我有一个 asp dotnet webapi 设置,具有像这样的默认身份验证方案
const string CookieScheme = "cookie";
builder.Services.AddAuthentication(CookieScheme)
.AddCookie(CookieScheme, options =>
{
options.Cookie.Name = "MyCustom.Identity";
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Path = "/";
options.Cookie.HttpOnly = true;
});
并且在控制器中,我尝试使用登录管理器和用户管理器来对流程进行更多控制,例如在注册时登录用户等...
这是带有注册端点的 AuthController。
[ApiController]
[Route("api/auth")]
public class AuthController : ControllerBase
{
private readonly UserManager<IdentityUser> _userManager;
private readonly SignInManager<IdentityUser> _signInManager;
private readonly ILogger<AuthController> _logger;
public AuthController(UserManager<IdentityUser> userManager,
SignInManager<IdentityUser> signInManager,
ILogger<AuthController> logger)
{
_userManager = userManager;
_signInManager = signInManager;
_logger = logger;
}
[HttpPost]
[Route("register")]
public async Task<IActionResult> Register([FromBody] RegisterModel model)
{
var user = new IdentityUser
{
UserName = model.Email,
Email = model.Email
};
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
return BadRequest(result.Errors);
}
await _signInManager.SignInAsync(user, true);
var responseData = new
{
status = "success",
message = "Registered successfully!",
user = new
{
username = user.UserName,
email = user.Email,
id = user.Id
}
};
return Ok(responseData);
}
}
但是此代码不使用“cookie”方案(设置的cookie具有不同的名称“.AspDotnet.Identity”,这是默认方案)
当我访问需要身份验证的路由时,这会造成更多麻烦。比如
[Authorize]
[HttpGet]
[Route("user")]
public async Task<IActionResult> GetUser()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return Unauthorized("not authorized to perform this action");
}
var responseData = new
{
status = "success",
user = new
{
username = user.UserName,
email = user.Email,
id = user.Id
}
};
return Ok(responseData);
}
如何正确设置 dotnet 身份和控制器路由以实现更多总体控制?
您可以通过以下方式更改 asp.net 身份默认 cookie 选项。
builder.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "MyCustom.Identity";
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Path = "/";
options.Cookie.HttpOnly = true;
});