小贝子编程

具有身份核心中角色的 JWT 授权



我很难理解Roles Identity Core

我的AccountController看起来像这样,我在GenerateJWTToken方法的声明中添加了Roles

[HttpPost("Login")]
    public async Task<object> Login([FromBody] LoginBindingModel model)
    {
        var result = await this.signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
        if (result.Succeeded)
        {
            var appUser = this.userManager.Users.SingleOrDefault(r => r.UserName == model.UserName);
            return await GenerateJwtToken(model.UserName, appUser);
        }
        throw new ApplicationException("INVALID_LOGIN_ATTEMPT");
    }
    [HttpPost("Register")]
    public async Task<object> Register([FromBody] RegistrationBindingModel model)
    {
        var user = new ApplicationUser
        {
            UserName = model.UserName,
            Email = model.Email,
            FirstName = model.FirstName,
            LastName = model.LastName
        };
        var result = await this.userManager.CreateAsync(user, model.Password);
        if (result.Succeeded)
        {
            await this.signInManager.SignInAsync(user, false);
            return await this.GenerateJwtToken(model.UserName, user);
        }
        throw new ApplicationException("UNKNOWN_ERROR");
    }
    private async Task<object> GenerateJwtToken(string userName, IdentityUser user)
    {
        var claims = new List<Claim>
        {
            new Claim(JwtRegisteredClaimNames.Sub, userName),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            new Claim(ClaimTypes.NameIdentifier, user.Id),
            new Claim(ClaimTypes.Role, Role.Viewer.ToString()),
            new Claim(ClaimTypes.Role, Role.Developer.ToString()),
            new Claim(ClaimTypes.Role, Role.Manager.ToString())
        };
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.configuration["JwtKey"]));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
        var expires = DateTime.Now.AddDays(Convert.ToDouble(this.configuration["JwtExpireDays"]));
        var token = new JwtSecurityToken(
            this.configuration["JwtIssuer"],
            this.configuration["JwtIssuer"],
            claims,
            expires: expires,
            signingCredentials: creds);
        return new JwtSecurityTokenHandler().WriteToken(token);
    }

从这段代码中,我的令牌与[Authorize]控制器的属性完美配合。

我的问题是,在哪一步中将role添加到我的注册user以使用(例如([Authorize("Admin")]?如何将role保存到数据库?

[Route("api/[controller]")]
[Authorize] //in this form it works ok, but how to add roles to it with JWT Token?
            //how to register user to role and get this role to JWT Token?
[ApiController]
public class DefaultController : ControllerBase

我的ApplicationUser

public class ApplicationUser : IdentityUser
{
    public string FirstName { get; set; }
    public string LastName { get; set; }
}

Roles的枚举:

public enum Role
{
    Viewer,
    Developer,
    Manager
}

如何将有关用户角色的信息保存到身份数据库,并在登录时使该角色正常工作[Authorize]属性?

编辑:

我想做的是将Roles存储在用户中的枚举中。我想将用户注册为DeveloperManager等。我相信我可以通过ApplicationUser并添加Role属性来做到这一点,但是我无法通过属性获得授权[Authorization(role)]

在这种情况下,您不需要使用 IdentityUser 和身份数据库,您使用的是 JWT。使用定义的Roles属性创建User模型,并将其简单地保留在数据库中。喜欢:

public class User
{
   public string FirstName { get; set; }
   public string LastName { get; set; }
   public Role Role { get; set; }
}
public enum Role
{
   Viewer,
   Developer,
   Manager
}

令牌:

var user = // ...
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(your_seccret_key);
var tokenDescriptor = new SecurityTokenDescriptor
{
    Subject = new ClaimsIdentity(new Claim[] 
         {
             new Claim(ClaimTypes.Name, user.FirstName),
             new Claim(ClaimTypes.Name, user.LastName),
             new Claim(ClaimTypes.Role, user.Role)
         }),
     Expires = DateTime.UtcNow.AddDays(1),
     SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),SecurityAlgorithms.HmacSha256Signature)
 };
 var token = tokenHandler.CreateToken(tokenDescriptor);
 user.Token = tokenHandler.WriteToken(token);

控制器方法:

[Authorize(Roles = Role.Developer)]
[HttpGet("GetSomethingForAuthorizedOnly")]
public async Task<object> GetSomething()
{ 
   // .... todo
}

您可以将内置的角色管理与 ASP.NET 身份一起使用。由于您使用的是 ASP.NET Core 2.1,您可以首先参考以下链接以获取身份系统中的启用角色:

https://stackoverflow.com/a/54069826/5751404

启用角色后,您可以注册角色/用户,然后为用户添加角色,例如:

private async Task CreateUserRoles()
{   
    IdentityResult roleResult;
    //Adding Admin Role
    var roleCheck = await _roleManager.RoleExistsAsync("Admin");
    if (!roleCheck)
    {
        IdentityRole adminRole = new IdentityRole("Admin");
        //create the roles and seed them to the database
        roleResult = await _roleManager.CreateAsync(adminRole);
        _roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "edit.post")).Wait();
        _roleManager.AddClaimAsync(adminRole, new Claim(ClaimTypes.AuthorizationDecision, "delete.post")).Wait();
        ApplicationUser user = new ApplicationUser {
            UserName = "YourEmail", Email = "YourEmail",
        };
        _userManager.CreateAsync(user, "YourPassword").Wait();
        await _userManager.AddToRoleAsync(user, "Admin");
    }
}

这样,当该用户登录到您的应用程序时,您可以在 ClaimsPrincipal 中找到role声明,并且该声明适用于Authorize角色属性。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium