我正在 Asp.Net Web API Core 1.1 中实现身份验证和授权角色库。我使用 JWT 令牌来生成令牌并验证请求,但我坚持将用户名和密码与 Identity 的现有数据库默认生成的表相匹配。如何将密码与PasswordHash匹配并注册新用户。有没有在.Net Core 1.1中实现登录和注册api的例子?
您可以使用 UserManager 通过方法
创建新用户
public virtual Task<IdentityResult> CreateAsync(TUser user, string password)
和 public virtual Task<SignInResult> PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure)
[HttpPost]
public async Task<IActionResult> Register([FromBody]UserModel model)
{
IdentityResult result;
if (!ModelState.IsValid) return BadRequest(ModelState);
var user = new ApplicationUser { UserName = model.UserName, Email = model.UserName };
result = await _userManager.CreateAsync(user, model.Password);
if (! result.Succeeded) return BadRequest(ModelState);
return Ok(new {userCreated=true, userName= model.UserName });
}
[HttpPost("login")]
public async Task<IActionResult> Login([FromBody]UserModel loginViewModel)
{
if (ModelState.IsValid)
{
var userFound = await _userManager.FindByNameAsync(loginViewModel.UserName);
if (userFound == null) return Unauthorized();
var userId = userFound?.Id;
// Claims, we endow this user
var claims = new[]
{
new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Id, userId),
new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAccess),
new Claim("test2", "test2")
};
// Get options from app settings
var options = _configuration.GetSection(nameof(JwtIssuerOptions));
SymmetricSecurityKey _signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_configuration["SecretKey"]));
// Configure JwtIssuerOptions
var token = new JwtSecurityToken
(
issuer: options[nameof(JwtIssuerOptions.Issuer)],
audience: options[nameof(JwtIssuerOptions.Audience)],
claims: claims,
expires: DateTime.UtcNow.AddMinutes(60), // token works 1 hour! (then invalidates)
notBefore: DateTime.UtcNow,
signingCredentials: new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256)
);
return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) });
}
return BadRequest();
}
通过调用.Net Web API在.Net MVC中登录和注册
前端.Net MVC
private readonly string _apiBaseUrl = "https://localhost:7284";
public async Task<IActionResult> LoginAction([Bind("username,password")] UserLogin userLogin) {
string apiUrl = $"{_apiBaseUrl}/login/username={userLogin.username}/password={userLogin.password}";
HttpResponseMessage response = await _httpClient.GetAsync(apiUrl);
if (response.IsSuccessStatusCode) {
var token = await response.Content.ReadAsStringAsync();
return RedirectToAction("Index", "Home");
} else {
ViewBag.Message = "Username or Password is Inncorrect";
return RedirectToAction("Login", "Home");
}
}
[HttpPost]
public async Task<IActionResult> RegisterAction(UserMaster userMaster) {
string apiUrl = $"{_apiBaseUrl}/api/UserMaster/register";
var client = new HttpClient();
var data =
new StringContent(JsonConvert.SerializeObject(userMaster),
System.Text.Encoding.UTF8, "Application/Json");
var response = await client.PostAsync(apiUrl, data);
if (response.IsSuccessStatusCode) {
return RedirectToAction("Login", "Home");
} else {
ModelState.AddModelError(string.Empty, "Registration failed");
return View();
}
}