Getting Started with Identity in ASP.NET Core

Preface

In ASP.NET Core, the Identity component library in ASP.NET is still used, which is responsible for authenticating the user's identity. Generally speaking, there is noMVC 5 is so complicated. Because OWIN was introduced in MVC 5, many beginners have a hard time learning it. They are all confused about Identity, including me. I used to learn identity before and after. It took more than a month to understand the principles inside. Therefore, most developers have no love for Identity and do not use it. They feel kidnapped.

Fortunately, in ASP.NET Core, due to the gradually clear abstraction of modules and the use of middleware, this makes the learning and use route of Identity become more clear. It’s approachable, let’s take a look.

Getting Started

Before we begin, let us forget its relationship with Entity Framework and its relationship with Authentication, we Learn a few English words first.

There are so many "words" that you may need to figure out:

# 1: Claims

Everyone should know You know what the ID card looks like, as follows:

Among them, Name: Obama; Gender: Male; Nationality: Kenya; Birth: 1961.08.04, etc. These identity information can be seen that they are all key-value pairs, then if we want to How to store these things and design them? Yes, you may have thought of using a dictionary for storage, a Key, and a Value just meet the needs. But Key and Value feel unfriendly and not very object-oriented, so wouldn't it be better if we made it an object? At least you can use the smart prompt of vs. Let's modify it and change it to the following:

//我给对象取一个名字叫`Claim`你没有意见吧
public class Claim
{
    public string ClaimType { get; set; }

    public string ClaimValue { get; set; }
}

ClaimType is the Key, and ClaimValue represents a Value. In this case, just

a

key-value pair can be stored. At this time, Name: Obama can be deposited. The people at Microsoft are very considerate and have prepared some default

ClaimType

for us? Many commonly used ones are in it, let’s take a look:

Here is an extension of the first knowledge point: ClaimTypes

For Reading experience, I only included part of the screenshot. You can see the commonly used ones such as Name,

Email

, Gender, MobilePhone, etc., and there are many others. Careful readers may have noticed that its namespace is System.Security.Claims, which means that this thing is part of the .net framework, um, That's all we need to know for now. Claim

Introduction

is over, is it very simple? I don’t care how it is translated in other places. In this article, it is called “Document Unit”.

# 2: ClaimsIdentity

After having the "

Document Unit

", we can use it to create an ID card, then How should it be made? Some students may have thought of it, yes, just create a new object, and then transfer the ID card unit into the constructor, and then you will get an ID card. We give this ID card an English name "ClaimsIdentity". This name seems quite suitable. It has both Claims to represent its components and Identity to represent its purpose. It is very A satisfying name. Actually, in real life, part of the information on our ID cards is hidden, and part of it can be directly seen. For example, you cannot see your fingerprint information stored in the new generation of ID cards. These are all stored in the chip inside the ID card. What you can see is your name, age, etc. The same is true when we design an object. We need to expose something, so here our ClaimsIdentity exposes a Name, Label, etc.

我们造的身份证（ClaimsIdentity）还有一个重要的属性就是类型（AuthenticationType），等等，AuthenticationType是什么东西？看起来有点眼熟的样子。我们知道我们自己的身份证是干嘛的吧，就是用来证明我们的身份的，在你证明身份出示它的时候，其实它有很多种形式载体的，什么意思呢？比如你可以直接拿出实体形式的身份证，那也可以是纸张形式的复印件，也可以是电子形式的电子码等等，这个时候就需要有一个能够表示其存在形式的类型字段，对，这个AuthenticationType就是干这个事情的。

然后我们在给我们的身份证添加一些润色，让其看起来好看，比如提供一些方法添加 Claims 的，删除 Claims的，写到二进制流里面的啊等等，最终我们的身份证对象看起来基本上是这样了：

public class ClaimsIdentity
{
    public ClaimsIdentity(IEnumerable<Claim> claims){}
    
    //名字这么重要，当然不能让别人随便改啊，所以我不许 set，除了我儿子跟我姓，所以是 virtual 的
    public virtual string Name { get; }
    public string Label { get; set; }
    
    //这是我的证件类型，也很重要，同样不许 set
    public virtual string AuthenticationType { get; }
    
    public virtual void AddClaim(Claim claim);
    
    public virtual void RemoveClaim(Claim claim);
    
    public virtual void FindClaim(Claim claim);
}

嗯，到这里，我们的身份证看起来似乎很完美了，但是从面向对象的角度来说好像还少了点什么东西？ 对~，还是抽象，我们需要抽象出来一个接口来进行一些约束，约束什么呢？既然作为一个证件，那么肯定会涉及到这几个属性信息：
1、名字。2、类型。3、证件是否合法。
反应到接口里面的话就是如下，我们给接口取个名字叫：“身份(IIdentity)”：

