有没有办法在 Api 控制器中获取当前用户
[英]Is there a way to get Current User in Api Controller
问题描述
我正在使用 asp.net 授权通过客户端的 Angular js 登录,我需要让当前用户登录
我需要让当前用户在我的记录器表中保存任何操作,并且 httpcontext.session.current 为 null ,是否有另一种方法可以在会话中保存登录用户或其他任何东西随时获取它
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
static ERPV02_03Entities db;
public ApplicationOAuthProvider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
db = SingleTonConText.Instance;
_publicClientId = publicClientId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
var data= Task.FromResult<object>(null);
return data;
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Resourcee owner password credentials does not provide a client ID.
if (context.ClientId == null)
{
context.Validated();
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
private static View_Emps GetUserInfo(string username)
{
var user = new View_Emps();
try
{
user = db.View_Emps.FirstOrDefault(p =>
p.Emp_UserName == username);
HttpContext.Current.Session.Add("user", user);
}
catch (Exception e)
{
throw e;
}
return user;
}
public static AuthenticationProperties CreateProperties(string userName)
{
var user = GetUserInfo(userName);
JavaScriptSerializer js = new JavaScriptSerializer();
var res = js.Serialize(user);
IDictionary<string, string> data = new Dictionary<string, string>
{
{ "User", res }
};
return new AuthenticationProperties(data);}}
public void SaveLog( T Obj, string Operation)
{
string hostName = Dns.GetHostName(); // Retrive the Name of HOST IpAddress
string myIP = Dns.GetHostEntry(hostName).AddressList[0].ToString();
var user = HttpContext.Current.Session["user"] as View_Emps;
MyLogger.Data = new JavaScriptSerializer().Serialize(Obj);
MyLogger.OperationType = Operation;
MyLogger.TableName = typeof(T).Name;
MyLogger.DateTime = DateTime.Now;
MyLogger.User_ID = user.Emp_ID;
MyLogger.IP_Address = myIP;
db.Loggers.Add(MyLogger);
Commit();
}
6 个解决方案
解决方案1
4 已采纳 2019-01-30 13:28:55
您可以从IPrincipal获取 Api Controller 中的当前登录用户,并且您无需为其引用任何命名空间,例如,
...
var user = User; //<= "User" comes from System.Security.Principal.IPrincipal
...
您还可以从IPrincipal获取其他属性,例如
- 认证类型
- 已认证
- 姓名
从像这样的用户的身份来看,
var authType = User.Identity.AuthenticationType;
var isAuthenticated = User.Identity.IsAuthenticated;
var name = User.Identity.Name;
编辑:
您可以在GrantResourceOwnerCredentials方法中添加自定义字段作为对您身份的GrantResourceOwnerCredentials例如,
...
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
oAuthIdentity.AddClaim(new Claim("UserId", user.Id)); //<= The UserId add here as claim
oAuthIdentity.AddClaim(new Claim("UserName", user.UserName)); //<= The UserName add here as claim
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
...
然后在 Api 控制器操作方法中,您可以像这样获得这个 UserId,
var userId = ((ClaimsIdentity)User.Identity).FindFirst("UserId");
var userName = ((ClaimsIdentity)User.Identity).FindFirst("UserName");
编辑1:
在这里,我从声明中获得了UserId和UserName 。
并且从 angular js HTTP 你可以发送你的 auth bearer token 像
module.run(function($http) {
