C# 身份核心中具有角色的JWT授权
我无法理解C# 身份核心中具有角色的JWT授权,c#,asp.net-core,asp.net-identity,claims-based-identity,C#,Asp.net Core,Asp.net Identity,Claims Based Identity,我无法理解身份核心中的角色 我的AccountController看起来像这样,我在GenerateJWTToken方法的声明中添加了Roles: [HttpPost("Login")] public async Task<object> Login([FromBody] LoginBindingModel model) { var result = await this.signInManager.PasswordSignInAsync(model.
身份核心中的角色
我的AccountController
看起来像这样,我在GenerateJWTToken
方法的声明中添加了Roles
:
[HttpPost("Login")]
public async Task<object> Login([FromBody] LoginBindingModel model)
{
var result = await this.signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
if (result.Succeeded)
{
var appUser = this.userManager.Users.SingleOrDefault(r => r.UserName == model.UserName);
return await GenerateJwtToken(model.UserName, appUser);
}
throw new ApplicationException("INVALID_LOGIN_ATTEMPT");
}
[HttpPost("Register")]
public async Task<object> Register([FromBody] RegistrationBindingModel model)
{
var user = new ApplicationUser
{
UserName = model.UserName,
Email = model.Email,
FirstName = model.FirstName,
LastName = model.LastName
};
var result = await this.userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
await this.signInManager.SignInAsync(user, false);
return await this.GenerateJwtToken(model.UserName, user);
}
throw new ApplicationException("UNKNOWN_ERROR");
}
private async Task<object> GenerateJwtToken(string userName, IdentityUser user)
{
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, userName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimTypes.Role, Role.Viewer.ToString()),
new Claim(ClaimTypes.Role, Role.Developer.ToString()),
new Claim(ClaimTypes.Role, Role.Manager.ToString())
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.configuration["JwtKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddDays(Convert.ToDouble(this.configuration["JwtExpireDays"]));
var token = new JwtSecurityToken(
this.configuration["JwtIssuer"],
this.configuration["JwtIssuer"],
claims,
expires: expires,
signingCredentials: creds);
return new JwtSecurityTokenHandler().WriteToken(token);
}
我的应用程序用户
:
public class ApplicationUser : IdentityUser
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
和角色的枚举
:
public enum Role
{
Viewer,
Developer,
Manager
}
如何将有关用户角色的信息保存到标识数据库,并在登录时使该角色正常工作[Authorize]
属性
编辑:
我想做的是将角色
像存储在用户的枚举中。我想注册用户为Developer
,Manager
等。我相信我可以通过ApplicationUser
和添加Role
属性来完成注册,但从中我无法通过属性[授权(角色)]
获得授权。在您的情况下,您不需要使用IdentityUser和identity数据库,您正在使用JWT。使用定义的角色
属性创建您的用户
模型,并简单地将其保存在数据库中。比如:
public class User
{
public string FirstName { get; set; }
public string LastName { get; set; }
public Role Role { get; set; }
}
public enum Role
{
Viewer,
Developer,
Manager
}
代币:
var user = // ...
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(your_seccret_key);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.FirstName),
new Claim(ClaimTypes.Name, user.LastName),
new Claim(ClaimTypes.Role, user.Role)
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
控制器方法:
[Authorize(Roles = Role.Developer)]
[HttpGet("GetSomethongForAuthorizedOnly")]
public async Task<object> GetSomething()
{
// .... todo
}
[授权(角色=Role.Developer)]
[HttpGet(“GetSomethingForAuthorizedOnly”)]
公共异步任务GetSomething()
{
//……待办事项
}
您可以使用ASP.NET标识的内置角色管理。由于您使用的是ASP.NET Core 2.1,您可以首先参考以下链接以在标识系统中启用角色:
启用角色后,您可以注册角色/用户,然后向用户添加角色,如:
private async Task CreateUserRoles()
{
IdentityResult roleResult;
//Adding Admin Role
var roleCheck = await _roleManager.RoleExistsAsync("Admin");
if (!roleCheck)
{
IdentityRole adminRole = new IdentityRole("Admin");
//create the roles and seed them to the database
roleResult = await _roleManager.CreateAsync(adminRole);
_roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "edit.post")).Wait();
_roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "delete.post")).Wait();
ApplicationUser user = new ApplicationUser {
UserName = "YourEmail", Email = "YourEmail",
};
_userManager.CreateAsync(user, "YourPassword").Wait();
await _userManager.AddToRoleAsync(user, "Admin");
}
}
因此,当该用户登录到您的应用程序时,您可以在ClaimsPrincipal中找到角色
声明,这与角色的授权
属性一起工作。@WiktorZychla-thansk获取您的反馈,但我的项目是核心2.1
检查我的@MuhammadHannan谢谢您的建议,但我认为不是这样。我对我的文件进行了编辑question@michasaucer我也有同样的问题!!你找到解决这个问题的办法了吗?任何提示或文档链接都会有帮助。也许吧,但我想使用标识将用户存储在角色中。我找不到任何身份验证用户的解决方案。如果我想使用代币,我需要使用JWT。这并没有什么大的好处。创建简单的用户模型,同时添加密码,阅读密码+添加盐,然后进行加密,找到安全的算法,不要使用md5或sha1。永远不要解密密码,添加try limit,您是prity safe。在asp mvc中是的,但如果我想使用webapi呢?在web api中,直接使用JWT令牌,或使用角色声明手动登录:我仍然不完全理解您的要求,JWT令牌传递到您的web api,您的web api端需要在ASP.NET标识系统中注册用户和角色?我忘了提这一点,我的错。我的项目是webapi
,我需要有令牌才能登录webapi
服务。这就是为什么我需要像JWT
,从前端(webapi
proj是我的后端)到外部登录用户@michasaucer的原因,那么为什么不使用JWT和基于策略的授权呢?或者,您可以手动解码令牌并使用角色声明登录:
private async Task CreateUserRoles()
{
IdentityResult roleResult;
//Adding Admin Role
var roleCheck = await _roleManager.RoleExistsAsync("Admin");
if (!roleCheck)
{
IdentityRole adminRole = new IdentityRole("Admin");
//create the roles and seed them to the database
roleResult = await _roleManager.CreateAsync(adminRole);
_roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "edit.post")).Wait();
_roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "delete.post")).Wait();
ApplicationUser user = new ApplicationUser {
UserName = "YourEmail", Email = "YourEmail",
};
_userManager.CreateAsync(user, "YourPassword").Wait();
await _userManager.AddToRoleAsync(user, "Admin");
}
}