asp.net-web-api – 如何自定义认证我自己的表在asp.net web api 2?

前端之家收集整理的这篇文章主要介绍了asp.net-web-api – 如何自定义认证我自己的表在asp.net web api 2?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
在默认AccountController创建我看到
public AccountController()
        : this(Startup.UserManagerFactory(),Startup.OAuthOptions.AccessTokenFormat)
    {
    }

在Startup.Auth.cs我看到

UserManagerFactory = () => 
                new UserManager<IdentityUser>(new UserStore<IdentityUser>());

看起来像UserStore的实现来自Microsoft.AspNet.Identity.EntityFramework。

所以,要自定义认证,我必须实现我自己的版本的UserStore喜欢

class MYSTUFFUserStore<IdentityUser> : UserStore<IdentityUser>
 {
 }

并覆盖方法,然后在Startup.Auth.cs中执行此操作

UserManagerFactory = () => 
               new UserManager<IdentityUser>(new MYSTUFFUserStore<IdentityUser>());

我正在寻找一种正确的方式来自定义身份验证。

解决方法

假设您的表称为AppUser,将您自己的AppUser域对象转换为IUser(使用Microsoft.AspNet.Identity),如下所示
using Microsoft.AspNet.Identity;
public class AppUser : IUser
{
    //Existing database fields
    public long AppUserId { get; set; }
    public string AppUserName { get; set; }
    public string AppPassword { get; set; }

    public AppUser()
    {
        this.Id = Guid.NewGuid().ToString();  
    }

    [Ignore]
    public virtual string Id { get; set; }         
    [Ignore]
    public string UserName
    {
        get
        {
            return AppUserName;
        }
        set
        {
            AppUserName = value;
        }
    }
}

像这样实现UserStore对象

using Microsoft.AspNet.Identity;
public class UserStoreService 
         : IUserStore<AppUser>,IUserPasswordStore<AppUser>
{
    CompanyDbContext context = new CompanyDbContext();

    public Task CreateAsync(AppUser user)
    {            
        throw new NotImplementedException();
    }

    public Task DeleteAsync(AppUser user)
    {
        throw new NotImplementedException();
    }

    public Task<AppUser> FindByIdAsync(string userId)
    {
        throw new NotImplementedException();
    }

    public Task<AppUser> FindByNameAsync(string userName)
    {
        Task<AppUser> task = context.AppUsers.Where(
                              apu => apu.AppUserName == userName)
                              .FirstOrDefaultAsync();

        return task;
    }

    public Task UpdateAsync(AppUser user)
    {
        throw new NotImplementedException();
    }

    public void Dispose()
    {
        context.Dispose();
    }

    public Task<string> GetPasswordHashAsync(AppUser user)
    {
        if (user == null)
        {
            throw new ArgumentNullException("user");
        }

        return Task.FromResult(user.AppPassword);
    }

    public Task<bool> HasPasswordAsync(AppUser user)
    {
        return Task.FromResult(user.AppPassword != null);
    }

    public Task SetPasswordHashAsync(AppUser user,string passwordHash)
    {
        throw new NotImplementedException();
    }

}

如果你有自己的自定义密码哈希,你还需要实现IPasswordHasher。下面是一个没有哈希密码的例子(哦不!

using Microsoft.AspNet.Identity;
public class MyPasswordHasher : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword
                  (string hashedPassword,string providedPassword)
    {
        if (hashedPassword == HashPassword(providedPassword))
            return PasswordVerificationResult.Success;
        else
            return PasswordVerificationResult.Failed;
    }
}

在Startup.Auth.cs中替换

UserManagerFactory = () => 
     new UserManager<IdentityUser>(new UserStore<IdentityUser>());

UserManagerFactory = () => 
     new UserManager<AppUser>(new UserStoreService()) { PasswordHasher = new MyPasswordHasher() };

在ApplicationOAuthProvider.cs中,将IdentityUser替换为AppUser

在AccountController.cs中,将IdentityUser替换为AppUser,并删除所有外部验证方法,如GetManageInfo和RegisterExternal等。

猜你在找的asp.Net相关文章