问题
I am making a custom AuthenticationStateProvider to test in a Blazor app. I am worried that the new class won't have the same functionality as the AuthenticationStateProvider class because I'm not sure how AuthenticationStateProvider works. Below I posted my custom class. Could you please tell me if this is the accepted way of overrideing this class?
public class ServerAuthenticationStateProvider : AuthenticationStateProvider
{
string UserId;
string Password;
bool IsAuthenticated = false;
public void LoadUser(string _UserId, string _Password)
{
UserId = _UserId;
Password = _Password;
}
public async Task LoadUserData()
{
var securityService = new SharedServiceLogic.Security();
try
{
var passwordCheck = await securityService.ValidatePassword(UserId, Password);
IsAuthenticated = passwordCheck == true ? true : false;
}
catch(Exception ex)
{
Console.WriteLine(ex);
}
}
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var userService = new UserService();
var identity = IsAuthenticated
? new ClaimsIdentity(await userService.GetClaims(UserId))
: new ClaimsIdentity();
var result = new AuthenticationState(new ClaimsPrincipal(identity));
return result;
}
}
回答1:
Question:
How does blazor detect authorized / notautorized
Answer:
This is one of the constructors for ClaimsIdentity:
public ClaimsIdentity (
System.Collections.Generic.IEnumerable<System.Security.Claims.Claim> claims,
string authenticationType);
To set as authenticated, just send a value to authenticationType, quoting docs:
IsAuthenticatedNote: When accessed, the value of the IsAuthenticated property is returned based on the value of the AuthenticationType property.
AuthorizeView component asks for IsAuthenticated.
Look this code from CustomAuthStateProvider sample:
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, "mrfibuli"),
}, "Fake authentication type");
For previous example, IsAuthenticated will be true because ClaimsIdentity constructor has "Fake authentication type" for authenticationType parameter.
Summarizing
If you create your identity including authenticationType parameter the user is authenticated. If you create your identity without authenticationType parameter, the user is not authenticated.
var userService = RequestMyUserService(user, password);
var identity = userService.IsValidUser
? new ClaimsIdentity(
new[] {new Claim(ClaimTypes.Name, "mrfibuli"),},
"My Custom User Service") // authenticated
: new ClaimsIdentity(); // not authenticated
...
More info at Claims-based authentication on Introduction to Authentication with ASP.NET Core.
来源:https://stackoverflow.com/questions/57599938/how-does-blazor-detect-authorized-notautorized