问题描述
我有一组 API,我想对其进行一些身份验证。我已将授权和身份验证部分添加到项目中。我已经为数据库和应用程序用户添加了上下文。我可以创建用户并登录他们,然后将 JWT 返回给调用者并根据 JWT 验证用户。但是,我要创建的某些用户是具有提升权限的管理员。这是我用户创建用户的代码:
async Task<Response> Icreateuser.createuser(RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.UserName);
if (userExists != null)
{
return new Response { Status = "error",Message = "User already exists" };
}
ApplicationUser user = new ApplicationUser()
{
Email = model.Email,SecurityStamp = Guid.NewGuid().ToString(),UserName = model.UserName
};
var result = await userManager.CreateAsync(user,model.Password);
if (!result.Succeeded)
{
return new Response { Status = "Error",Message = "Unable to create user" };
}
else
{
var adminRole = await roleManager.FindByNameAsync("admin");
if(!await userManager.IsInRoleAsync(user,adminRole.Name))
{
await userManager.AddToRoleAsync(user,adminRole.Name);
}
}
return new Response { Status = "Success",Message = "User Created" };
}
这将添加用户,甚至将他们添加到角色中。但是当我列出声明时,我看到的只有 nameidentifier、jti、email、exp、iss 和 aud 值。这是我用来返回声明的代码:
public IActionResult Index()
{
var claims = User.Claims.Select(claim => new { claim.Type,claim.Value }).ToArray();
return Json(claims);
}
public async Task<IActionResult> Create([required] string name)
{
var adminRole = await roleManager.FindByNameAsync(name);
if (adminRole == null)
{
adminRole = new IdentityRole(name);
await roleManager.CreateAsync(adminRole);
await roleManager.AddClaimAsync(adminRole,new Claim(ClaimTypes.Role,name));
return Ok("Role Created");
}
else
{
return StatusCode(StatusCodes.Status500InternalServerError,new Response { Status = "error",Message = "Role Not created" });
}
}
就像我说的,我可以创建用户,但我没有看到添加到用户的 Admin 声明,因此我无法通过角色进行身份验证。我错过了什么?
解决方法
当我创建 JWT 令牌时,我需要添加对 GetRolesAsync 的调用。获得此列表后,我可以遍历数组并添加声明。
var claim = new List<Claim>();
claim.Add(new Claim(JwtRegisteredClaimNames.Sub,user.UserName));
claim.Add(new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString()));
claim.Add(new Claim(ClaimTypes.Email,model.Email));
var roles = userManager.GetRolesAsync(user).Result.ToArray();
foreach(var role in roles)
{
claim.Add(new Claim(ClaimTypes.Role,role));
}
这段代码允许我将用户添加到他们在创建时分配的角色中。