使用 .NET Core Web API 登录和注册

Posted 2023-02-25

【中文标题】使用 .NET Core Web API 登录和注册

【英文标题】：Login and Registration using in .NET Core Web API

【发布时间】：2018-01-31 03:11:52

【问题描述】：

我正在 Asp.Net Web API Core 1.1 中实现身份验证和授权角色库。我正在使用 JWT 令牌来生成令牌并验证请求，但我坚持将用户名和密码与 Identity 的现有数据库默认生成的表相匹配。如何将密码与 PasswordHash 匹配并注册新用户。在 .Net Core 1.1 中实现登录和注册 api 的任何示例吗？

【参考方案1】：

您可以使用UserManager 通过方法创建新用户public virtual Task<IdentityResult> CreateAsync(TUser user, string password) 和 SignInManager 使用给定密码登录，使用方法：public virtual Task<SignInResult> PasswordSignInAsync(TUser user, string password, bool isPersistent, bool lockoutOnFailure)

【参考方案2】：

[HttpPost]
    public async Task<IActionResult> Register([FromBody]UserModel model)
    

        IdentityResult result;

        if (!ModelState.IsValid) return BadRequest(ModelState);

        var user = new ApplicationUser  UserName = model.UserName, Email = model.UserName ;

             result = await _userManager.CreateAsync(user, model.Password);

        if (! result.Succeeded) return  BadRequest(ModelState);

        return Ok(new userCreated=true, userName= model.UserName );
    

 [HttpPost("login")]
    public async Task<IActionResult> Login([FromBody]UserModel loginViewModel)
    
        if (ModelState.IsValid)
        
            var userFound = await _userManager.FindByNameAsync(loginViewModel.UserName);

            if (userFound == null) return Unauthorized();

            var userId = userFound?.Id;

            // Claims, we endow this user
            var claims = new[]
            

            new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Id, userId),
            new Claim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAccess),
            new Claim("test2", "test2")
         ;


            // Get options from app settings
            var options = _configuration.GetSection(nameof(JwtIssuerOptions));

            SymmetricSecurityKey _signingKey =  new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_configuration["SecretKey"]));

            // Configure JwtIssuerOptions


            var token = new JwtSecurityToken
            (
                issuer: options[nameof(JwtIssuerOptions.Issuer)],
                audience: options[nameof(JwtIssuerOptions.Audience)],
                claims: claims,
                expires: DateTime.UtcNow.AddMinutes(60), // token works 1 hour! (then invalidates)
                notBefore: DateTime.UtcNow,
                signingCredentials: new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256)
            );

            return Ok(new  token = new JwtSecurityTokenHandler().WriteToken(token) );
        

        return BadRequest();