ASP.NET团队已经发布了新的示例,展示如何使用身份包。它们包含在以下NuGet软件包中:Microsoft Asp.Net Identity Samples。
这些示例非常有帮助,但是与最初发布的模板中的操作方式相比,已经发生了大量变化。
我的具体问题是:在原始的SPA模板中,有以下代码:
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
...
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
但在新的NuGet包示例中,那段代码已经消失了,取而代之的是这段代码:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
有人可以帮我理解app.UseOAuthBearerTokens和app.UseCookieAuthentication之间的区别(以及为什么要进行此更改)吗?它们似乎都允许应用程序以相同的方式运行,我需要一些关于此更改的澄清。
谢谢...
-Ben