问题描述
在 ASP.NET Core 中,您可以添加各种用于识别的服务:AddDefaultIdentity
、AddIdentity
和 AddIdentityCore
.
In ASP.NET Core, you can add various services for identification: AddDefaultIdentity
, AddIdentity
and AddIdentityCore
.
AddIdentity
和 AddIdentityCore
有什么区别?
推荐答案
AddIdentityCore
添加了用户管理操作所需的服务,例如创建用户、散列密码等.以下是相关的来源一个>:
AddIdentityCore
adds the services that are necessary for user-management actions, such as creating users, hashing passwords, etc. Here's the relevant source:
public static IdentityBuilder AddIdentityCore<TUser>(this IServiceCollection services, Action<IdentityOptions> setupAction)
where TUser : class
{
// Services identity depends on
services.AddOptions().AddLogging();
// Services used by identity
services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
// No interface for the error describer so we can add errors without rev'ing the interface
services.TryAddScoped<IdentityErrorDescriber>();
services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser>>();
services.TryAddScoped<UserManager<TUser>>();
...
}
本质上,这归结为注册 UserManager
的实例,但首先注册其所有依赖项.注册这些服务后,您可以从 DI 检索 UserManager
的实例并创建用户、设置密码、更改电子邮件等.
Essentially, this boils down to registering an instance of UserManager<TUser>
, but first registers all of its dependencies. With these services registered, you can retrieve an instance of UserManager<TUser>
from DI and create users, set passwords, change emails, etc.
AddIdentity
注册与 AddIdentityCore
相同的服务,但有一些额外的:
AddIdentity
registers the same services as AddIdentityCore
, with a few extras:
- 用于应用程序本身、外部登录(例如 Facebook 和 Google)和 2FA 的基于 Cookie 的身份验证方案.
SignInManager
,它作为一种编排器有效地位于UserManager
之上.例如,PasswordSignInAsync
使用UserManager
来检索用户、验证密码(如果已设置),然后负责创建 cookie.AddIdentity
本身也接受一个TRole
并注册支持角色所需的服务.
- Cookie-based authentication schemes for the application itself, external sign-in (e.g. Facebook and Google), and 2FA.
- The
SignInManager
, which effectively sits on top of theUserManager
as a sort of orchestrator. For example,PasswordSignInAsync
usesUserManager
to retrieve a user, verify the password (if set) and then takes care of cookie creation. AddIdentity
itself also takes aTRole
and registers the services that are necessary for supporting Roles.
这是 AddIdentity
来源 完整性:
public static IdentityBuilder AddIdentity<TUser, TRole>(this IServiceCollection services, Action<IdentityOptions> setupAction)
where TUser : class
where TRole : class
{
// Services used by identity
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
})
.AddCookie(IdentityConstants.ApplicationScheme, o =>
{
o.LoginPath = new PathString("/Account/Login");
o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = SecurityStampValidator.ValidatePrincipalAsync
};
})
.AddCookie(IdentityConstants.ExternalScheme, o =>
{
o.Cookie.Name = IdentityConstants.ExternalScheme;
o.ExpireTimeSpan = TimeSpan.FromMinutes(5);
})
.AddCookie(IdentityConstants.TwoFactorRememberMeScheme, o =>
{
o.Cookie.Name = IdentityConstants.TwoFactorRememberMeScheme;
o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = SecurityStampValidator.ValidateAsync<ITwoFactorSecurityStampValidator>
};
})
.AddCookie(IdentityConstants.TwoFactorUserIdScheme, o =>
{
o.Cookie.Name = IdentityConstants.TwoFactorUserIdScheme;
o.ExpireTimeSpan = TimeSpan.FromMinutes(5);
});
// Hosting doesn't add IHttpContextAccessor by default
services.AddHttpContextAccessor();
// Identity services
services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();
// No interface for the error describer so we can add errors without rev'ing the interface
services.TryAddScoped<IdentityErrorDescriber>();
services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>();
services.TryAddScoped<ITwoFactorSecurityStampValidator, TwoFactorSecurityStampValidator<TUser>>();
services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>();
services.TryAddScoped<UserManager<TUser>>();
services.TryAddScoped<SignInManager<TUser>>();
services.TryAddScoped<RoleManager<TRole>>();
...
}
这篇关于AddIdentity 与 AddIdentityCore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!