注：本文是【ASP.NET Identity系列教程】的第二篇。本系列教程详细、完整、深入地介绍了微软的ASP.NET Identity技术，描述了如何运用ASP.NET Identity实现应用程序的用户管理，以及实现应用程序的认证与授权等相关技术，译者希望本系列教程能成为掌握ASP.NET Identity技术的一份完整而有价值的资料。读者若是能够按照文章的描述，一边阅读、一边实践、一边理解，定能有意想不到的巨大收获！希望本系列博文能够得到广大园友的高度。

14 Applying ASP.NET Identity
14 运用ASP.NET Identity

In this chapter, I show you how to apply ASP.NET Identity to authenticate and authorize the user accounts created in the previous chapter. I explain how the ASP.NET platform provides a foundation for authenticating requests and how ASP.NET Identity fits into that foundation to authenticate users and enforce authorization through roles. Table 14-1 summarizes this chapter.
本章将演示如何将ASP.NET Identity用于对上一章中创建的用户账号进行认证与授权。我将解释ASP.NET平台对请求进行认证的基础，并解释ASP.NET Identity如何融入这种基础对用户进行认证，以及通过角色增强授权功能。表14-1描述了本章概要。

Table 14-1. Chapter Summary
表14-1. 本章概要

Problem
问题 Solution
解决方案 Listing
清单号

Prepare an application for user authentication.
准备用户认证的应用程序 Apply the Authorize attribute to restrict access to action methods and define a controller to which users will be redirected to provide credentials.
运用Authorize注解属性来限制对动作方法的访问，并定义一个对用户重定向的控制器，以便让用户提供凭据 1–4

Authenticate a user.
认证用户 Check the name and password using the FindAsync method defined by the user manager class and create an implementation of the IIdentity interface using the CreateIdentityMethod. Set an authentication cookie for subsequent requests by calling the SignIn method defined by the authentication manager class.
使用由用户管理器类定义的FindAsync方法检查用户名和口令，并使用CreateIdentityMethod创建一个IIdentity接口的实现。通过调用由认证管理器类定义的SignIn方法，设置后继请求的认证Cookie。 5

Prepare an application for role-based authorization.
准备基于角色授权的应用程序 Create a role manager class and register it for instantiation in the OWIN startup class.
创建一个角色管理器类，将其注册为OWIN启动类中的实例化 6–8

Create and delete roles.
创建和删除角色 Use the CreateAsync and DeleteAsync methods defined by the role manager class.
使用由角色管理器类定义的CreateAsync和DeleteAsync方法。 9–12

Manage role membership.
管理角色成员 Use the AddToRoleAsync and RemoveFromRoleAsync methods defined by the user manager class.
使用由用户管理器类定义的AddToRoleAsync和RemoveFromRoleAsync方法 13–15

Use roles for authorization.
使用角色进行授权 Set the Roles property of the Authorize attribute.
设置Authorize注解属性的Roles属性 16–19

Seed the database with initial content.
将初始化内容植入数据库 Use the database context initialization class.
使用数据库上下文的初始化类 20, 21

14.1 Preparing the Example Project
14.1 准备示例项目

In this chapter, I am going to continue working on the Users project I created in Chapter 13. No changes to the application components are required.
在本章，我打算继续沿用第13章所创建的Users项目，不需要修改该应用程序的组件。

14.2 Authenticating Users
14.2 认证用户

The most fundamental activity for ASP.NET Identity is to authenticate users, and in this section, I explain and demonstrate how this is done. Table 14-2 puts authentication into context.
ASP.NET Identity最基本的活动就是认证用户，在本小节中，我将解释并演示其做法。表14-2描述了认证的情形。

Table 14-2. Putting Authentication in Context
表14-2. 认证情形

Question
问题 Answer
回答

What is it?
什么是认证？ Authentication validates credentials provided by users. Once the user is authenticated, requests that originate from the browser contain a cookie that represents the user identity.
认证是验证用户提供的凭据。一旦用户已被认证，源自该浏览器的请求便会含有表示该用户标识的Cookie。

Why should I care?
为何要关心它？ Authentication is how you check the identity of your users and is the first step toward restricting access to sensitive parts of the application.
认证是你检查用户标识的办法，也是限制对应用程序敏感部分进行访问的第一步。

How is it used by the MVC framework?
如何在MVC框架中使用它？ Authentication features are accessed through the Authorize attribute, which is applied to controllers and action methods in order to restrict access to authenticated users.
认证特性是通过Authorize注解属性进行访问的，将该注解属性运用于控制器和动作方法，目的是将访问限制到已认证用户。