HTTP基本认证

在HTTP中，HTTP基本认证（Basic Authentication）是一种允许网页浏览器或其他客户端程序以(用户名：口令) 请求资源的身份验证方式，不要求cookie,session identifier、login page等标记或载体。

- 所有浏览器据支持HTTP基本认证方式

- 基本身证原理不保证传输凭证的安全性，仅被based64编码，并没有encrypted或者hashed，一般部署在客户端和服务端互信的网络，在公网中应用BA认证通常与https结合

https://en.wikipedia.org/wiki/Basic_access_authentication

BA标准协议

BA认证协议的实施主要依靠约定的请求头/响应头，典型的浏览器和服务器的BA认证流程：

① 浏览器请求应用了BA协议的网站，服务端响应一个401认证失败响应码，并写入parison.InvariantCultureIgnoreCase) && password.Equals(authOptions.UserPwd); } }}// HTTP基本认证Middleware public static class BasicAuthentication { public static void UseBasicAuthentication(this IApplicationBuilder app) { app.UseMiddleware<BasicAuthenticationMiddleware>(); } }public class BasicAuthenticationMiddleware{ private readonly RequestDelegate _next; private readonly ILogger _logger; public BasicAuthenticationMiddleware(RequestDelegate next, ILoggerFactory LoggerFactory) { _next = next; _logger = LoggerFactory.CreateLogger<BasicAuthenticationMiddleware>(); } public async Task Invoke(HttpContext httpContext, IAuthenticationService authenticationService) { var authenticated = await authenticationService.AuthenticateAsync(httpContext, BasicAuthenticationScheme.DefaultScheme); _logger.LogInformation("Access Status：" + authenticated.Succeeded); if (!authenticated.Succeeded) { await authenticationService.ChallengeAsync(httpContext, BasicAuthenticationScheme.DefaultScheme, new AuthenticationProperties { }); return; } await _next(httpContext); }}// HTTP基本认证Middleware public static class BasicAuthentication { public static void UseBasicAuthentication(this IApplicationBuilder app) { app.UseMiddleware<BasicAuthenticationMiddleware>(); } }public class BasicAuthenticationMiddleware{ private readonly RequestDelegate _next; private readonly ILogger _logger; public BasicAuthenticationMiddleware(RequestDelegate next, ILoggerFactory LoggerFactory) { _next = next; _logger = LoggerFactory.CreateLogger<BasicAuthenticationMiddleware>(); } public async Task Invoke(HttpContext httpContext, IAuthenticationService authenticationService) { var authenticated = await authenticationService.AuthenticateAsync(httpContext, BasicAuthenticationScheme.DefaultScheme); _logger.LogInformation("Access Status：" + authenticated.Succeeded); if (!authenticated.Succeeded) { await authenticationService.ChallengeAsync(httpContext, BasicAuthenticationScheme.DefaultScheme, new AuthenticationProperties { }); return; } await _next(httpContext); }}

Startup.cs 文件添加并启用HTTP基本认证

services.AddAuthentication(BasicAuthenticationScheme.DefaultScheme) .AddScheme<BasicAuthenticationOption, BasicAuthenticationHandler>(BasicAuthenticationScheme.DefaultScheme,null);app.UseWhen( predicate:x => x.Request.Path.StartsWithSegments(new PathString(_protectedResourceOption.Path)), configuration:appBuilder => { appBuilder.UseBasicAuthentication()； } );

以上BA认证的服务端已经完成，现在可以在浏览器测试：

进一步思考？

浏览器在BA协议中行为： 编程实现BA客户端，要的同学可以直接拿去

/// <summary> /// BA认证请求Handler /// </summary> public class BasicAuthenticationClientHandler : HttpClientHandler { public static string BAHeaderNames = "authorization"; private RemoteBasicAuth _remoteAccount; public BasicAuthenticationClientHandler(RemoteBasicAuth remoteAccount) { _remoteAccount = remoteAccount; AllowAutoRedirect = false; UseCookies = true; } protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var authorization = $"{_remoteAccount.UserName}:{_remoteAccount.Password}"; var authorizationBased64 = "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(authorization)); request.Headers.Remove(BAHeaderNames); request.Headers.Add(BAHeaderNames, authorizationBased64); return base.SendAsync(request, cancellationToken); } } // 生成basic Authentication请求 services.AddHttpClient("eqid-ba-request", x => x.BaseAddress = new Uri(_proxyOption.Scheme +"://"+ _proxyOption.Host+":"+_proxyOption.Port ) ) .ConfigurePrimaryHttpMessageHandler(y => new BasicAuthenticationClientHandler(_remoteAccount){} ) .SetHandlerLifetime(TimeSpan.FromMinutes(2));仿BA认证协议中的浏览器行为

That's All . BA认证是随处可见的基础认证协议，本文期待以最清晰的方式帮助你理解协议:

实现了基本认证协议服务端，客户端；

到此这篇关于ASP.NET Core 实现基本认证的示例代码的文章就介绍到这了,更多相关ASP.NET Core基本认证内容请搜索以前的文章或继续浏览下面的相关文章希望大家以后多多支持！