Benutzerdefinierte ASP.Net-Kerndaten im Authentifizierungsticket

Question

Was ist die beste Vorgehensweise im ASP.Net-Kern zum Speichern eines benutzerdefinierten Authentifizierungstickets?

public static void SignIn(string username, bool persistent, long accountId) 
    { 
     const int version = 1; 
     DateTime issue = DateTime.Now; 
     DateTime expiration = issue.AddMonths(1); 
     string data = accountId.ToString(); 

     FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(version, username, issue, expiration, persistent, data); 
     HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); 

     if (persistent == true) 
      cookie.Expires = expiration; 

     HttpContext.Current.Response.Cookies.Add(cookie); 
    } 

Answer 1

In Startup-Klasse in configure-Methode IApplicationBuilder Anwendung:

application.CustomCookieAuthentication(login); 

Es erfordert einige Anpassungen je nach Ihrem eigenen Code
Mit anderen Worten, wie die folgenden in Bezug auf den MVC 6 zu erreichen, . Einige Klassenmethoden sollten abhängig von Ihrer Konfiguration auch durch Ihre eigenen ersetzt werden. Aber im allgemeinen Lösung ist klar, denke ich:

public static IApplicationBuilder CustomCookieAuthentication(this IApplicationBuilder application, string url) 
{ 
    if (application == null) 
     throw new ArgumentNullException(nameof(application)); 

    if (url == null) 
     throw new ArgumentNullException(nameof(url)); 

    IApplicationBuilder chain = application.UseCookieAuthentication(new CookieAuthenticationOptions 
    { 
     CookieName = SecurityExtensions.CookieName, 
     CookieHttpOnly = true, 
     CookieSecure = Configuration.Authentication.Cookie.Secure, 
     ExpireTimeSpan = TimeSpan.FromDays(30), 
     SlidingExpiration = true, 
     AutomaticAuthenticate = true, 
     AutomaticChallenge = true, 
     LoginPath = new PathString(url), 
     AccessDeniedPath = new PathString(url) 
    }); 

    return chain; 
} 

public static async Task Login(this HttpContext context, string username, Unique accountId, bool persistent) 
{ 
    await context.Logout(); 

    Claim id = new Claim(ClaimTypes.UserData, accountId.ToString()); 
    Claim version = new Claim(ClaimTypes.Version, SecurityExtensions.Version.ToString()); 
    ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { id, version }, SecurityExtensions.CookieName)); 

    DateTime utc = DateTime.UtcNow; 

    AuthenticationProperties properties = new AuthenticationProperties(); 
    properties.IssuedUtc = utc; 
    properties.IsPersistent = persistent; 

    if (persistent == true) 
     properties.ExpiresUtc = utc.AddYears(1); 

    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, properties); 
} 

public static async Task Logout(this HttpContext context) 
{ 
    await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); 

    ISession session = SecurityExtensions.GetSession(context); 
    session?.Clear(); 
}