|
|
说明
|
|
|
====
|
|
|
|
|
|
## 关于 共享框架
|
|
|
随着 .NET Core 3.0 的发布,许多 ASP.NET Core 程序集不再作为包发布到 NuGet。
|
|
|
相反,程序集包含在 Microsoft.AspNetCore.App 共享框架中,该框架随 .NET Core SDK 和运行时安装程序一起安装。
|
|
|
|
|
|
+ Web项目,一般自动包含 AspMicrosoft.AspNetCore.App 共享框架,即 共享框架由项目的Sdk属性(Microsoft.NET.Sdk.Web)自动引入
|
|
|
```xml
|
|
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
|
|
<!--共享项目由上面Sdk类型(Microsoft.NET.Sdk.Web)自动引入-->
|
|
|
<PropertyGroup>
|
|
|
<TargetFramework>net7.0</TargetFramework>
|
|
|
<Nullable>enable</Nullable>
|
|
|
<ImplicitUsings>enable</ImplicitUsings>
|
|
|
</PropertyGroup>
|
|
|
|
|
|
<ItemGroup>
|
|
|
<!--Nuget包引用-->
|
|
|
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.5" />
|
|
|
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
<ItemGroup>
|
|
|
<!--项目引用-->
|
|
|
<ProjectReference Include="..\xx.csproj" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
</Project>
|
|
|
```
|
|
|
+ 类库项目等,要手动引入(无法使用nuget包的方式引入)
|
|
|
```xml
|
|
|
<Project Sdk="Microsoft.NET.Sdk">
|
|
|
<PropertyGroup>
|
|
|
<TargetFramework>net7.0</TargetFramework>
|
|
|
<ImplicitUsings>enable</ImplicitUsings>
|
|
|
<Nullable>enable</Nullable>
|
|
|
</PropertyGroup>
|
|
|
|
|
|
<ItemGroup>
|
|
|
<!-- 手动引入共享框架(不指定版本,自动跟随项目版本),多目标项目,也可以使用变量根据目标选择引入-->
|
|
|
<FrameworkReference Include="Microsoft.AspNetCore.App" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
<ItemGroup>
|
|
|
<!--Nuget包引用-->
|
|
|
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.5" />
|
|
|
<PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
<ItemGroup>
|
|
|
<!--项目引用-->
|
|
|
<ProjectReference Include="..\xx.csproj" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
</Project>
|
|
|
```
|
|
|
```xml
|
|
|
<!-- 多目标示例-->
|
|
|
<Project Sdk="Microsoft.NET.Sdk">
|
|
|
|
|
|
<PropertyGroup>
|
|
|
<TargetFrameworks>netstandard2.0;netcoreapp3.0;netcoreapp3.1;net5.0;net6.0;net7.0</TargetFrameworks>
|
|
|
<PackageTags>aspnetcore;authentication;security;basicauth</PackageTags>
|
|
|
<Configurations>Debug;Release;CodeQL</Configurations>
|
|
|
</PropertyGroup>
|
|
|
|
|
|
<!-- netstandard2.0 版本引入老版本的包(Microsoft.AspNetCore.Authentication等) -->
|
|
|
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
|
|
|
<PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.0" />
|
|
|
<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.0" />
|
|
|
<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.0" />
|
|
|
</ItemGroup>
|
|
|
|
|
|
<!-- 高版本手动引入共享框架(Microsoft.AspNetCore.App),由共享框架引入模块 -->
|
|
|
<ItemGroup Condition="'$(TargetFramework)' != 'netstandard2.0'">
|
|
|
<FrameworkReference Include="Microsoft.AspNetCore.App" />
|
|
|
</ItemGroup>
|
|
|
</Project>
|
|
|
```
|
|
|
## 认证与授权实质关系
|
|
|
+ 认证与授权是两个独立的 `中间件`,通过请求上下文的 User 属性进行 “交互”;
|
|
|
+ 认证 -> 认证凭据放入 请求上下文(HttpContext)的User属性(实质是一个ClaimsPrincipal对象);
|
|
|
+ 授权 -> 先从请求上下文的User属性拿到凭据:ClaimsPrincipal, 然后进行权限判定;
|
|
|
|
|
|
## 认证使用方式
|
|
|
+ 配合授权一起使用:api控制器或方法上加特性[Authorize],由框架自动调用
|
|
|
+ 在Api方法内部调用 HttpContext 扩展方法: `var result = HttpContext.AuthenticateAsync();` 拿到认证结果,手动执行自己的逻辑。
|