C# 通过在HttpContext.Session中存储令牌来使用.NETCoreAPI的登录功能是否是一种良好的做法?
我已经创建了一个.NETCore2.0RESTfulAPI,它使用openiddict和JWS令牌启用了登录功能。我还有一个使用API的.NET核心Web应用程序。目前,我正在客户端使用C# 通过在HttpContext.Session中存储令牌来使用.NETCoreAPI的登录功能是否是一种良好的做法?,c#,asp.net-core,C#,Asp.net Core,我已经创建了一个.NETCore2.0RESTfulAPI,它使用openiddict和JWS令牌启用了登录功能。我还有一个使用API的.NET核心Web应用程序。目前,我正在客户端使用HttpContext.Session来存储和获取令牌,以便登录用户。由于我对.NETCore相当陌生,我想问一下这是否是实现登录功能的好方法,如果不是,我应该如何实现 WebAPI授权控制器 [HttpPost("~/connect/token"), Produces("application/json
HttpContext.Session [HttpPost("~/connect/token"), Produces("application/json")]
public async Task<IActionResult> Exchange(OpenIdConnectRequest request)
{
Debug.Assert(request.IsTokenRequest(),
"The OpenIddict binder for ASP.NET Core MVC is not registered. " +
"Make sure services.AddOpenIddict().AddMvcBinders() is correctly called.");
if (request.IsPasswordGrantType())
{
var user = await _userManager.FindByNameAsync(request.Username);
var userRole = await _userManager.GetRolesAsync(user);
var loginRole = request.GetParameters().ElementAt(3).Value;
if (user == null || userRole.ElementAt(0) != loginRole)
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The username/password couple is invalid."
});
}
// Validate the username/password parameters and ensure the account is not locked out.
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, lockoutOnFailure: true);
if (!result.Succeeded)
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The username/password couple is invalid."
});
}
// Create a new authentication ticket.
var ticket = await CreateTicketAsync(request, user);
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription = "The specified grant type is not supported."
});
}
[HttpPost]
public IActionResult Login(LoginViewModel vm)
{
if (ModelState.IsValid)
{
using (HttpClient httpClient = new HttpClient())
{
Dictionary<string, string> tokenDetails = null;
var fullUrl = _appSettings.Value.Apis.GSRTCApi.Url + _appSettings.Value.Apis.GSRTCApi.LoginEndpoint;
HttpClient client = new HttpClient
{
BaseAddress = new Uri(fullUrl)
};
var login = new Dictionary<string, string>
{
{"grant_type", "password"},
{"username", vm.Email},
{"password", vm.Password},
{"role", vm.Role}
};
var response = client.PostAsync("Token", new FormUrlEncodedContent(login)).Result;
if (response.IsSuccessStatusCode)
{
tokenDetails = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.Content.ReadAsStringAsync().Result);
if (tokenDetails != null && tokenDetails.Any())
{
var tokenNo = tokenDetails.ElementAt(2).Value;
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + tokenNo);
HttpContext.Session.SetString("Username", vm.Email);
HttpContext.Session.SetString("Token", tokenNo);
//return RedirectToAction("Index", "Dashboard");
return Json(Url.Action("Index", "Dashboard"));
}
}
}
}
return PartialView("../Account/_Login", vm);
}
[HttpPost(“~/connect/token”),生成(“application/json”)]
公共异步任务交换(OpenIdConnectRequest)
{
Assert(request.IsTokenRequest(),
“ASP.NET Core MVC的OpenIddict活页夹未注册。”+
“确保正确调用了services.AddOpenIddict().AddMvcBinders()”);
if(request.IsPasswordGrantType())
{
var user=await\u userManager.FindByNameAsync(request.Username);
var userRole=await\u userManager.GetRolesAsync(用户);
var loginRole=request.GetParameters().ElementAt(3).Value;
if(user==null | | userRole.ElementAt(0)!=loginRole)
{
返回BadRequest(新的OpenIdConnectResponse
{
Error=OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription=“用户名/密码对无效。”
});
}
//验证用户名/密码参数并确保帐户未被锁定。
var result=wait _signInManager.CheckPasswordSignInAsync(用户、请求、密码、锁定失败:true);
如果(!result.successed)
{
返回BadRequest(新的OpenIdConnectResponse
{
Error=OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription=“用户名/密码对无效。”
});
}
//创建新的身份验证票证。
var ticket=wait CreateTicketAsync(请求,用户);
返回签名(ticket.Principal、ticket.Properties、ticket.AuthenticationScheme);
}
返回BadRequest(新的OpenIdConnectResponse
{
Error=OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription=“不支持指定的授权类型。”
});
}
[HttpPost("~/connect/token"), Produces("application/json")]
public async Task<IActionResult> Exchange(OpenIdConnectRequest request)
{
Debug.Assert(request.IsTokenRequest(),
"The OpenIddict binder for ASP.NET Core MVC is not registered. " +
"Make sure services.AddOpenIddict().AddMvcBinders() is correctly called.");
if (request.IsPasswordGrantType())
{
var user = await _userManager.FindByNameAsync(request.Username);
var userRole = await _userManager.GetRolesAsync(user);
var loginRole = request.GetParameters().ElementAt(3).Value;
if (user == null || userRole.ElementAt(0) != loginRole)
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The username/password couple is invalid."
