1.安装所需要的nuget包
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.24" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.24">
2.注入sqlserver数据库服务完成identity数据库的迁移
"ConnectionStrings": {
"defaultsql": "server=.;uid=sa;pwd=peng@123;database=ide"
}
builder.Services.AddDbContext<IdentityDbContext>(p =>
{
p.UseSqlServer(builder.Configuration.GetConnectionString("defaultsql"), b => b.MigrationsAssembly("Log4NetTest"));
});
3.在程序包管理控制台执行下面依次命令,完成用户权限管理表的迁移
add-migration init
update-datebase
执行完后,数据库就多了下面的表
4.创建一个用户账号的类用于登录和注册
public class account
{
public string usename { get; set; }
public string password { get; set; }
}
5.注入identity服务
builder.Services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityDbContext>();
6.注册
private SignInManager<IdentityUser> _signInManager;
private UserManager<IdentityUser> _userManager;
public WeatherForecastController( SignInManager<IdentityUser> signInManager)
{
_signInManager = signInManager;
_userManager = userManager;
}
/// <summary>
/// 注册
/// </summary>
/// <param name="usename"></param>
/// <param name="pwd"></param>
[HttpPost]
public async Task<string> Register(string usename, string pwd)
{
IdentityUser user = new IdentityUser()
{
UserName = usename
};
var result = await _userManager.CreateAsync(user, pwd);
if (result.Succeeded)
{
return "添加成功";
}
return "失败";
}
执行swagger查询数据库,添加了一条数据(表示注入成功)
6.登录
/// <summary>
///
/// 登录
/// </summary>
/// <param name="usename"></param>
/// <param name="pwd"></param>
[HttpPost]
public async Task<string> Login(string usename, string pwd)
{
var user = await _userManager.FindByNameAsync(usename);
if (user != null)
{
var re = await _signInManager.PasswordSignInAsync(user, pwd, false, false);
if (re.Succeeded)
{
return "登录成功";
}
return "登录失败";
}
return "登录失败";
}
使用刚才注册的账号,在swagger中调用Login方法,返回登录成功。
补充:代码中使用了微软默认的策略,比如密码的长度限制和复杂度,尝试密码失败次数等。可以根据自己的需求进行更改
builder.Services.Configure<IdentityOptions>(options =>
{
// 配置密码要求
options.Password.RequireDigit = true;//数字
options.Password.RequireLowercase = true;//小写字母
options.Password.RequireUppercase = true;//大写字母
options.Password.RequireNonAlphanumeric = true;//特殊字符
options.Password.RequiredLength = 8;//密码长度
// 配置用户锁定选项
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);//锁定时间
options.Lockout.MaxFailedAccessAttempts = 5;//失败次数
options.Lockout.AllowedForNewUsers = true;
// 配置用户登录选项
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
});
7.新增角色
private RoleManager<IdentityRole> _roleManager;
public WeatherForecastController(RoleManager<IdentityRole> roleManager)
{
_roleManager = roleManager;
}
/// <summary>
/// 添加角色
/// </summary>
[HttpPost]
public async Task<string> AddRole(string RoleName)
{
var rolename = await _roleManager.RoleExistsAsync(RoleName);
if (rolename)
{
return "角色已经存在了";
}
IdentityRole role = new IdentityRole()
{
Name = RoleName,
};
var result = await _roleManager.CreateAsync(role);
if (result.Succeeded)
{
return "添加成功";
}
else
{
return "添加失败";
}
}
8.获取所有角色
/// <summary>
/// 获取所有角色
/// </summary>
/// <returns></returns>
[HttpGet]
public List<IdentityRole> GetRoleList()
{
return _roleManager.Roles.ToList();
}
9.给用户分配角色
/// <summary>
/// 给用户分配角色
/// </summary>
[HttpPost]
public async Task<string> UserToRole(string userName, string roleName)
{
var user = await _userManager.FindByNameAsync(userName);
if (user != null)
{
var IsExist = await _userManager.IsInRoleAsync(user, roleName);
if (!IsExist)
{
var result = await _userManager.AddToRoleAsync(user, roleName);
if (result.Succeeded)
{
return "分配成功";
}
else
{
return "分配失败";
}
}
}
return "用户不存在";
}
10.给角色授权(在program中添加策略)(使用策略)
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdminRole", policy =>
policy.RequireRole("Admin"));
});
app.UseAuthentication();
app.UseAuthorization();
//只有登录用户并且管理员才能访问
[HttpGet]
[Authorize(Policy = "RequireAdminRole")]
public string Print()
{
return "只有管理员才能访问";
}
11.给角色授权(使用claim)
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("UserManager", policy =>
{
policy.RequireClaim("用户管理", new string[] { "添加用户", "删除用户", "编辑用户" });
});
});
app.UseAuthentication();
app.UseAuthorization();
//给用户添加claim声明
IdentityUser user = new IdentityUser()
{
UserName = usename
};
if (result.Succeeded)
{
await _userManager.AddClaimAsync(user, new Claim("用户管理", "添加用户"));
return "添加成功";
}
return "失败";
//只有登录用户并且用户claim包含了用户管理才能访问接口
[HttpGet]
[Authorize(Policy = "UserManager")]
public string Print()
{
return "只有管理员才能访问";
}
