Tip I use names and passwords stored in the ASP.NET Identity database in this chapter. In Chapter 15, I demonstrate how ASP.NET Identity can be used to authenticate users with a service from Google (Identity also supports authentication for Microsoft, Facebook, and Twitter accounts).
提示：本章会使用存储在ASP.NET Identity数据库中的用户名和口令。在第15章中将演示如何将ASP.NET Identity用于认证享有Google服务的用户（Identity还支持对Microsoft、Facebook以及Twitter账号的认证）。

14.2.1 Understanding the Authentication/Authorization Process
14.2.1 理解认证/授权过程

The ASP.NET Identity system integrates into the ASP.NET platform, which means you use the standard MVC framework techniques to control access to action methods, such as the Authorize attribute. In this section, I am going to apply basic restrictions to the Index action method in the Home controller and then implement the features that allow users to identify themselves so they can gain access to it. Listing 14-1 shows how I have applied the Authorize attribute to the Home controller.
ASP.NET Identity系统集成到了ASP.NET平台，这意味着你可以使用标准的MVC框架技术来控制对动作方法的访问，例如使用Authorize注解属性。在本小节中，我打算在Home控制中的Index动作方法上运用基本的限制，然后实现让用户对自己进行标识，以使他们能够访问。清单14-1演示了如何将Authorize注解属性运用于Home控制器。

Listing 14-1. Securing the Home Controller
清单14-1. 实施Home控制器的安全

using System.Web.Mvc; using System.Collections.Generic;
namespace Users.Controllers {
public class HomeController : Controller {
[Authorize] public ActionResult Index() { Dictionary<string, object> data = new Dictionary<string, object>(); data.Add("Placeholder", "Placeholder"); return View(data); } } }

Using the Authorize attribute in this way is the most general form of authorization and restricts access to the Index action methods to requests that are made by users who have been authenticated by the application.
这种方式使用Authorize注解属性是授权的最一般形式，它限制了对Index动作方法的访问，由用户发送给该动作方法的请求必须是应用程序已认证的用户。

If you start the application and request a URL that targets the Index action on the Home controller (/Home/Index, /Home, or just /), you will see the error shown by Figure 14-1.
如果启动应用程序，并请求以Home控制器中Index动作为目标的URL（/Home/Index、/Home或/），将会看到如图14-1所示的错误。

Figure 14-1. Requesting a protected URL
图14-1. 请求一个受保护的URL

The ASP.NET platform provides some useful information about the user through the HttpContext object, which is used by the Authorize attribute to check the status of the current request and see whether the user has been authenticated. The HttpContext.User property returns an implementation of the IPrincipal interface, which is defined in the System.Security.Principal namespace. The IPrincipal interface defines the property and method shown in Table 14-3.
ASP.NET平台通过HttpContext对象提供一些关于用户的有用信息，该对象由Authorize注解属性使用的，以检查当前请求的状态，考察用户是否已被认证。HttpContext.User属性返回的是IPrincipal接口的实现，该接口是在System.Security.Principal命名空间中定义的。IPrincipal接口定义了如表14-3所示的属性和方法。

Table 14-3. The Members Defined by the IPrincipal Interface
表14-3. IPrincipal接口所定义的成员

Name
名称 Description
描述

Identity Returns an implementation of the IIdentity interface that describes the user associated with the request.
返回IIdentity接口的实现，它描述了与请求相关联的用户

IsInRole(role) Returns true if the user is a member of the specified role. See the “Authorizing Users with Roles” section for details of managing authorizations with roles.
如果用户是指定角色的成员，则返回true。参见“以角色授权用户”小节，其中描述了以角色进行授权管理的细节

The implementation of IIdentity interface returned by the IPrincipal.Identity property provides some basic, but useful, information about the current user through the properties I have described in Table 14-4.
由IPrincipal.Identity属性返回的IIdentity接口实现通过一些属性提供了有关当前用户的一些基本却有用的信息，表14-4描述了这些属性。

Table 14-4. The Properties Defined by the IIdentity Interface
表14-4. IIdentity接口定义的属性

Name
名称 Description
描述

AuthenticationType Returns a string that describes the mechanism used to authenticate the user
返回一个字符串，描述了用于认证用户的机制

IsAuthenticated Returns true if the user has been authenticated
如果用户已被认证，返回true。

Name Returns the name of the current user
返回当前用户的用户名