更新时间:2023-02-17 11:09:57
如果我们在
If we check the source code for the authorization requirement that gets added by RequireAuthenticatedUser
at https://github.com/aspnet/AspNetCore/blob/c376e833e46497fbec4bd7b39632f8c8e13360b2/src/Security/Authorization/Core/src/DenyAnonymousAuthorizationRequirement.cs:
var user = context.User;
var userIsAnonymous =
user?.Identity == null ||
!user.Identities.Any(i => i.IsAuthenticated);
if (!userIsAnonymous)
{
context.Succeed(requirement);
}
它添加了一个检查,确认用户必须具有身份,并且其中之一必须说出该用户已通过身份验证.
It adds a check that user must have an identity, and that one of them must say the user is authenticated.