--
/// <summary>
/// Controls the behavior of authentication middleware
/// </summary>
public enum AuthenticationMode
{
/// <summary>
/// In Active mode the authentication middleware will alter the user identity as the request arrives, and
/// will also alter a plain 401 as the response leaves.
/// 在Active 模式下 身份验证中间件在请求到达时会修改用户标识, 也会在响应结束修改401状态。
/// </summary>
Active,
/// <summary>
/// In Passive mode the authentication middleware will only provide user identity when asked, and will only
/// alter 401 responses where the authentication type named in the extra challenge data.
/// 在 Passive(被动)模式下 身份验证中间件只会在要求时提供用户标识,也只有在在验证类型在质询数据中时修改401响应。
/// </summary>
Passive
//If Active the authentication middleware alters the requested user coming in and returns 401 Unauthorized responses going out.
//If Passive the authentication middleware will only provide identity and alter responses when explicitly indicated by the AuthenticationType.
/*
Active vs Passive authentication middleware
One question that arises — if the new templates have multiple OWIN authentication middleware configured,
then which one is really used? Well, OWIN authentication middleware has the concept of passive vs.active.
Active middleware always look at every incoming request and attempt to authenticate the call and
if successful they create a principal that represents the current user and assign that principal to the hosting environment.
Passive middleware, on the other hand, only inspects the request when asked to.
In the case of the default templates from Visual Studio 2013, all the middleware configured are all passive by default,
except for the “main” cookie authentication middleware
(turns out there are two cookie middlewares that get used in some templates —
the main one and another one for external identity providers and this other one is marked as passive).
*/
}
浙公网安备 33010602011771号