具有特殊安全需求的高階使用者可以為 MySQL Connector/NET 應用程式建立自己的身份驗證外掛程式。您可以擴展交握協定，新增自訂邏輯。如需 MySQL 身份驗證外掛程式的背景和使用資訊，請參閱 身份驗證外掛程式 和 編寫身份驗證外掛程式。

若要編寫自訂身份驗證外掛程式，您需要參考組件 MySql.Data.dll。編寫身份驗證外掛程式相關的類別位於命名空間 MySql.Data.MySqlClient.Authentication。

自訂身份驗證外掛程式的運作方式

在交握期間的某個時間點，會呼叫內部方法

void Authenticate(bool reset)

MySqlAuthenticationPlugin。此方法會依序呼叫目前外掛程式的數個可覆寫方法。

建立身份驗證外掛程式類別

您將身份驗證外掛程式邏輯放入衍生自 MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin 的新類別中。下列方法可用於覆寫

protected virtual void CheckConstraints()
protected virtual void AuthenticationFailed(Exception ex)
protected virtual void AuthenticationSuccessful()
protected virtual byte[] MoreData(byte[] data)
protected virtual void AuthenticationChange()
public abstract string PluginName { get; }
public virtual string GetUsername()
public virtual object GetPassword()
protected byte[] AuthData;

以下是每個方法的簡要說明

/// <summary>
/// This method must check authentication method specific constraints in the
environment and throw an Exception
/// if the conditions are not met. The default implementation does nothing.
/// </summary>
protected virtual void CheckConstraints()

/// <summary>
/// This method, called when the authentication failed, provides a chance to
plugins to manage the error
/// the way they consider decide (either showing a message, logging it, etc.).
/// The default implementation wraps the original exception in a MySqlException
with an standard message and rethrows it.
/// </summary>
/// <param name="ex">The exception with extra information on the error.</param>
protected virtual void AuthenticationFailed(Exception ex)

/// <summary>
/// This method is invoked when the authentication phase was successful accepted
by the server.
/// Derived classes must override this if they want to be notified of such
condition.
/// </summary>
/// <remarks>The default implementation does nothing.</remarks>
protected virtual void AuthenticationSuccessful()

/// <summary>
/// This method provides a chance for the plugin to send more data when the
server requests so during the
/// authentication phase. This method will be called at least once, and more
than one depending upon whether the
/// server response packets have the 0x01 prefix.
/// </summary>
/// <param name="data">The response data from the server, during the
authentication phase the first time is called is null, in
subsequent calls contains the server response.</param>
/// <returns>The data generated by the plugin for server consumption.</returns>
/// <remarks>The default implementation always returns null.</remarks>
protected virtual byte[] MoreData(byte[] data)

/// <summary>
/// The plugin name.
/// </summary>
public abstract string PluginName { get; }

/// <summary>
/// Gets the user name to send to the server in the authentication phase.
/// </summary>
/// <returns>An string with the user name</returns>
/// <remarks>Default implementation returns the UserId passed from the
connection string.</remarks>
public virtual string GetUsername()

/// <summary>
/// Gets the password to send to the server in the authentication phase. This
can be a string or a
/// </summary>
/// <returns>An object, can be byte[], string or null, with the password.
</returns>
/// <remarks>Default implementation returns null.</remarks>
public virtual object GetPassword()

/// <summary>
/// The authentication data passed when creating the plugin.
/// For example in mysql_native_password this is the seed to encrypt the
password.
/// </summary>
protected byte[] AuthData;

身份驗證外掛程式範例

此範例示範如何建立身份驗證外掛程式，然後透過組態檔啟用它。

繼續增強身份驗證邏輯，如果需要，可以覆寫更多方法。