$http.defaults.headers.common.Authorization = 'bearer TGAf8ViNUtzb9RP9OCBXHN4Ewm0dQbTMb6x4wJMgi4Wk8pq-QEQLIhp_W1A-9jQa7Rlqa60vsQ2ubbjUL0wGosEwaHFDlbdkQqXbOP_VlBJMxN2KnGQZnmvWZvpLPqMF-jpWzPDvBwtVHnh3AjLviPX0gPQjxZAC1ujIeB0p-QZ8yE1VCnLa8Xql01XDXlLVBCzk1UOqt_er-Gx6pL8SemayY8dqVVUgSZTYhcceLLuWQ-Cy3QATJmoJ41K-7ktAeUTz5H7V3ImlC_b8qnnN8sj7k7WRT51q27pUO4-bzJzkD4LGVvDUqaeAhBEqKyS9TkpMIFbRDMol5ZiJcp2vTunOOYP42Mw7GJv09ctoXegKkWo1LWDsSDxeWP5KQed_VGX193pZvQtvz06g2iyXwuP8Q6NaJcXTF43-M9p2HWgGuXT531YXv59euaWevj1AMJkazlZ61uzYi7KGLHKgCwzAMXLKwzBGK4QP0C4tqonowSdTttH93LBOJHjrDepk';
});
通过在角度端使用上述代码,您的请求将通过 Http 为每个请求添加身份验证令牌
了解有关$http 的更多信息
编辑2:
将这些数据添加为GrantResourceOwnerCredentials中的GrantResourceOwnerCredentials ,您希望将其转移到您的工作单元存储库中,例如,
oAuthIdentity.AddClaim(new Claim("Id", user.Id));
oAuthIdentity.AddClaim(new Claim("UserName", user.UserName));
oAuthIdentity.AddClaim(new Claim("Email", user.Email));
oAuthIdentity.AddClaim(new Claim("PhoneNumber", user.PhoneNumber));
然后在您的控制器方法中读取这些数据,例如
ClaimsPrincipal principal = Request.GetRequestContext().Principal as ClaimsPrincipal;
var claims = principal.Claims.Select(x => new { type = x.Type, value = x.Value });
var id = claims.Where(x => x.type == "Id").FirstOrDefault().value;
var userName = claims.Where(x => x.type == "UserName").FirstOrDefault().value;
var email = claims.Where(x => x.type == "Email").FirstOrDefault().value;
var phoneNumber = claims.Where(x => x.type == "PhoneNumber").FirstOrDefault().value;
ApplicationUser applicationUser = new ApplicationUser //This model is pre generated by web api project and reside in `Models` folder
{
Id = id,
UserName = userName,
Email = email,
PhoneNumber = phoneNumber
};
现在您可以自由地使用这个对象applicationUser来传入您的工作单元存储库。
解决方案2
1 2021-10-07 09:33:12
[Authorize]
[HttpGet("GetCurrentUser")]
public async Task<ActionResult<string>> GetCurrentUser()
{
var UserName = User.Identity.Name;
var user = await _userManager.GetUserAsync(User);
return Ok("Current User: " + user);
}
- 使用 ->
[Authorize]注释控制器或端点 - 有两种解决方案可以获取当前登录的用户。
- 使用:
User.Identity.Name - 将
UseManager类注入控制器,然后你可以调用它的GetUserAsync(User)方法(ClaimsPrincipal: User)
- 使用:
解决方案3
0 2019-01-30 14:14:12
查看此问题是否可以在 asp.net 页面中设置 localStorage 或 Session 变量并在其他页面上的 javascript 中读取它?
public void SaveLog( T Obj, string Operation)
{
string hostName = Dns.GetHostName(); // Retrive the Name of HOST IpAddress
string myIP = Dns.GetHostEntry(hostName).AddressList[0].ToString();
var user = HttpContext.Current.Session["user"] as View_Emps;
// 而不是这个 .. 你可以把它放在本地存储中,并在注销或超时后将其删除 // 计时器
MyLogger.Data = new JavaScriptSerializer().Serialize(Obj);
MyLogger.OperationType = Operation;
MyLogger.TableName = typeof(T).Name;
MyLogger.DateTime = DateTime.Now;
MyLogger.User_ID = user.Emp_ID;
MyLogger.IP_Address = myIP;
db.Loggers.Add(MyLogger);
Commit();
}
解决方案4
0 2019-02-03 16:22:31
var UserName = User.Identity.Name;
var UserId = ((ClaimsIdentity)User.Identity).Claims.FirstOrDefault().Value;
它适用于这种方式,但我不得不在标头中发送令牌
解决方案5
0 2021-01-04 14:42:53
在 MVC 控制器中:
var user = await _userManager.GetUserAsync(User);
在 API 控制器中,使用这个:
var user = await _userManager.FindByNameAsync(User.Identity.Name);
确保用户使用控制器中的授权属性进行身份验证,并在您的页面开头:
[Authorize]
解决方案6
-2 2019-02-01 13:22:54
您不能在 api 调用中使用会话,每次需要对用户进行身份验证时,您都必须发送用户的令牌
您可以阅读 JWT 进行身份验证
在.Net Core 2.0 WebAPI控制器中获取当前的http上下文用户
[英]Get current http context user in .Net Core 2.0 WebAPI controller
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.