Fatal编程技术网
  • csharp/
  • C# Web API和Angular 5令牌身份验证-登录后获取用户信息

C# Web API和Angular 5令牌身份验证-登录后获取用户信息

c# angular authentication asp.net-web-api

C# Web API和Angular 5令牌身份验证-登录后获取用户信息,c#,angular,authentication,asp.net-web-api,token,C#,Angular,Authentication,Asp.net Web Api,Token,当我访问angular应用程序时,我得到以下信息: access_token:"******************" expires_in:59 refresh_token:"******************" token_type:"bearer" 但是现在我想使用登录用户的信息。我的问题是我不能,因为我没有令牌信息之间的用户id 这是我从API的c#登录: //Varifying user credentials public bool Login(string userNa

当我访问angular应用程序时,我得到以下信息:

access_token:"******************"
expires_in:59
refresh_token:"******************"
token_type:"bearer"
但是现在我想使用登录用户的信息。我的问题是我不能,因为我没有令牌信息之间的用户id

这是我从API的c#登录:

//Varifying user credentials
    public bool Login(string userName, string password)
    {
        try
        {
            ServiceContext db = new ServiceContext();
            var userInfo = db.Users.Where(x => x.Username == userName).FirstOrDefault();
            if (userInfo != null)
            {
                string stringPwd = Encoding.ASCII.GetString(userInfo.Password);
                return stringPwd == password;
            }
            else
            {
                return false;
            }
        }
        catch (Exception ex)
        {
            return false;
        }
    }
这是Angular应用程序提供的我的身份验证服务:

@Injectable()
export class AuthenticationService {
constructor(private http: HttpClient) { }

login(username: string, password: string) {

    var data = "grant_type=password" + "&username=" + username + "&password=" + password;
    var reqHeader = new HttpHeaders({ 'Content-Type': 'application/x-www-urlencoded','No-Auth':'True' });
    return this.http.post<any>(`${environment.apiUrl}/token`, data, { headers: reqHeader })
        .pipe(map(user => {
            // login successful if there's a jwt token in the response
            if (user && user.access_token) {
                // store user details and jwt token in local storage to keep user logged in between page refreshes
                localStorage.setItem('currentUser', JSON.stringify(user));
            }
            return user;
        }));
}
我想显示用于登录的用户名。有人能帮帮我,给我一些建议吗

提前感谢

通常
登录
操作之后应该是
/me
请求,它从标题读取令牌并返回用户对象。
登录/注册路由应该只返回令牌数据,这是正确的,但
/me
将解码令牌(如果您在令牌中包含用户数据),或者它将通过用户在数据库中的令牌搜索用户

修改您的
GrantResourceOwnerCredentials
方法,如下所示

您需要使用
AuthenticationProperties
,以便可以在令牌数据中添加更多参数

AuthenticationTicket
会将您添加的参数绑定到您的令牌数据,并且您将在应用程序中访问这些数据

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{

    var identity = new ClaimsIdentity(context.Options.AuthenticationType);
    Accounts acc = new Accounts();

    //Authenticate the user credentials
    if (acc.Login(context.UserName, context.Password))
    {   
        //If you want to display user's firstname, lastname, or picture then
        //The below method is for getting user from database by its username
        var user = acc.GetUserByUsername(context.UserName);
        string firstName = user.FirstName;
        string lastName = user.LastName;

        identity.AddClaim(new Claim(ClaimTypes.Role, acc.GetUserRole(context.UserName)));
        identity.AddClaim(new Claim("username", context.UserName));
        identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));

        var props = new AuthenticationProperties(new Dictionary<string, string>
                    {                             
                         {
                             "userName", context.UserName
                         },
                         {
                             "firstName", firstName
                         },
                         {
                             "lastName", lastName
                         }
                    });

        var ticket = new AuthenticationTicket(identity, props);
        context.Validated(ticket);
    }
    else
    {
        context.SetError("invalid_grant", "Provided username and password is incorrect");
        return;
    }
}
输出:

access_token:"******************"
expires_in:59
refresh_token:"******************"
token_type:"bearer",
firstName: "Abc",
lastName: "Pqr",
userName: "Xyz"
您需要在
GrantResourceOwnerCredentials
方法中传递用户名和令牌数据我已经发布了我的GrantResourceOwnerCredentials。有用户名信息,但我如何在angular app上使用?@Tky17,查看答案可能对您有帮助:)我尝试了您的解决方案,但我的令牌信息始终相同..没有用户信息(我复制并通过您发布的代码,并在我的帐户类上添加GetUserByUsername函数)。尝试以相同的方法添加断点,并观察
var ticket=newauthenticationticket(标识、道具)属性。你在里面得到了道具吗?或者在这里复制您的
道具
valuestry,用Postman中发布的数据调用您的
/token
url,并告诉我您将获得什么。我会在一小时内回来:)我尝试了邮递员和我的结果:“访问令牌”:“令牌类型”:“持有者”,“过期令牌”:59,“刷新令牌”:“但通过断点,票证有用户信息

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
    foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
    {
        context.AdditionalResponseParameters.Add(property.Key, property.Value);
    }

    return Task.FromResult<object>(null);
}



access_token:"******************"
expires_in:59
refresh_token:"******************"
token_type:"bearer",
firstName: "Abc",
lastName: "Pqr",
userName: "Xyz"