The arguments to the SignIn method are an AuthenticationProperties object that configures the authentication process and the ClaimsIdentity object. I set the IsPersistent property defined by the AuthenticationProperties object to true to make the authentication cookie persistent at the browser, meaning that the user doesn’t have to authenticate again when starting a new session. (There are other properties defined by the AuthenticationProperties class, but the IsPersistent property is the only one that is widely used at the moment.)
SignIn方法的参数是一个AuthenticationProperties对象，用以配置认证过程以及ClaimsIdentity对象。我将AuthenticationProperties对象定义的IsPersistent属性设置为true，以使认证Cookie在浏览器中是持久化的，意即用户在开始新会话时，不必再次进行认证。（AuthenticationProperties类还定义了一些其他属性，但IsPersistent属性是此刻唯一要广泛使用的一个属性。）

The final step is to redirect the user to the URL they requested before the authentication process started, which I do by calling the Redirect method.
最后一步是将用户重定向到他们在认证过程开始之前所请求的URL，这是通过调用Redirect方法实现的。

CONSIDERING TWO-FACTOR AUTHENTICATION
考虑双因子认证

I have performed single-factor authentication in this chapter, which is where the user is able to authenticate using a single piece of information known to them in advance: the password.
在本章中，我实行的是单因子认证，在这种场合中，用户只需使用一个他们预知的单一信息片段：口令，便能够进行认证。

ASP.NET Identity also supports two-factor authentication, where the user needs something extra, usually something that is given to the user at the moment they want to authenticate. The most common examples are a value from a SecureID token or an authentication code that is sent as an e-mail or text message (strictly speaking, the two factors can be anything, including fingerprints, iris scans, and voice recognition, although these are options that are rarely required for most web applications).
ASP.NET Identity还支持双因子认证，在这种情况下，用户需要一些附加信息，通常是在他们需要认证时才发给他们的某种信息。最常用的例子是SecureID令牌的值，或者是通过E-mail发送的认证码或文本消息（严格地讲，第二因子可以是任何东西，包括指纹、眼瞳扫描、声音识别等，尽管这些是在大多数Web应用程序中很少需要用到的选项。）

Security is increased because an attacker needs to know the user’s password and have access to whatever provides the second factor, such an e-mail account or cell phone.
这样增加了安全性，因为攻击者需要知道用户的口令，并且能够对提供第二因子的客户端进行访问，如E-mail账号或移动电话等。

I don’t show two-factor authentication in the book for two reasons. The first is that it requires a lot of preparatory work, such as setting up the infrastructure that distributes the second-factor e-mails and texts and implementing the validation logic, all of which is beyond the scope of this book.
本章不演示双因子认证有两个原因。第一是它需要许多准备工作，例如要建立分发第二因子的邮件和文本的基础架构，并实现验证逻辑，这些都超出了本书的范围。

The second reason is that two-factor authentication forces the user to remember to jump through an additional hoop to authenticate, such as remembering their phone or keeping a security token nearby, something that isn’t always appropriate for web applications. I carried a SecureID token of one sort or another for more than a decade in various jobs, and I lost count of the number of times that I couldn’t log in to an employer’s system because I left the token at home.
第二个原因是双因子认证强制用户要记住一个额外的认证令牌，例如，要记住他们的电话，或者将安全令牌带在身边，这对Web应用程序而言，并非总是合适的。我十几年在各种工作中都带着这种或那种SecureID令牌，而且我有数不清的次数无法登录雇员系统，因为我将令牌丢在了家里。

If you are interested in two-factor security, then I recommend relying on a third-party provider such as Google for authentication, which allows the user to choose whether they want the additional security (and inconvenience) that two-factor authentication provides. I demonstrate third-party authentication in Chapter 15.
如果对双因子安全性有兴趣，那么我建议你依靠第三方提供器，例如Google认证，它允许用户选择是否希望使用双因子提供的附加安全性（而且是不方便的）。第15章将演示第三方认证。

To test user authentication, start the application and request the /Home/Index URL. When redirected to the /Account/Login URL, enter the details of one of the users I listed at the start of the chapter (for instance, the name joe and the password MySecret). Click the Log In button, and your browser will be redirected back to the /Home/Index URL, but this time it will submit the authentication cookie that grants it access to the action method, as shown in Figure 14-3.
为了测试用户认证，启动应用程序，并请求/Home/Index URL。当被重定向到/Account/Login URL时，输入本章开始时列出的一个用户的细节（例如，姓名为joe，口令为MySecret）。点击“Log In（登录）”按钮，你的浏览器将被重定向，回到/Home/Index URL，但这次它将递交认证Cookie，被准予访问该动作方法，如图14-3所示。

Figure 14-3. Authenticating a user
图14-3. 认证用户