全相关

2 years ago · 1ebd9e5d44
parent c65317f18f
commit 1ebd9e5d44
11 changed files with 47 additions and 14 deletions
--- a/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj
+++ b/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj
@ -8,6 +8,7 @@

  <ItemGroup>
 	<FrameworkReference Include="Microsoft.AspNetCore.App" />
+	<PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
    <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
  </ItemGroup>

--- a/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj
+++ b/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj
@ -9,6 +9,7 @@
  <ItemGroup>
 	<FrameworkReference Include="Microsoft.AspNetCore.App" />
    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="7.0.5" />
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
    <PackageReference Include="Microsoft.Extensions.Features" Version="7.0.5" />
    <PackageReference Include="UAParser" Version="3.1.47" />
  </ItemGroup>
--- a/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs
+++ b/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs
@ -46,7 +46,7 @@ namespace AuthStudy.Authentication.Browser

        private static IServiceCollection AddService(this IServiceCollection builder, BrowserAuthenticationOptions option)
        {
-            BrowserAuthenticationOptions defaultOption = option ?? new();
+            BrowserAuthenticationOptions defaultOption = option ?? new(){AllowBrowsers = BrowserAuthenticationDefault.AllowBrowsers};
            builder.AddSingleton(defaultOption);
            builder.AddSingleton<BrowserAuthenticationBaseHandler>();

--- a/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj
+++ b/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj
@ -10,6 +10,10 @@
 		<FrameworkReference Include="Microsoft.AspNetCore.App"></FrameworkReference>
 	</ItemGroup>

+	<ItemGroup>
+	  <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+	</ItemGroup>
+
 	<ItemGroup>
 	  <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
 	</ItemGroup>
--- a/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj
+++ b/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj
@ -6,4 +6,8 @@
    <Nullable>enable</Nullable>
  </PropertyGroup>

+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
 </Project>
--- a/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj
+++ b/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj
@ -6,6 +6,10 @@
    <Nullable>enable</Nullable>
  </PropertyGroup>

+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
  <ItemGroup>
    <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
  </ItemGroup>
--- a/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj
+++ b/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj
@ -6,6 +6,10 @@
    <Nullable>enable</Nullable>
  </PropertyGroup>

+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
  <ItemGroup>
    <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
  </ItemGroup>
--- a/AuthStudy.WebApp/AuthStudy.WebApp.csproj
+++ b/AuthStudy.WebApp/AuthStudy.WebApp.csproj
@ -8,6 +8,7 @@

  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.5" />
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
  </ItemGroup>

--- a/AuthStudy.WebApp/Controllers/AccountsController.cs
+++ b/AuthStudy.WebApp/Controllers/AccountsController.cs
@ -12,13 +12,14 @@ namespace AuthStudy.WebApp.Controllers
    [ApiController]
    public class AccountsController : ControllerBase
    {
-        public AccountsController()
+        private ILogger<AccountsController> _logger;
+        public AccountsController(ILogger<AccountsController> logger)
        {
-
+            _logger = logger;
        }

        //多特性是and特性内逗号分隔是or
-        //[Authorize]
+        [Authorize]
        //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BaseBrowserScheme)]
        //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BrowserScheme)]
        //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BasicScheme)]
@ -27,12 +28,22 @@ namespace AuthStudy.WebApp.Controllers
        [HttpGet]
        public async Task<IActionResult> GetAll()
        {
-            var dd = await HttpContext.AuthenticateAsync();
+            var authenticateResult = await HttpContext.AuthenticateAsync();
+            if (authenticateResult.Succeeded)
+            {
+                _logger.LogInformation("认证成功");
+            }
+            else
+            {
+                Response.StatusCode = 401;
+                _logger.LogInformation("认证失败");
+                return new ContentResult() { StatusCode = 401,Content=authenticateResult.Failure?.Message};
+            }

            //输出认证信息
            foreach (var claim in User.Claims)
            {
-                Console.WriteLine($"{claim.Type}={claim.Value}");
+                _logger.LogInformation($"{claim.Type}={claim.Value}");
            }

            List<AccountVM> accounts = new()
--- a/AuthStudy.WebApp/Program.cs
+++ b/AuthStudy.WebApp/Program.cs
@ -12,7 +12,7 @@ namespace AuthStudy.WebApp
        public static void Main(string[] args)
        {
            WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
-
+            
            // 添加服务到IoC容器
            builder.Services.AddControllers();
            // Swagger 注册
@ -48,8 +48,8 @@ namespace AuthStudy.WebApp
                            {
                                var claims = new[]
                                {
-                                    new Claim(ClaimTypes.NameIdentifier, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer),
-                                    new Claim(ClaimTypes.Name, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer)
+                                    new Claim(ClaimTypes.NameIdentifier, context.Username??"", ClaimValueTypes.String, context.Options.ClaimsIssuer),
+                                    new Claim(ClaimTypes.Name, context.Username??"", ClaimValueTypes.String, context.Options.ClaimsIssuer)
                                            };

                                context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
@ -78,11 +78,6 @@ namespace AuthStudy.WebApp
            app.MapControllers();

            app.Run();
-
-            void Test()
-            {
-                
-            }
        }
    }
 }
--- a/Docs/说明.md
+++ b/Docs/说明.md
@ -78,3 +78,11 @@
  </ItemGroup>
 </Project>
 ```
+## 认证与授权实质关系
+ 认证与授权是两个独立的 `中间件`，通过请求上下文的 User 属性进行 “交互”；
+ 认证 -> 认证凭据放入 请求上下文(HttpContext)的User属性(实质是一个ClaimsPrincipal对象)；
+ 授权 -> 先从请求上下文的User属性拿到凭据：ClaimsPrincipal， 然后进行权限判定；
+
+## 认证使用方式
+ 配合授权一起使用：api控制器或方法上加特性[Authorize],由框架自动调用
+ 在Api方法内部调用 HttpContext 扩展方法： `var result = HttpContext.AuthenticateAsync();` 拿到认证结果，手动执行自己的逻辑。