.net core 登錄認證

1：startup：

 services.AddAuthentication(IdentityService.AuthenticationScheme)
                 .AddCookie(IdentityService.AuthenticationScheme, options =>
                 {
                     options.AccessDeniedPath = "/Account/Login/";
                     options.LoginPath = "/Account/Login/";
                     //options.LogoutPath = new PathString("/Account/Logout");
                     options.Cookie.Domain = Configuration["CookieDomain"];
                 });
            //自定義祕鑰加密
            services.AddDataProtection().DisableAutomaticKeyGeneration()
            .PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "ShareKeys")))
            .SetApplicationName("Jst.LeYou");
            services.AddScoped<PermissionFilter>();

sharekeys

<?xml version="1.0" encoding="utf-8"?>
<key id="91732fd5-4ec5-447f-9c6f-c832bda18354" version="1">
  <creationDate>2018-09-04T01:56:26.1864522Z</creationDate>
  <activationDate>2018-09-04T01:56:26.1729285Z</activationDate>
  <expirationDate>2118-09-04T01:56:26.1729285Z</expirationDate>
  <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=2.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60">
    <descriptor>
      <encryption algorithm="AES_256_CBC" />
      <validation algorithm="HMACSHA256" />
      <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
        <!-- Warning: the key below is in an unencrypted form. -->
        <value></value>
      </masterKey>
    </descriptor>
  </descriptor>
</key>

// 建立用戶成功後,把用戶信息存在 calm中           
HttpContext.SignInAsync(IdentityService.AuthenticationScheme, user);

    public class PermissionFilter : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            if(IsNoLogin(context))
            {
                base.OnActionExecuting(context);
                return;
            }

            if (!context.HttpContext.User.Identity.IsAuthenticated)
            {
                if (IsAjax(context))
                {
                    context.Result = new JsonResult(new { Success = false, Message = "您沒有權限執行此操做！" });
                    return;
                }
                else
                {
                    context.Result = new RedirectResult("/Account/Login");
                    return;
                }
            }
        
            base.OnActionExecuting(context);
        }
    }