Fatal编程技术网
  • asp.net-core/
  • Asp.net core 如何生成具有Net Core的JWT

Asp.net core 如何生成具有Net Core的JWT

asp.net-core jwt entity-framework-core

Asp.net core 如何生成具有Net Core的JWT,asp.net-core,jwt,entity-framework-core,Asp.net Core,Jwt,Entity Framework Core,您好,我在使用Net Core创建令牌时感到困惑,我遵循了一个指南,在Postman中执行Post请求时没有工作 请看,我的数据库带有ef核心迁移,我的用户类有用户名和密码{get;set;} 然后,我创建了一个AuthController,其中包含以下内容: public class AuthController : Controller { private readonly IConfiguration _configuration; private readonly Hac

您好,我在使用Net Core创建令牌时感到困惑,我遵循了一个指南,在Postman中执行Post请求时没有工作

请看,我的数据库带有ef核心迁移,我的用户类有用户名和密码{get;set;}

然后,我创建了一个AuthController,其中包含以下内容:

public class AuthController : Controller
{
    private readonly IConfiguration _configuration;
    private readonly HacsysContext _context;
    public AuthController(IConfiguration configuration, HacsysContext context) {
        _configuration = configuration;
    }


    [AllowAnonymous]
    [HttpPost]
    [Route("token")]
    public IActionResult Post([FromBody]Personal personal)
    {
        if (ModelState.IsValid)
        {
            var userId = GetUserIdFromCredentials(personal);
            if (userId == -1)
            {
                return Unauthorized();
            }

            var claims = new[]
            {
                new Claim(JwtRegisteredClaimNames.Sub, personal.CorreoE),
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
            };

            var token = new JwtSecurityToken
            (
                issuer: _configuration["Issuer"],
                audience: _configuration["Audience"],
                claims: claims,
                expires: DateTime.UtcNow.AddDays(10),
                notBefore: DateTime.UtcNow,
                signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SigningKey"])),
                     SecurityAlgorithms.HmacSha256)
            );

            return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token) });
        }

        return BadRequest();
    }

    private int GetUserIdFromCredentials(Personal personal)
    {
        var userId = -1;

        var email = personal.CorreoE;
        var password = personal.Contrasena;
        if (personal.CorreoE.Equals(email)) 
            {
                userId = 1;
            }



        return userId;


    }
}
基本上,当我在GetUserIdFromCredentials中比较电子邮件是否等于peronal.CorreoE时,返回的总是True,即使在Postman中,我发送的邮件中只有一封信或不同的电子邮件,或者数据库中没有的不同电子邮件

您每次都会获得userId 1,因为您首先将电子邮件值设置为该值 然后比较
email
值是否等于
personal.CorreoE
。。这将始终为真,因此返回1

但是,您应该做的是在dbContext中对Personal实体进行查询,以查找带有该电子邮件的人员,并返回找到的实体的userId

private int GetUserIdFromCredentials(Personal personal)
{
    var email = personal.CorreoE;
    var password = personal.Contrasena;

    //make a query on the db context
    var dbPerson = _context.Personal.FirstOrDefault(p=> p.Email == email);

    if(dbPerson == null)
        return -1;

    return dbPerson.Id;
}