问题
I have created a .NET Core project with WebApi template selected includes no authentication. I want to add ASP.NET identity in it for role based authorization. How can I achieve this?
回答1:
This will give you a bear bones webapi with aspnet core identity, first create your project (this assumes you've created a new folder and you're in it):
dotnet new webapi
Add aspnet core identity:
dotnet add package Microsoft.AspNetCore.Identity
Add some database provider to store your data:
dotnet add package Microsoft.EntityFrameworkCore.Sqlite
Now add a user type, the simplest version being:
public class ApplicationUser : IdentityUser
{
}
And a db context, here I'm setting up the connection string within the class but you'd probably want to use DbContextOptions instead:
public class IdentityContext : IdentityDbContext<ApplicationUser>
{
protected override void OnConfiguring
(DbContextOptionsBuilder optionsBuilder) =>
optionsBuilder.UseSqlite("your connection string");
}
Then in your Startup.cs add the following marked lines:
public Startup(IConfiguration configuration)
{
Configuration = configuration;
//add this: simply creates db if it doesn't exist, no migrations
using (var context = new IdentityContext())
{
context.Database.EnsureCreated();
}
}
public void ConfigureServices(IServiceCollection services)
{
//add this: register your db context
services.AddDbContext<IdentityContext>();
//and this: add identity and create the db
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityContext>();
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//add this
app.UseAuthentication();
app.UseMvc();
}
Note that by default the AddIdentity extension will set the default authentication scheme and add various cookies that you probably don't want in an API, the cut down alternative is as follows (to replace the above AddIdentity call in ConfigureServices):
services.AddIdentityCore<ApplicationUser>(options => { });
new IdentityBuilder(typeof(ApplicationUser), typeof(IdentityRole), services)
.AddRoleManager<RoleManager<IdentityRole>>()
.AddSignInManager<SignInManager<ApplicationUser>>()
.AddEntityFrameworkStores<IdentityContext>();
This will give you the database side of things, you can then use UserManager and SignInManager to create and authenticate users, to get them use the DI system:
public class MyController : Controller
{
private UserManager<ApplicationUser> _userManager = null;
private SignInManager<ApplicationUser> _signInManager = null;
public MyController(
UserManager<ApplicationUser> userManager,
SignInManager<ApplicationUser> signInManager)
{
_userManager = userManager;
_signInManager = signInManager;
}
//etc...
And then use as follows:
var result = await _userManager.CreateAsync(
new ApplicationUser()
{
UserName = "bob",
Email = "bob@bob.com"
}, "Test123!");
if (result.Succeeded)
//do stuff...
And:
var user = await _userManager.FindByNameAsync("bob");
result = await _signInManager.CheckPasswordSignInAsync(user, "Test123!", false);
if (result.Succeeded)
//do stuff...
Using CheckPasswordSignInAsync instead of PasswordSignInAsync will avoid the creation of a cookie if AddIdentity is used, if AddIdentityCore was also used above, then you must use CheckPasswordSignInAsync as PasswordSignInAsync will not work as an IAuthenticationSignInHandler will not have been setup.
回答2:
There is nothing special the template is doing, all you need is the Microsoft.AspNet.Identity.Core NuGet package and the you should be able to follow from here:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity
来源:https://stackoverflow.com/questions/43224177/how-to-add-asp-net-identity-to-asp-net-core-when-webapi-template-is-selected