很抱歉,我一定遗漏了一些非常明显的东西,但为什么注销端点总是返回 true?
AuthenticationController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using Registry_Backend.DTO;
using Registry_Backend.Models;
using Registry_Backend.Shared;
using System.IdentityModel.Tokens.Jwt;
using System.Net;
using System.Security.Claims;
using System.Text;
namespace Registry_Backend.Controllers
{
[ApiController]
[Route("api/[controller]")]
public class AuthenticationController : ControllerBase
{
private readonly SignInManager<IdentityUser> signInManager;
private readonly RegistryContext dbContext;
private readonly UserManager<IdentityUser> userManager;
public AuthenticationController(RegistryContext dbContext, SignInManager<IdentityUser> signInManager, UserManager<IdentityUser> userManager)
{
this.dbContext = dbContext;
this.signInManager = signInManager;
this.userManager = userManager;
}
[HttpPost("Login")]
[ProducesResponseType(typeof(JWTTokenResponse), StatusCodes.Status200OK)]
public async Task<IActionResult> LoginAsync([FromBody] LoginData loginData)
{
if (loginData is null)
{
throw new AppException("Invalid user request!!!");
}
else
{
var result = await signInManager.PasswordSignInAsync(loginData.UserName, loginData.Password, false, false);
if (result.Succeeded)
{
var user = await userManager.FindByNameAsync(loginData.UserName);
if (user != null) {
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManagerExtension.AppSetting["JWT:Secret"]));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokeOptions = new JwtSecurityToken(
issuer: ConfigurationManagerExtension.AppSetting["JWT:ValidIssuer"],
audience: ConfigurationManagerExtension.AppSetting["JWT:ValidAudience"], claims: new List<Claim>(),
expires: DateTime.Now.AddMinutes(6),
signingCredentials: signinCredentials);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);
return Ok(new JWTTokenResponse
{
Token = tokenString,
UserId = user.Id
});
}
}
}
return Unauthorized();
}
[HttpPost("Logout")]
[ProducesResponseType(typeof(string), StatusCodes.Status200OK)]
public async Task<IActionResult> LogoutAsync()
{
await signInManager.SignOutAsync();
return Ok("OK");
}
[HttpGet("IsLoggedIn")]
[ProducesResponseType(typeof(string), StatusCodes.Status200OK)]
public async Task<IActionResult> IsLoggedIn([FromQuery] string userId)
{
var user = await userManager.FindByIdAsync(userId);
if(user != null)
{
var claims = await signInManager.CreateUserPrincipalAsync(user);
return Ok(signInManager.IsSignedIn(claims));
}
return Ok(false);
}
}
}
Program.cs
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using Registry_Backend;
using Registry_Backend.Models;
using Registry_Backend.Shared;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options => {
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Scheme = "Bearer",
BearerFormat = "JWT",
In = ParameterLocation.Header,
Name = "Authorization",
Description = "Bearer Authentication with JWT Token",
Type = SecuritySchemeType.Http
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement {
{
new OpenApiSecurityScheme {
Reference = new OpenApiReference {
Id = "Bearer",
Type = ReferenceType.SecurityScheme
}
},
new List < string > ()
}
});
});
builder.Services.AddCors(options =>
{
options.AddPolicy("AllowAll", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
builder.Services.AddDbContext<RegistryContext>(opt => opt.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddIdentity<IdentityUser, IdentityRole>(options =>
options.Lockout.AllowedForNewUsers = false
).AddEntityFrameworkStores<RegistryContext>();
builder.Services.AddAuthentication(opt => {
opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options => {
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = ConfigurationManagerExtension.AppSetting["JWT:ValidIssuer"],
ValidAudience = ConfigurationManagerExtension.AppSetting["JWT:ValidAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManagerExtension.AppSetting["JWT:Secret"]))
};
});
var app = builder.Build();
app.UseCors("AllowAll");
app.UseMiddleware<ErrorHandlerMiddleware>();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();