如果我们在RequireAuthenticatedUser 添加的授权要求的源代码.com/aspnet/AspNetCore/blob/c376e833e46497fbec4bd7b39632f8c8e13360b2/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs"rel =" nofollow noreferrer> https://github.com/aspnet/AspNetCore/blob/c3394ef3c/fbc4e8f3c8e8f3c8e8e8fc3e8e8e8e安全性/授权/核心/src/DenyAnonymousAuthorizationRequirement.cs :

If we check the source code for the authorization requirement that gets added by RequireAuthenticatedUser at https://github.com/aspnet/AspNetCore/blob/c376e833e46497fbec4bd7b39632f8c8e13360b2/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs:

var user = context.User;
var userIsAnonymous =
    user?.Identity == null ||
    !user.Identities.Any(i => i.IsAuthenticated);
    if (!userIsAnonymous)
    {
        context.Succeed(requirement);
    }

它添加了一个检查，确认用户必须具有身份，并且其中之一必须说出该用户已通过身份验证.

It adds a check that user must have an identity, and that one of them must say the user is authenticated.