选择 webApi 模板时如何将 ASP.Net 身份添加到 Asp.Net Core？

Question

I have created a .NET Core project with WebApi template selected includes no authentication. I want to add ASP.NET identity in it for role based authorization. How can I achieve this?

"

Answer 1

Edit:

This answers the question but generally speaking I agree with the comment on the question above - JWT bearer tokens are the best fit for an API, it's best to understand that option before deciding on the best approach for your use case.

Original Answer

This will give you a bear bones webapi with aspnet core identity, first create your project (this assumes you've created a new folder and you're in it):

dotnet new webapi

Add aspnet core identity:

dotnet add package Microsoft.AspNetCore.Identity

Add some database provider to store your data:

dotnet add package Microsoft.EntityFrameworkCore.Sqlite

Now add a user type, the simplest version being:

public class ApplicationUser : IdentityUser
{
}

And a db context, here I'm setting up the connection string within the class but you'd probably want to use DbContextOptions instead:

public class IdentityContext : IdentityDbContext<ApplicationUser>
{
    protected override void OnConfiguring
        (DbContextOptionsBuilder optionsBuilder) => 
            optionsBuilder.UseSqlite("your connection string");
}

Then in your Startup.cs add the following marked lines:

public Startup(IConfiguration configuration)
{
    Configuration = configuration;

    //add this: simply creates db if it doesn't exist, no migrations
    using (var context = new IdentityContext())
    {
        context.Database.EnsureCreated();
    }
}

public void ConfigureServices(IServiceCollection services)
{
    //add this: register your db context
    services.AddDbContext<IdentityContext>();

    //and this: add identity and create the db
    services.AddIdentity<ApplicationUser, IdentityRole>()
        .AddEntityFrameworkStores<IdentityContext>();

    services.AddMvc();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    //add this
    app.UseAuthentication();

    app.UseMvc();
}

Note that by default the AddIdentity extension will set the default authentication scheme and add various cookies that you probably don't want in an API, the cut down alternative is as follows (to replace the above AddIdentity call in ConfigureServices):

services.AddIdentityCore<ApplicationUser>(options => { });
new IdentityBuilder(typeof(ApplicationUser), typeof(IdentityRole), services)
    .AddRoleManager<RoleManager<IdentityRole>>()
    .AddSignInManager<SignInManager<ApplicationUser>>()
    .AddEntityFrameworkStores<IdentityContext>();

This will give you the database side of things, you can then use UserManager and SignInManager to create and authenticate users, to get them use the DI system:

public class MyController : Controller
{
    private UserManager<ApplicationUser> _userManager = null;
    private SignInManager<ApplicationUser> _signInManager = null;

    public MyController(
        UserManager<ApplicationUser> userManager, 
        SignInManager<ApplicationUser> signInManager)
    {
        _userManager = userManager;
        _signInManager = signInManager;
    }

    //etc...

And then use as follows:

var result = await _userManager.CreateAsync(
    new ApplicationUser()
    {
        UserName = "bob", 
        Email = "bob@bob.com"
    }, "Test123!");
if (result.Succeeded)
    //do stuff...

And:

var user = await _userManager.FindByNameAsync("bob");
result = await _signInManager.CheckPasswordSignInAsync(user, "Test123!", false);
if (result.Succeeded)
    //do stuff...

Using CheckPasswordSignInAsync instead of PasswordSignInAsync will avoid the creation of a cookie if AddIdentity is used, if AddIdentityCore was also used above, then you must use CheckPasswordSignInAsync as PasswordSignInAsync will not work as an IAuthenticationSignInHandler will not have been setup.

Answer 2

There is nothing special the template is doing, all you need is the Microsoft.AspNet.Identity.Core NuGet package and the you should be able to follow from here:

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity

Answer 3

I am aware of how old this initial post is, but it is very relevant to what problem I am facing currently. Hopefully, this is a simple explanation of what I am trying to do. Currently using ASP.NET Core Identity for a Web Application I have and have built out some WebAPI's that will supply data to Web Application. Want to centralize Authentication and Authorization on one server and WebAPI's can use same Authentication and Authorization database to provide access. Now, I figured there had to be an easier way that using a 3rd Party Provider for this. I have attempted using the same Identity Configuration for each project using the same DBContext and that failed. I can't get why this can't be implemented this easily. Everything is stored in the database as I understand, so what am I missing. Thanks for your help. Take Care and Have a Great day.

"