在ASP.NET Core中,您可以添加各种标识服务: AddDefaultIdentity , AddIdentity 和 AddIdentityCore 。
In ASP.NET Core, you can add various services for identification: AddDefaultIdentity, AddIdentity and AddIdentityCore.
AddIdentity 和 AddIdentityCore ?
推荐答案AddIdentityCore 添加了用户管理操作所需的服务,例如创建用户,哈希密码等。这是相关的源:
AddIdentityCore adds the services that are necessary for user-management actions, such as creating users, hashing passwords, etc. Here's the relevant source:
public static IdentityBuilder AddIdentityCore<TUser>(this IServiceCollection services, Action<IdentityOptions> setupAction) where TUser : class { // Services identity depends on services.AddOptions().AddLogging(); // Services used by identity services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>(); services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>(); services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>(); services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>(); // No interface for the error describer so we can add errors without rev'ing the interface services.TryAddScoped<IdentityErrorDescriber>(); services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser>>(); services.TryAddScoped<UserManager<TUser>>(); ... }从本质上讲,这归结为注册 UserManager< TUser> 的实例,但首先注册其所有依赖项。注册这些服务后,您可以从DI中检索 UserManager< TUser> 的实例并创建用户,设置密码,更改电子邮件等。
Essentially, this boils down to registering an instance of UserManager<TUser>, but first registers all of its dependencies. With these services registered, you can retrieve an instance of UserManager<TUser> from DI and create users, set passwords, change emails, etc.
AddIdentity 注册与 AddIdentityCore 相同的服务,还有一些额外功能:
AddIdentity registers the same services as AddIdentityCore, with a few extras:
- 针对应用程序本身,外部登录(例如Facebook和Google)和2FA的基于Cookie的身份验证方案。
- SignInManager 实际上是作为协调器位于 UserManager 之上的。例如, PasswordSignInAsync 使用 UserManager 来检索用户,验证密码(如果设置),然后处理cookie。
- AddIdentity 本身也需要 Trole 并注册服务是支持角色所必需的。
- Cookie-based authentication schemes for the application itself, external sign-in (e.g. Facebook and Google), and 2FA.
- The SignInManager, which effectively sits on top of the UserManager as a sort of orchestrator. For example, PasswordSignInAsync uses UserManager to retrieve a user, verify the password (if set) and then takes care of cookie creation.
- AddIdentity itself also takes a TRole and registers the services that are necessary for supporting Roles.
这是 AddIdentity 源:完整性:
public static IdentityBuilder AddIdentity<TUser, TRole>(this IServiceCollection services, Action<IdentityOptions> setupAction) where TUser : class where TRole : class { // Services used by identity services.AddAuthentication(options => { options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme; options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme; options.DefaultSignInScheme = IdentityConstants.ExternalScheme; }) .AddCookie(IdentityConstants.ApplicationScheme, o => { o.LoginPath = new PathString("/Account/Login"); o.Events = new CookieAuthenticationEvents { OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync }; }) .AddCookie(IdentityConstants.ExternalScheme, o => { o.Cookie.Name = IdentityConstants.ExternalScheme; o.ExpireTimeSpan = TimeSpan.FromMinutes(5); }) .AddCookie(IdentityConstants.TwoFactorRememberMeScheme, o => { o.Cookie.Name = IdentityConstants.TwoFactorRememberMeScheme; o.Events = new CookieAuthenticationEvents { OnValidatePrincipal = SecurityStampValidator.ValidateAsync<ITwoFactorSecurityStampValidator> }; }) .AddCookie(IdentityConstants.TwoFactorUserIdScheme, o => { o.Cookie.Name = IdentityConstants.TwoFactorUserIdScheme; o.ExpireTimeSpan = TimeSpan.FromMinutes(5); }); // Hosting doesn't add IHttpContextAccessor by default services.AddHttpContextAccessor(); // Identity services services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>(); services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>(); services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>(); services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>(); services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>(); // No interface for the error describer so we can add errors without rev'ing the interface services.TryAddScoped<IdentityErrorDescriber>(); services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>(); services.TryAddScoped<ITwoFactorSecurityStampValidator, TwoFactorSecurityStampValidator<TUser>>(); services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>(); services.TryAddScoped<UserManager<TUser>>(); services.TryAddScoped<SignInManager<TUser>>(); services.TryAddScoped<RoleManager<TRole>>(); ... }更多推荐
AddIdentity与AddIdentityCore
发布评论