diff --git a/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj b/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj
index 3cc0a7d..a383da2 100644
--- a/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj
+++ b/AuthStudy.Authentication.Basic/AuthStudy.Authentication.Basic.csproj
@@ -8,6 +8,7 @@
 
   <ItemGroup>
 	<FrameworkReference Include="Microsoft.AspNetCore.App" />
+	<PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
     <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
   </ItemGroup>
 
diff --git a/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj b/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj
index 18c26a9..75921b5 100644
--- a/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj
+++ b/AuthStudy.Authentication.Browser/AuthStudy.Authentication.Browser.csproj
@@ -9,6 +9,7 @@
   <ItemGroup>
 	<FrameworkReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="7.0.5" />
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
     <PackageReference Include="Microsoft.Extensions.Features" Version="7.0.5" />
     <PackageReference Include="UAParser" Version="3.1.47" />
   </ItemGroup>
diff --git a/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs b/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs
index f1fc63a..85fafdd 100644
--- a/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs
+++ b/AuthStudy.Authentication.Browser/BrowserAuthenticationExtensions.cs
@@ -46,7 +46,7 @@ namespace AuthStudy.Authentication.Browser
 
         private static IServiceCollection AddService(this IServiceCollection builder, BrowserAuthenticationOptions option)
         {
-            BrowserAuthenticationOptions defaultOption = option ?? new();
+            BrowserAuthenticationOptions defaultOption = option ?? new(){AllowBrowsers = BrowserAuthenticationDefault.AllowBrowsers};
             builder.AddSingleton(defaultOption);
             builder.AddSingleton<BrowserAuthenticationBaseHandler>();
 
diff --git a/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj b/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj
index d8b8d08..7082396 100644
--- a/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj
+++ b/AuthStudy.Authentication.Digest/AuthStudy.Authentication.Digest.csproj
@@ -10,6 +10,10 @@
 		<FrameworkReference Include="Microsoft.AspNetCore.App"></FrameworkReference>
 	</ItemGroup>
 
+	<ItemGroup>
+	  <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+	</ItemGroup>
+
 	<ItemGroup>
 	  <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
 	</ItemGroup>
diff --git a/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj b/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj
index cfadb03..c3594f0 100644
--- a/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj
+++ b/AuthStudy.Authentication.Shared/AuthStudy.Authentication.Shared.csproj
@@ -6,4 +6,8 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
 </Project>
diff --git a/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj b/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj
index a636233..c12c8bd 100644
--- a/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj
+++ b/AuthStudy.Authentication.SqlServer/AuthStudy.Authentication.SqlServer.csproj
@@ -6,6 +6,10 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
   </ItemGroup>
diff --git a/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj b/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj
index a636233..c12c8bd 100644
--- a/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj
+++ b/AuthStudy.Authentication.UrlQuery/AuthStudy.Authentication.UrlQuery.csproj
@@ -6,6 +6,10 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\AuthStudy.Authentication.Shared\AuthStudy.Authentication.Shared.csproj" />
   </ItemGroup>
diff --git a/AuthStudy.WebApp/AuthStudy.WebApp.csproj b/AuthStudy.WebApp/AuthStudy.WebApp.csproj
index 9e85913..335d4df 100644
--- a/AuthStudy.WebApp/AuthStudy.WebApp.csproj
+++ b/AuthStudy.WebApp/AuthStudy.WebApp.csproj
@@ -8,6 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.5" />
+    <PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
   </ItemGroup>
 
diff --git a/AuthStudy.WebApp/Controllers/AccountsController.cs b/AuthStudy.WebApp/Controllers/AccountsController.cs
index 387b75c..df6a355 100644
--- a/AuthStudy.WebApp/Controllers/AccountsController.cs
+++ b/AuthStudy.WebApp/Controllers/AccountsController.cs
@@ -12,13 +12,14 @@ namespace AuthStudy.WebApp.Controllers
     [ApiController]
     public class AccountsController : ControllerBase
     {
-        public AccountsController()
+        private ILogger<AccountsController> _logger;
+        public AccountsController(ILogger<AccountsController> logger)
         {
-
+            _logger = logger;
         }
 
         //多特性是and特性内逗号分隔是or
-        //[Authorize]
+        [Authorize]
         //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BaseBrowserScheme)]
         //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BrowserScheme)]
         //[Authorize(AuthenticationSchemes = AuthenticationSchemeList.BasicScheme)]
@@ -27,12 +28,22 @@ namespace AuthStudy.WebApp.Controllers
         [HttpGet]
         public async Task<IActionResult> GetAll()
         {
-            var dd = await HttpContext.AuthenticateAsync();
+            var authenticateResult = await HttpContext.AuthenticateAsync();
+            if (authenticateResult.Succeeded)
+            {
+                _logger.LogInformation("认证成功");
+            }
+            else
+            {
+                Response.StatusCode = 401;
+                _logger.LogInformation("认证失败");
+                return new ContentResult() { StatusCode = 401,Content=authenticateResult.Failure?.Message};
+            }
 
             //输出认证信息
             foreach (var claim in User.Claims)
             {
-                Console.WriteLine($"{claim.Type}={claim.Value}");
+                _logger.LogInformation($"{claim.Type}={claim.Value}");
             }
 
             List<AccountVM> accounts = new()
diff --git a/AuthStudy.WebApp/Program.cs b/AuthStudy.WebApp/Program.cs
index 2810b30..2e50638 100644
--- a/AuthStudy.WebApp/Program.cs
+++ b/AuthStudy.WebApp/Program.cs
@@ -12,7 +12,7 @@ namespace AuthStudy.WebApp
         public static void Main(string[] args)
         {
             WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
-
+            
             // 添加服务到IoC容器
             builder.Services.AddControllers();
             // Swagger 注册
@@ -48,8 +48,8 @@ namespace AuthStudy.WebApp
                             {
                                 var claims = new[]
                                 {
-                                    new Claim(ClaimTypes.NameIdentifier, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer),
-                                    new Claim(ClaimTypes.Name, context.Username, ClaimValueTypes.String, context.Options.ClaimsIssuer)
+                                    new Claim(ClaimTypes.NameIdentifier, context.Username??"", ClaimValueTypes.String, context.Options.ClaimsIssuer),
+                                    new Claim(ClaimTypes.Name, context.Username??"", ClaimValueTypes.String, context.Options.ClaimsIssuer)
                                             };
 
                                 context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
@@ -78,11 +78,6 @@ namespace AuthStudy.WebApp
             app.MapControllers();
 
             app.Run();
-
-            void Test()
-            {
-                
-            }
         }
     }
 }
\ No newline at end of file
diff --git a/Docs/说明.md b/Docs/说明.md
index 0039b9c..0aac100 100644
--- a/Docs/说明.md
+++ b/Docs/说明.md
@@ -78,3 +78,11 @@
   </ItemGroup>
 </Project>
 ```
+## 认证与授权实质关系
++ 认证与授权是两个独立的 `中间件`，通过请求上下文的 User 属性进行 “交互”；
++ 认证 -> 认证凭据放入 请求上下文(HttpContext)的User属性(实质是一个ClaimsPrincipal对象)；
++ 授权 -> 先从请求上下文的User属性拿到凭据：ClaimsPrincipal， 然后进行权限判定；
+
+## 认证使用方式
++ 配合授权一起使用：api控制器或方法上加特性[Authorize],由框架自动调用
++ 在Api方法内部调用 HttpContext 扩展方法： `var result = HttpContext.AuthenticateAsync();` 拿到认证结果，手动执行自己的逻辑。