郑州手机网站推广公司,松岗营销型网站建设,旅行网站开发需求说明书,wp做图网站前言上一篇已经介绍了identity在web api中的基本配置#xff0c;本篇来完成用户的注册#xff0c;登录#xff0c;获取jwt token。开始开始之前先配置一下jwt相关服务。配置JWT 首先NuGet安装包#xff1a;PackageReference IncludeMicrosoft.AspNetCore.Authent… 前言上一篇已经介绍了identity在web api中的基本配置本篇来完成用户的注册登录获取jwt token。开始开始之前先配置一下jwt相关服务。配置JWT 首先NuGet安装包PackageReference IncludeMicrosoft.AspNetCore.Authentication.JwtBearer Version5.0.10 /appsettings.json中添加jwt配置JwtSettings: {SecurityKey: qP1yR9qH2xS0vW2lA3gI4nF0zA7fA3hB,ExpiresIn: 00:10:00
}为了方便新建一个配置类JwtSettingspublic class JwtSettings
{public string SecurityKey { get; set; }public TimeSpan ExpiresIn { get; set; }
}在Startup中配置jwtpublic void ConfigureServices(IServiceCollection services)
{//省略......var jwtSettings Configuration.GetSection(nameof(JwtSettings)).GetJwtSettings();services.AddSingleton(jwtSettings);var tokenValidationParameters new TokenValidationParameters{ValidateIssuer false,ValidateAudience false,ValidateIssuerSigningKey true,IssuerSigningKey new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtSettings.SecurityKey)),ClockSkew TimeSpan.Zero,};services.AddAuthentication(options {options.DefaultAuthenticateScheme JwtBearerDefaults.AuthenticationScheme;options.DefaultScheme JwtBearerDefaults.AuthenticationScheme;options.DefaultChallengeScheme JwtBearerDefaults.AuthenticationScheme;}).AddJwtBearer(options { options.TokenValidationParameters tokenValidationParameters; });
}最后别忘了UseAuthenticationapp.UseAuthentication(); // add
app.UseAuthorization();结构搭建 下面把项目基本结构搭建好做好接口后面实现以下是各个类的定义// 用户注册请求参数
public class RegisterRequest
{public string UserName { get; set; }public string Password { get; set; }public string Address { get; set; }
}// 用户登录请求参数
public class LoginRequest
{public string UserName { get; set; }public string Password { get; set; }
}// 注册 登录 成功后返回 token
public class TokenResponse
{[JsonPropertyName(access_token)] public string AccessToken { get; set; }[JsonPropertyName(token_type)] public string TokenType { get; set; }
}// 登录 注册 失败时返回错误信息
public class FailedResponse
{public IEnumerablestring Errors { get; set; }
}// IUserService 接口
public interface IUserService
{TaskTokenResult RegisterAsync(string username, string password, string address);TaskTokenResult LoginAsync(string username, string password);
}// UserService 实现
public class UserService : IUserService
{public TaskTokenResult RegisterAsync(string username, string password, string address){throw new System.NotImplementedException();}public TaskTokenResult LoginAsync(string username, string password){throw new System.NotImplementedException();}
}// TokenResult 定义
public class TokenResult
{public bool Success Errors null || !Errors.Any();public IEnumerablestring Errors { get; set; }public string AccessToken { get; set; }public string TokenType { get; set; }
}最后是UserController[Route(api/[controller])]
[ApiController]
public class UserController : ControllerBase
{private readonly IUserService _userService;public UserController(IUserService userService){_userService userService;}[HttpPost(Register)]public async TaskIActionResult Register(RegisterRequest request){var result await _userService.RegisterAsync(request.UserName, request.Password, request.Address);if (!result.Success){return BadRequest(new FailedResponse(){Errors result.Errors});}return Ok(new TokenResponse{AccessToken result.AccessToken,TokenType result.TokenType});}[HttpPost(Login)]public async TaskIActionResult Login(LoginRequest request){var result await _userService.LoginAsync(request.UserName, request.Password);if (!result.Success){return Unauthorized(new FailedResponse(){Errors result.Errors});}return Ok(new TokenResponse{AccessToken result.AccessToken,TokenType result.TokenType});}
