我正在Asp.Net Web API Core 1.1中实现身份验证和授权角色 . 我正在使用JWT令牌生成令牌并验证请求,但我仍然坚持将用户名和密码与Identity的现有数据库默认生成表进行匹配 . 如何将密码与PasswordHash匹配并注册新用户 . 是否在.Net Core 1.1中实现登录和注册api的任何示例?
您可以使用UserManager使用方法创建新用户public virtual Task<IdentityResult> CreateAsync(TUser user, string password) 和
public virtual Task<IdentityResult> CreateAsync(TUser user, string password)
SignInManager使用方法使用给定密码登录:public virtual Task<SignInResult> PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure)
public virtual Task<SignInResult> PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure)
[HttpPost] public async Task<IActionResult> Register([FromBody]UserModel model) { IdentityResult result; if (!ModelState.IsValid) return BadRequest(ModelState); var user = new ApplicationUser { UserName = model.UserName, Email = model.UserName }; result = await _userManager.CreateAsync(user, model.Password); if (! result.Succeeded) return BadRequest(ModelState); return Ok(new {userCreated=true, userName= model.UserName }); } [HttpPost("login")] public async Task<IActionResult> Login([FromBody]UserModel loginViewModel) { if (ModelState.IsValid) { var userFound = await _userManager.FindByNameAsync(loginViewModel.UserName); if (userFound == null) return Unauthorized(); var userId = userFound?.Id; // Claims, we endow this user var claims = new[] { new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Id, userId), new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAccess), new Claim("test2", "test2") }; // Get options from app settings var options = _configuration.GetSection(nameof(JwtIssuerOptions)); SymmetricSecurityKey _signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_configuration["SecretKey"])); // Configure JwtIssuerOptions var token = new JwtSecurityToken ( issuer: options[nameof(JwtIssuerOptions.Issuer)], audience: options[nameof(JwtIssuerOptions.Audience)], claims: claims, expires: DateTime.UtcNow.AddMinutes(60), // token works 1 hour! (then invalidates) notBefore: DateTime.UtcNow, signingCredentials: new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256) ); return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) }); } return BadRequest(); }
2 回答
您可以使用UserManager使用方法创建新用户
public virtual Task<IdentityResult> CreateAsync(TUser user, string password)
和SignInManager使用方法使用给定密码登录:
public virtual Task<SignInResult> PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure)