好的 - 所以我试图做一些类似 vimeo.com
的事情,只需输入密码就可以访问私人视频
,例如,如果你去这里:
https
://vimeo.com/392083444
你会得到一个简单的密码框并提交按钮
我得出的结论是使用声明
,因为用户是匿名的 - 我不想使用身份
,此外视频密码与视频元数据一起保存在数据库中
哦,顺便说一句,就像 vimeo 或 youtube -
有一个正确的身份设置 bc 配置文件由正确的身份登录管理
所以第一个问题是:
使用 ClaimsPrinciple 是最好的策略吗?
还是我赚的太多了?
我的意思是 pre-Core 我会使用 session vars 但现在核心不是这样
这是我到目前为止所得到的
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> LinkLogin([Bind("ID, Guid, Password")] LinkLoginVM vm)
{
if (String.IsNullOrEmpty(vm.Password))
{
return ViewComponent("Error", new { errorcode = 1});
}
var c = await db.Vids.SingleAsync(c => c.Guid == vm.Guid);
// create and add guid
if (ModelState.IsValid)
{
if (vm.Password == c.Password)
{
// give user a claim
ApplicationUser user = await um.GetUserAsync(HttpContext.User); <-- this doesnt really return anything
var claims = new List<Claim>() {
new Claim(ClaimTypes.Name, "Password Guest"),
new Claim(JwtRegisteredClaimNames.Sub, vm.Guid),
new Claim(JwtRegisteredClaimNames.AuthTime, DateTime.Now.ToString())
};
// not sure what im doing here
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
// await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProps);
await HttpContext.SignInAsync(new ClaimsPrincipal(claimsIdentity), authProps);
}
}
else
{
// put debugger here if problematic
Console.WriteLine("ERR: ModelState not valid");
var errors = ModelState
.Where(x => x.Value.Errors.Count > 0)
.Select(x => new { x.Key, x.Value.Errors })
.ToArray();
}
return RedirectToAction("Vids", new { id = vm.Guid });
}
在我的创业公司中,我确定我搞砸了——
因为我觉得我所有人都在阅读文章中的一堆意大利面条代码,
并且随着版本的不断变化,即使是一年前的一些文章也已经过时了
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = "/View/LinkLogin/";
options.LogoutPath = "/Account/Logout/";
//options.Cookie.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.Cookie.HttpOnly = true;
options.Cookie.SecurePolicy = environment.IsDevelopment() ? Microsoft.AspNetCore.Http.CookieSecurePolicy.None : Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(35);
//could be -
//options.LoginPath = "/Identity/Account/Login";
//options.LogoutPath = "/Identity/Account/Logout";
//options.AccessDeniedPath = "/Identity/Account/AccessDenied";
options.LoginPath = $"/Identity/Account/Login";
options.LogoutPath = $"/Identity/Account/Logout";
options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
options.SlidingExpiration = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0)
.AddRazorPagesOptions(options =>
{
// deprecated in3.1?
// options.AllowAreas = true;
options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
options.Conventions.AuthorizeFolder("/View");
});
然后稍后:
// routing and security
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
我引用了这些文章:
https ://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-3.1
https://www.yogihosting.com/aspnet-core-identity-声明/
https://www.red-gate.com/simple-talk/dotnet/net-development/using-auth-cookies-in-asp-net-core/
索赔得到处理,但它们没有被存储如果
是的话,甚至可以与匿名用户一起存储这些索赔,
我应该在哪里与匿名用户一起寻找它们?
如果没有,我接下来应该做什么?