如何使用身份向 ASP.NET 核心最小 API 添加身份验证,但不使用 Azure?
[英]How do I add authentication to an ASP.NET Core minimal API using Identity, but without using Azure?
问题描述
I'm sure the answer to this must be obvious, as it's an obvious thing want to do, but I can't seem to find any guidance.
我敢肯定,这个问题的答案一定很明显,因为这是显而易见的事情,但我似乎找不到任何指导。
I have an ASP.NET Core minimal API, and want to add authentication.我有一个 ASP.NET Core minimal API,想添加身份验证。 I already have Identity set up in a different project, and want to use the same database (ie the same users) for the API.我已经在不同的项目中设置了身份,并希望为 API 使用相同的数据库(即相同的用户)。
I saw this blog post , which looked promising until I realised that the code there checks the user name and password as plain text (using admin as both in the sample)...我看到了这篇博客文章,它看起来很有希望,直到我意识到那里的代码将用户名和密码检查为纯文本(在示例中都使用admin )...
if (credentials[0] == "admin" && credentials[1] == "admin")
The problem with this is that (thankfully), Identity does not store the passwords in plain text, they are hashed, so I can't do a simple comparison.这个问题是(幸运的是)Identity 不以明文形式存储密码,它们是散列的,所以我不能做简单的比较。
I tried hashing the incoming password, as shown in this answer , but that didn't work as the hash came out different every time I called _userManager.PasswordHasher.HashPassword .我尝试对传入的密码进行哈希处理,如本答案所示,但这不起作用,因为每次调用_userManager.PasswordHasher.HashPassword时 hash 都不同。
I tried using the ASP.NET Core's SignInManager.CanSignInAsync method to check if I could sign in with the credentials, but that required me to add the following to Program ...我尝试使用 ASP.NET Core 的SignInManager.CanSignInAsync方法来检查我是否可以使用凭据登录,但这需要我将以下内容添加到Program ...
builder.Services.AddIdentity<User, IdentityRole>(options => {
// options removed for clarity
})
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<AppDbContext>();
However, as soon as I did this, any request to the API attempted to redirect to a log-in page, which is obviously not going to work when the API is being called from code.但是,一旦我这样做,对 API 的任何请求都会尝试重定向到登录页面,当从代码调用 API 时,这显然是行不通的。
All I could find on Microsoft's site was this article , but that assumes you are using Azure. At the moment, I'm still developing this on my local machine, and I don't know yet whether the project owners want to deploy to Azure or their own hosted server, so the code there doesn't help me.我在 Microsoft 的网站上只能找到这篇文章,但假设您使用的是 Azure。目前,我仍在本地计算机上开发它,我还不知道项目所有者是否要部署到 Azure或者他们自己的托管服务器,所以那里的代码对我没有帮助。
Anyone able to explain to me how I do what seems like such an obvious and simple task?任何人都可以向我解释我是如何完成如此明显和简单的任务的? Please let me know if there is any more info I need to provide.如果我需要提供更多信息,请告诉我。 Thanks谢谢
1 个解决方案
解决方案1
3 已采纳 2022-05-23 16:07:06
Have you seen Bipin Joshi's series of articles on this subject?您看过 Bipin Joshi 关于这个主题的系列文章吗? My guess is that you are past the first few, but you might find these useful...我猜你已经过了前几个,但你可能会发现这些有用......
Implement JWT Authentication In ASP.NET Core Minimal APIs 在 ASP.NET 核心最小 API 中实现 JWT 身份验证
Integrate ASP.NET Core Identity With JWT And Minimal APIs 将 ASP.NET 核心标识与 JWT 和最小 API 集成
The one change I made when using that approach was that the getToken API call just takes two string parameters for the user name and password, instead of a User object. Given that it's only two parameters, I find this makes life easier when working with disparate projects, as you don't need the class definition.我在使用该方法时所做的一个更改是getToken API 调用仅采用两个string参数作为用户名和密码,而不是User object。鉴于它只有两个参数,我发现这使得使用不同的项目,因为您不需要 class 定义。 Up to you though.取决于你。
In order to call the API, you'll need to call getToken first, passing in the user name and password.要调用 API,您需要先调用getToken ,传入用户名和密码。 Once you have your token, you can then set the authentication on your HtpClient as follows...获得令牌后,您可以按如下方式在HtpClient上设置身份验证...
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.