});
}
// Validate the username/password parameters and ensure the account is not locked out.
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, lockoutOnFailure: true);
if (!result.Succeeded)
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
ErrorDescription = "The username/password couple is invalid."
});
}
// Create a new authentication ticket.
var ticket = await CreateTicketAsync(request, user);
return SignIn(ticket.Principal, ticket.Properties, ticket.AuthenticationScheme);
}
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.UnsupportedGrantType,
ErrorDescription = "The specified grant type is not supported."
});
}
[HttpPost]
public IActionResult Login(LoginViewModel vm)
{
if (ModelState.IsValid)
{
using (HttpClient httpClient = new HttpClient())
{
Dictionary<string, string> tokenDetails = null;
var fullUrl = _appSettings.Value.Apis.GSRTCApi.Url + _appSettings.Value.Apis.GSRTCApi.LoginEndpoint;
HttpClient client = new HttpClient
{
BaseAddress = new Uri(fullUrl)
};
var login = new Dictionary<string, string>
{
{"grant_type", "password"},
{"username", vm.Email},
{"password", vm.Password},
{"role", vm.Role}
};
var response = client.PostAsync("Token", new FormUrlEncodedContent(login)).Result;
if (response.IsSuccessStatusCode)
{
tokenDetails = JsonConvert.DeserializeObject<Dictionary<string, string>>(response.Content.ReadAsStringAsync().Result);
if (tokenDetails != null && tokenDetails.Any())
{
var tokenNo = tokenDetails.ElementAt(2).Value;
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + tokenNo);
HttpContext.Session.SetString("Username", vm.Email);
HttpContext.Session.SetString("Token", tokenNo);
//return RedirectToAction("Index", "Dashboard");
return Json(Url.Action("Index", "Dashboard"));
}
}
}
}
return PartialView("../Account/_Login", vm);
}
[HttpPost]
公共IActionResult登录(LoginViewModel vm)
{
if(ModelState.IsValid)
{
使用(HttpClient HttpClient=new HttpClient())
{
Dictionary-tokenDetails=null;
var fullUrl=_appSettings.Value.api.GSRTCApi.Url+_appSettings.Value.api.GSRTCApi.LoginEndpoint;
HttpClient=新的HttpClient
{
BaseAddress=新Uri(完整URL)
};
var login=新字典
{
{“授权类型”,“密码”},
{“用户名”,vm.Email},
{“password”,vm.password},
{“角色”,vm.role}
};
var response=client.PostAsync(“Token”,新FormUrlEncodedContent(login)).Result;
if(响应。IsSuccessStatusCode)
{
tokenDetails=JsonConvert.DeserializeObject(response.Content.ReadAsStringAsync().Result);
if(tokenDetails!=null&&tokenDetails.Any())
{
var tokenNo=tokenDetails.ElementAt(2).Value;
client.DefaultRequestHeaders.Add(“授权”、“持有人”+令牌号);
HttpContext.Session.SetString(“用户名”,vm.Email);
HttpContext.Session.SetString(“Token”,tokenNo);
//返回重定向操作(“索引”、“仪表板”);
返回Json(Url.Action(“Index”,“Dashboard”);
}
}
}
}
返回PartialView(“../Account/\u Login”,vm);
}