[authentication / authorization] customize an authentication handler

WeChat official account ： Fun programming ACE
Focus on understanding .NET Daily development skills . For source code , Please leave a message for the official account [ Source code ];

Review above

【 authentication / to grant authorization 】 Step by step to achieve a simple JWT authentication

---

Custom authentication CustomerAuthenticationHandler Use

In the last article, I demonstrated how to use .net core The built-in verification scheme -Bearer Authentication , This article uses a simple example to realize the custom authentication process .

Super clear Watch ~

First create a login service

There are three steps

1//Step1:  Login interface   You need to inject dependency in the built-in container 
 2public interface ICustomerAuthentication
 3{
 4        ...
 5}
 6
 7//  An instance of an interface 
 8public class CustomerAuthentication : ICustomerAuthentication
 9{
10   // Step2： Provide a login method 
11   public string Login(string userName, string password)
12   {
13
14   }
15}
16
17// Step3:  Container dependency injection 
18builder.Services.AddSingleton<ICustomerAuthentication,CustomerAuthentication>();

Login interface implementation

1//  It is equivalent to defining a set of user objects in memory   Simulate getting user objects from database queries   convenient check
 2private readonly IDictionary<string,string> users = new Dictionary<string,string>
 3{
 4    {"p1","a1"},
 5    {"p2","a2"},
 6};
 7//  Deposit token aggregate 
 8private readonly IDictionary<string,string> tokens = new Dictionary<string,string>();
 9public IDictionary<string,string> Tokens =>tokens; //  Implementation interface   And initialization 
10
11public string Login(string userName, string password)
12{
13   // check  The user really exists  
14   if(!users.Any(u=>u.Key==userName && u.Value==password))
15   {
16       return null;
17   }
18   // create token  Through one Guid  Type of data instead of token  Just for demonstration 
19   var token = new Guid().ToString();
20   tokens.Add(token,userName);
21   return token ;
22}

Create a custom CustomerAuthenticationHandler class

1public class CustomerAuthenticationHandler :AuthenticationHandler<BasicAuthenticationOptions>
2{
3   ...
4}

among CustomerAuthenticationHandler Need to inherit AuthenticationHandler Interface , This interface requires a for authentication Options Configuration class , So you need to define BasicAuthenticationOptions Inherit AuthenticationSchemeOptions

1public class BasicAuthenticationOptions :AuthenticationSchemeOptions
2{
3
4}

Realization HandleAuthenticateAsync Method

1protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 2        {
 3            // throw new NotImplementedException();
 4            if(!Request.Headers.ContainsKey("Authorization"))
 5            {
 6                return AuthenticateResult.Fail("UnAuthorized");
 7            }
 8
 9            //  Get the request header  Authorization Corresponding value
10            string authenticationHeader = Request.Headers["Authorization"];
11            if(string.IsNullOrEmpty(authenticationHeader))
12            {
13                return AuthenticateResult.Fail("UnAuthorized");
14            }
15            if(!authenticationHeader.StartsWith("Bearer",StringComparison.OrdinalIgnoreCase))
16            {
17                return AuthenticateResult.Fail("UnAuthorized");
18            }
19            //  obtain token
20            string token = authenticationHeader.Substring("bearer".Length).Trim();
21            if(string.IsNullOrEmpty(token))
22            {
23                return AuthenticateResult.Fail("UnAuthorized");
24            }
25
26            try
27            {
28                //  verification token  Call the following ValidateToken()  This method 
29                return ValidateToken(token);
30            }
31            catch (System.Exception ex)
32            {
33                //  Log 
34                return AuthenticateResult.Fail("UnAuthorized");
35            }
36        }
37
38private AuthenticateResult ValidateToken(string token)
39        {
40           var validateToken = _customerAuthentication.Tokens.FirstOrDefault(t=>t.Key ==token);
41           if(validateToken.Key is null )
42           {
43               return AuthenticateResult.Fail("UnAuthorized");
44           }
45           var claims = new List<Claim>
46           {
47               new Claim(ClaimTypes.Name,validateToken.Value)
48           };
49
50           var identity = new ClaimsIdentity(claims,Scheme.Name);
51           var principle = new GenericPrincipal(identity,null);
52           var ticket = new AuthenticationTicket(principle,Scheme.Name);
53           return AuthenticateResult.Success(ticket);
54        }

This method returns a AuthenticateResult Type to indicate whether the authentication is successful , If it works , This bill needs to be returned to the user .
So why do you need bills ？ Because we are Http Under the transmission protocol , You need to ensure the security of the content attached to the request header or request parameters , So we need to principal The object is wrapped in AuthenticationTicket object , In the latter, we can add some security configurations .

DI Registered certification services in

1//  Custom validation   Named a  test  Of Scheme programme 
2builder.Services.AddAuthentication("test") 
3    .AddScheme<BasicAuthenticationOptions,CustomerAuthenticationHandler>("test",null);

PS: This article is contributed by community fans ~