Yu Cheng
Thursday, December 31, 2020
[.NET Core] ASP .NET Core 3.1 驗證與授權(四)-授權設定
授權(Authorization)
- 授權(Authorization): 界定用戶可存取資源範圍的程序。
Policy-based authorization
ASP .NET Core 的授權以政策 Policy 進行設定
自訂授權
RBAC
Name 記載使用者識別名稱(User Identity)
userData 記載以 | 分隔的使用者角色 Role
驗證與授權
Challenge、Forbid
中間件順序
先驗證、再授權 The Order of UseAuthentication、UseAuthorization
Reference
- MSDN - Principal and Identity Objects
- MSDN - IAuthenticationService Interface
- MSDN - AuthenticationService Class
- MSDN - Overview of ASP.NET Core Security
- MSDN - Overview of ASP.NET Core authentication
- MSDN - Policy-based authorization in ASP.NET Core
- MSDN - Microsoft.AspNetCore.Authentication.Cookies Namespace
- MSDN - Microsoft.AspNetCore.Authentication.JwtBearer Namespace
- [ASP.NET Core] 加上簡單的Cookie登入驗證
https://blog.johnwu.cc/article/ironman-day11-asp-net-core-cookies-session.html