asp.net core weapi 结合identity完成登录/注册/角色/权限分配

分配"/>

asp.net core weapi 结合identity完成登录/注册/角色/权限分配

1.安装所需要的nuget包

    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.24" /><PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.24" /><PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.24" /><PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.24">

2.注入sqlserver数据库服务完成identity数据库的迁移

  "ConnectionStrings": {"defaultsql": "server=.;uid=sa;pwd=peng@123;database=ide"}

     builder.Services.AddDbContext<IdentityDbContext>(p =>{p.UseSqlServer(builder.Configuration.GetConnectionString("defaultsql"), b => b.MigrationsAssembly("Log4NetTest"));});

3.在程序包管理控制台执行下面依次命令，完成用户权限管理表的迁移

add-migration init 
update-datebase

执行完后，数据库就多了下面的表

4.创建一个用户账号的类用于登录和注册

 public class account{public string usename { get; set; }public string password { get; set; }}

5.注入identity服务

 builder.Services.AddIdentity<IdentityUser, IdentityRole>().AddEntityFrameworkStores<IdentityDbContext>();

6.注册

 private SignInManager<IdentityUser> _signInManager;private UserManager<IdentityUser> _userManager;public WeatherForecastController( SignInManager<IdentityUser> signInManager){_signInManager = signInManager;_userManager = userManager;}/// <summary>/// 注册/// </summary>/// <param name="usename"></param>/// <param name="pwd"></param>[HttpPost]public async Task<string> Register(string usename, string pwd){IdentityUser user = new IdentityUser(){UserName = usename};var result = await _userManager.CreateAsync(user, pwd);if (result.Succeeded){return "添加成功";}return "失败";}

执行swagger查询数据库，添加了一条数据（表示注入成功）

6.登录

        /// <summary>////// 登录/// </summary>/// <param name="usename"></param>/// <param name="pwd"></param>[HttpPost]public async Task<string> Login(string usename, string pwd){var user = await _userManager.FindByNameAsync(usename);if (user != null){var re = await _signInManager.PasswordSignInAsync(user, pwd, false, false);if (re.Succeeded){return "登录成功";}return "登录失败";}return "登录失败";}

使用刚才注册的账号，在swagger中调用Login方法，返回登录成功。
补充：代码中使用了微软默认的策略，比如密码的长度限制和复杂度，尝试密码失败次数等。可以根据自己的需求进行更改

 builder.Services.Configure<IdentityOptions>(options =>{// 配置密码要求options.Password.RequireDigit = true;//数字options.Password.RequireLowercase = true;//小写字母options.Password.RequireUppercase = true;//大写字母options.Password.RequireNonAlphanumeric = true;//特殊字符options.Password.RequiredLength = 8;//密码长度// 配置用户锁定选项options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);//锁定时间options.Lockout.MaxFailedAccessAttempts = 5;//失败次数options.Lockout.AllowedForNewUsers = true;// 配置用户登录选项options.SignIn.RequireConfirmedEmail = false;options.SignIn.RequireConfirmedPhoneNumber = false;});

7.新增角色

  private RoleManager<IdentityRole> _roleManager;public WeatherForecastController(RoleManager<IdentityRole> roleManager){_roleManager = roleManager;}/// <summary>/// 添加角色/// </summary>[HttpPost]public async Task<string> AddRole(string RoleName){var rolename = await _roleManager.RoleExistsAsync(RoleName);if (rolename){return "角色已经存在了";}IdentityRole role = new IdentityRole(){Name = RoleName,};var result = await _roleManager.CreateAsync(role);if (result.Succeeded){return "添加成功";}else{return "添加失败";}}

8.获取所有角色

 /// <summary>/// 获取所有角色/// </summary>/// <returns></returns>[HttpGet]public List<IdentityRole> GetRoleList(){return _roleManager.Roles.ToList();}

9.给用户分配角色

 /// <summary>/// 给用户分配角色/// </summary>[HttpPost]public async Task<string> UserToRole(string userName, string roleName){var user = await _userManager.FindByNameAsync(userName);if (user != null){var IsExist = await _userManager.IsInRoleAsync(user, roleName);if (!IsExist){var result = await _userManager.AddToRoleAsync(user, roleName);if (result.Succeeded){return "分配成功";}else{return "分配失败";}}}return "用户不存在";}

10.给角色授权（在program中添加策略）（使用策略）

  builder.Services.AddAuthorization(options =>{options.AddPolicy("RequireAdminRole", policy =>policy.RequireRole("Admin"));});app.UseAuthentication();app.UseAuthorization();//只有登录用户并且管理员才能访问[HttpGet][Authorize(Policy = "RequireAdminRole")]public string Print(){return "只有管理员才能访问";}

11.给角色授权（使用claim）

  builder.Services.AddAuthorization(options =>{options.AddPolicy("UserManager", policy =>{policy.RequireClaim("用户管理", new string[] { "添加用户", "删除用户", "编辑用户" });});});app.UseAuthentication();app.UseAuthorization();

//给用户添加claim声明

          IdentityUser user = new IdentityUser(){UserName = usename};if (result.Succeeded){await _userManager.AddClaimAsync(user, new Claim("用户管理", "添加用户"));return "添加成功";}return "失败";

   //只有登录用户并且用户claim包含了用户管理才能访问接口[HttpGet][Authorize(Policy = "UserManager")]public string Print(){return "只有管理员才能访问";}