这里延伸第二个知识点：IIdentity接口。

// 定义证件对象的基本功能。
public interface IIdentity
{
    //证件名称
    string Name { get; }
    
    // 用于标识证件的载体类型。
    string AuthenticationType { get; }
    
    //是否是合法的证件。
    bool IsAuthenticated { get; }
}

所以我们的 ClaimsIdentity 最终看起来定义就是这样的了：

public class ClaimsIdentity : IIdentity
{
    //......
}

ClaimsIdentity 介绍完毕，是不是发现也很简单，其他地方怎么翻译我不管，在本篇文章里面，它叫 “身份证”。

# 3： ClaimsPrincipal

有了身份证，我们就能证明我就是我了，有些时候一个人有很多张身份证，你猜这个人是干嘛的？ 对，不是黄牛就是诈骗犯。

但是，有些时候一个人还有其他很多种身份，你猜这个人是干嘛的？这就很正常了对不对，比如你可以同时是一名教师，母亲，商人。如果你想证明你同时有这几种身份的时候，你可能需要出示教师证，你孩子的出生证，法人代表的营业执照证。

在程序中，一个身份证不仅仅代表你这个人了，而是代表一个身份，是证明你自己的主要身份哦。如果一个人还有其他很多种身份，这个时候就需要有一个东西（载体）来携带着这些证件了对吧？OK，我们给需要携带证件的这个对象取一个贴切点的名字，叫“证件当事人（ClaimsPrincipal）”吧。

以下是 Principal 这个单词在词典给出的解释，我用它你应该没意见吧：

principal  ['prɪnsəpl]  
adj. 主要的；资本的
n. 首长；校长；资本；当事人

这个时候可能有同学会问了，是不是应该叫ClaimsIdentityPrincipal比较好呢？嗯，我也觉得应该叫 ClaimsIdentityPrincipal 可能更好一点，或许微软的人偷懒了，简写成了ClaimsPrincipal。

知道其功能后，代码就很好写了，和上面ClaimsIdentity一样的套路：

public class ClaimsPrincipal 
{
    //把拥有的证件都给当事人
    public ClaimsPrincipal(IEnumerable<ClaimsIdentity> identities){}
    
    //当事人的主身份呢
    public virtual IIdentity Identity { get; }
    
    public virtual IEnumerable<ClaimsIdentity> Identities { get; }
    
    public virtual void AddIdentity(ClaimsIdentity identity);
    
    //为什么没有RemoveIdentity ， 留给大家思考吧？
}

当时人看起来也几乎完美了，但是我们还需要对其抽象一下，抽象哪些东西呢？ 作为一个当事人，你应该有一个主身份吧，就是你的身份证咯，可能你还会用到角色（角色后面会详细介绍，这里你知道有这么个东西就行了）。

这里延伸第三个知识点：IPrincipal 接口。

public interface IPrincipal
{
    //身份
    IIdentity Identity { get; }
    
    //在否属于某个角色
    bool IsInRole(string role);
}

然后，我们的 证件当事人 看起来应该是这样的：

public class ClaimsPrincipal : IPrincipal 
{
   //...
}

ClaimsPrincipal 介绍完了，也很简单吧？ 其他地方怎么翻译我不管，在本篇文章里面，它叫 “证件当事人”。

想在，我们已经知道了 “证件单元（Claims）” ， “身份证（ClaimsIdentity）” ， “证件当事人（ClaimsPrincipal）”，并且整理清楚了他们之间的逻辑关系，趁热打铁，下面这个图是一个identity登入部分的不完全示意图，虚线圈出来的部分应该可以看懂了吧：

可以看出，首先我们在app这边有一些证件单元，然后调用ClaimsIdentity把证件单元初始化为一个身份证，然后再把身份证交给证件当事人由其保管。

才把 Getting Started 写完，发现已经这么长了，所以打算写成一个系列了，可能3 - 4篇吧。

Summary

Okay, this article will be introduced here first. In this blog, we have learned a few English words and know these English words. What kind of object does it play in the program? And according to the figure, we know where these objects are located in the entire authentication system. I found that if I want to explain identity clearly, this blog alone is not enough. In the next article, we will peel off the middleware of .NET Authentication until we have mastered the entire authentication system of .NET, and then we will come back. Let's take a look at the love-hate relationship between Identiy and Entity Framework.

This is just the beginning. If you think this blog is helpful to you, thank you for your [recommendation]. If you are interested in .NET Core, you can follow me. I will regularly share information about it on the blog. .NET Core learning experience.

The above is the detailed content of Getting Started with Identity in ASP.NET Core. For more information, please follow other related articles on the PHP Chinese website!