}service实现 上面已经做好了基本的结构接下来就是实现UserService中的RegisterAsync和LoginAsync方法了。这里主要用到identity中的UserManagerUserManager封装了很多用户操作的现成方法。在UserService中先做一个私有方法根据user创建jwt token用户注册登录成功后调用此方法得到token返回即可private TokenResult GenerateJwtToken(AppUser user)
{var key Encoding.ASCII.GetBytes(_jwtSettings.SecurityKey);var tokenDescriptor new SecurityTokenDescriptor{Subject new ClaimsIdentity(new[]{new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString(N)),new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString())}),IssuedAt DateTime.UtcNow,NotBefore DateTime.UtcNow,Expires DateTime.UtcNow.Add(_jwtSettings.ExpiresIn),SigningCredentials new SigningCredentials(new SymmetricSecurityKey(key),SecurityAlgorithms.HmacSha256Signature)};var jwtTokenHandler new JwtSecurityTokenHandler();var securityToken jwtTokenHandler.CreateToken(tokenDescriptor);var token jwtTokenHandler.WriteToken(securityToken);return new TokenResult(){AccessToken token,TokenType Bearer};
}注册方法实现public async TaskTokenResult RegisterAsync(string username, string password, string address)
{var existingUser await _userManager.FindByNameAsync(username);if (existingUser ! null){return new TokenResult(){Errors new[] {user already exists!}, //用户已存在};}var newUser new AppUser() {UserName username, Address address};var isCreated await _userManager.CreateAsync(newUser, password);if (!isCreated.Succeeded){return new TokenResult(){Errors isCreated.Errors.Select(p p.Description)};}return GenerateJwtToken(newUser);
}登录方法实现public async TaskTokenResult LoginAsync(string username, string password)
{var existingUser await _userManager.FindByNameAsync(username);if (existingUser null){return new TokenResult(){Errors new[] {user does not exist!}, //用户不存在};}var isCorrect await _userManager.CheckPasswordAsync(existingUser, password);if (!isCorrect){return new TokenResult(){Errors new[] {wrong user name or password!}, //用户名或密码错误};}return GenerateJwtToken(existingUser);
}最后别忘了注册UserServiceservices.AddScopedIUserService, UserService();swagger配置 为了方便测试可以配置一下swaggerNuGet安装包PackageReference IncludeSwashbuckle.AspNetCore Version5.6.3 /ConfigureServicesservices.AddSwaggerGen(c
{c.SwaggerDoc(v1, new OpenApiInfo{Title Sample.Api,Version v1,Description Sample.Api Swagger Doc});c.AddSecurityDefinition(Bearer, new OpenApiSecurityScheme{Description Input the JWT like: Bearer {your token},Name Authorization,In ParameterLocation.Header,Type SecuritySchemeType.ApiKey,BearerFormat JWT,Scheme Bearer});c.AddSecurityRequirement(new OpenApiSecurityRequirement{{new OpenApiSecurityScheme{Reference new OpenApiReference{Type ReferenceType.SecurityScheme,Id Bearer}},Array.Emptystring()}});
});app.UseSwagger();
app.UseSwaggerUI(c c.SwaggerEndpoint(/swagger/v1/swagger.json, Sample.Api v1));测试一下 随便输入abc进行注册返回了一些密码规则的错误这个规则在注册identity服务时可以配置services.AddIdentityCoreAppUser(options
{options.Password.RequireDigit true;options.Password.RequireLowercase false;options.Password.RequireUppercase false;options.Password.RequireNonAlphanumeric false;
}).AddEntityFrameworkStoresAppDbContext();identityOptions还支持一些其他配置。下面注册成功后返回了token使用刚刚注册的账号测试登录也没有问题最后本篇完成了identity的登录注册获取token下一篇将介绍如何使用refresh token。参考ASP.NET Core 简介 Identity | Microsoft Docs[1]Mohamad Lawand - DEV Community[2]参考资料[1]ASP.NET Core 简介 Identity | Microsoft Docs: https://docs.microsoft.com/zh-cn/aspnet/core/security/authentication/identity?viewaspnetcore-5.0tabsvisual-studio[2]Mohamad Lawand - DEV Community: https://dev.to/moe23/comments
