Dogodek
Power BI DataViz Svetovno prvenstvo
14. feb., 16h - 31. mar., 16h
S 4 možnosti za vstop, bi lahko zmagal konferenčni paket in da bi bilo v ŽIVO Grand Finale v Las Vegasu
Več informacijUse social sign-in provider authentication without ASP.NET Core Identity
By Kirk Larkin and Rick Anderson
Using external login providers with Identity in ASP.NET Core describes how to enable users to sign in using OAuth 2.0 with credentials from external authentication providers. The approach described in that article includes ASP.NET Core Identity as an authentication provider.
This sample demonstrates how to use an external authentication provider without ASP.NET Core Identity. This approach is useful for apps that don't require all of the features of ASP.NET Core Identity, but still require integration with a trusted external authentication provider.
This sample uses Google authentication for authenticating users. Using Google authentication shifts many of the complexities of managing the sign-in process to Google. To integrate with a different external authentication provider, see the following articles:
In Program.cs, configure the app's authentication schemes with the AddAuthentication, AddCookie, and AddGoogle methods:
C#
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.Google;
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options =>
{
options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
});
builder.Services.AddRazorPages();
The call to AddAuthentication sets the app's DefaultScheme. The DefaultScheme is the default scheme used by the following HttpContext authentication extension methods:
Setting the app's DefaultScheme to CookieAuthenticationDefaults.AuthenticationScheme ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's DefaultChallengeScheme to GoogleDefaults.AuthenticationScheme ("Google") configures the app to use Google as the default scheme for calls to ChallengeAsync. DefaultChallengeScheme overrides DefaultScheme. See AuthenticationOptions for more properties that override DefaultScheme when set.
In Program.cs, call UseAuthentication and UseAuthorization. This middleware combination sets the HttpContext.User property and runs the Authorization Middleware for requests:
C#
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
To learn more about authentication schemes, see Authentication Concepts. To learn more about cookie authentication, see Use cookie authentication without ASP.NET Core Identity.
Test the app's authentication configuration by applying the [Authorize] attribute to a controller, action, or page. The following code limits access to the Privacy page to users that have been authenticated:
C#
[Authorize]
public class PrivacyModel : PageModel
{
}
SaveTokens defines whether access and refresh tokens should be stored in the AuthenticationProperties after a successful authorization. SaveTokens is set to false by default to reduce the size of the final authentication cookie.
To save access and refresh tokens after a successful authorization, set SaveTokens to true in Program.cs:
C#
builder.Services
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options =>
{
options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
options.SaveTokens = true;
});
To retrieve a saved token, use GetTokenAsync. The following example retrieves the token named access_token:
C#
public async Task OnGetAsync()
{
var accessToken = await HttpContext.GetTokenAsync(
GoogleDefaults.AuthenticationScheme, "access_token");
// ...
}
To sign out the current user and delete their cookie, call SignOutAsync. The following code adds a Logout page handler to the Index page:
C#
public class IndexModel : PageModel
{
public async Task<IActionResult> OnPostLogoutAsync()
{
// using Microsoft.AspNetCore.Authentication;
await HttpContext.SignOutAsync();
return RedirectToPage();
}
}
Notice that the call to SignOutAsync doesn't specify an authentication scheme. The app uses the DefaultScheme, CookieAuthenticationDefaults.AuthenticationScheme, as a fallback.
Using external login providers with Identity in ASP.NET Core describes how to enable users to sign in using OAuth 2.0 with credentials from external authentication providers. The approach described in that article includes ASP.NET Core Identity as an authentication provider.
This sample demonstrates how to use an external authentication provider without ASP.NET Core Identity. This approach is useful for apps that don't require all of the features of ASP.NET Core Identity, but still require integration with a trusted external authentication provider.
This sample uses Google authentication for authenticating users. Using Google authentication shifts many of the complexities of managing the sign-in process to Google. To integrate with a different external authentication provider, see the following articles:
In the ConfigureServices method, configure the app's authentication schemes with the AddAuthentication, AddCookie, and AddGoogle methods:
C#
public void ConfigureServices(IServiceCollection services)
{
// requires
// using Microsoft.AspNetCore.Authentication.Cookies;
// using Microsoft.AspNetCore.Authentication.Google;
// NuGet package Microsoft.AspNetCore.Authentication.Google
services
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options =>
{
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
});
services.AddRazorPages();
}
The call to AddAuthentication sets the app's DefaultScheme. The DefaultScheme is the default scheme used by the following HttpContext authentication extension methods:
Setting the app's DefaultScheme to CookieAuthenticationDefaults.AuthenticationScheme ("Cookies") configures the app to use Cookies as the default scheme for these extension methods. Setting the app's DefaultChallengeScheme to GoogleDefaults.AuthenticationScheme ("Google") configures the app to use Google as the default scheme for calls to ChallengeAsync. DefaultChallengeScheme overrides DefaultScheme. See AuthenticationOptions for more properties that override DefaultScheme when set.
In Startup.Configure, call UseAuthentication and UseAuthorization between calling UseRouting and UseEndpoints. This middleware combination sets the HttpContext.User property and runs the Authorization Middleware for requests:
C#
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
});
To learn more about authentication schemes, see Authentication Concepts. To learn more about cookie authentication, see Use cookie authentication without ASP.NET Core Identity.
Test the app's authentication configuration by applying the [Authorize] attribute to a controller, action, or page. The following code limits access to the Privacy page to users that have been authenticated:
C#
[Authorize]
public class PrivacyModel : PageModel
{
}
To sign out the current user and delete their cookie, call SignOutAsync. The following code adds a Logout page handler to the Index page:
C#
public class IndexModel : PageModel
{
public async Task<IActionResult> OnPostLogoutAsync()
{
await HttpContext.SignOutAsync();
return RedirectToPage();
}
}
Notice that the call to SignOutAsync doesn't specify an authentication scheme. The app's DefaultScheme of CookieAuthenticationDefaults.AuthenticationScheme is used as a fallback.
Sodelujte z nami v storitvi GitHub
Vir za to vsebino najdete v storitvi GitHub, kjer lahko tudi ustvarite in pregledate težave in zahtevke za uveljavitev sprememb. Če želite več informacij, glejte naš vodnik za sodelavce.
Povratne informacije o izdelku ASP.NET Core
ASP.NET Core je odprtokodni projekt. Izberite povezavo za pošiljanje povratnih informacij:
Dodatni viri
Usposabljanje
Modul
Secure a .NET web app with the ASP.NET Core Identity framework - Training
Learn how to add authentication and authorization to a .NET web app using the ASP.NET Core Identity framework.
Potrdilo
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Dokumentacija
-
Community OSS authentication options for ASP.NET Core
Discover open-source authentication options for ASP.NET Core.
-
Using external login providers with Identity in ASP.NET Core
Create an ASP.NET Core app using Identity with external authentication providers such as Facebook, Twitter, Google, and Microsoft.
-
Identity management solutions for .NET web apps
A list of available products, packages, and services that enable identity management, including authentication and authorization, for ASP.NET Core web apps.
-
Choose an identity management solution
A guide to help choose the right identity management solution for a secure .NET web app.