asp.net core weapi 结合identity完成登录/注册/角色/权限分配
1.安装所需要的nuget包
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.24">
2.注入sqlserver数据库服务完成identity数据库的迁移
"ConnectionStrings": {
"defaultsql": "server=.;uid=sa;pwd=peng@123;database=ide"
}
builder.Services.AddDbContext<IdentityDbContext>(p =>
{
p.UseSqlServer(builder.Configuration.GetConnectionString("defaultsql"), b => b.MigrationsAssembly("Log4NetTest"));
});
3.在程序包管理控制台执行下面依次命令,完成用户权限管理表的迁移
add-migration init
update-datebase
执行完后,数据库就多了下面的表
4.创建一个用户账号的类用于登录和注册
public class account
{
public string usename { get; set; }
public string password { get; set; }
}
5.注入identity服务
builder.Services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityDbContext>();
6.注册
private SignInManager<IdentityUser> _signInManager;
private UserManager<IdentityUser> _userManager;
public WeatherForecastController( SignInManager<IdentityUser> signInManager)
{
_signInManager = signInManager;
_userManager = userManager;
}
/// 执行swagger查询数据库,添加了一条数据(表示注入成功)
6.登录
/// 使用刚才注册的账号,在swagger中调用Login方法,返回登录成功。
补充:代码中使用了微软默认的策略,比如密码的长度限制和复杂度,尝试密码失败次数等。可以根据自己的需求进行更改
builder.Services.Configure<IdentityOptions>(options =>
{
// 配置密码要求
options.Password.RequireDigit = true;//数字
options.Password.RequireLowercase = true;//小写字母
options.Password.RequireUppercase = true;//大写字母
options.Password.RequireNonAlphanumeric = true;//特殊字符
options.Password.RequiredLength = 8;//密码长度
// 配置用户锁定选项
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);//锁定时间
options.Lockout.MaxFailedAccessAttempts = 5;//失败次数
options.Lockout.AllowedForNewUsers = true;
// 配置用户登录选项
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
});
7.新增角色
private RoleManager<IdentityRole> _roleManager;
public WeatherForecastController(RoleManager<IdentityRole> roleManager)
{
_roleManager = roleManager;
}
/// 8.获取所有角色
/// 9.给用户分配角色
/// 10.给角色授权(在program中添加策略)(使用策略)
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdminRole", policy =>
policy.RequireRole("Admin"));
});
app.UseAuthentication();
app.UseAuthorization();
//只有登录用户并且管理员才能访问
[HttpGet]
[Authorize(Policy = "RequireAdminRole")]
public string Print()
{
return "只有管理员才能访问";
}
11.给角色授权(使用claim)
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("UserManager", policy =>
{
policy.RequireClaim("用户管理", new string[] { "添加用户", "删除用户", "编辑用户" });
});
});
app.UseAuthentication();
app.UseAuthorization();
//给用户添加claim声明
IdentityUser user = new IdentityUser()
{
UserName = usename
};
if (result.Succeeded)
{
await _userManager.AddClaimAsync(user, new Claim("用户管理", "添加用户"));
return "添加成功";
}
return "失败";
//只有登录用户并且用户claim包含了用户管理才能访问接口
[HttpGet]
[Authorize(Policy = "UserManager")]
public string Print()
{
return "只有管理员才能访问";
}