无法创建 HttpGet 控制器以使用身份查找用户详细信息
unable to create HttpGet controller to find user detail using identity
我已经创建了身份验证控制器,并且能够创建用于登录和注销的 HttpPost,但不能创建 HttpGet。我正在尝试的是只有经过身份验证的用户才能点击和 return 关于当前登录用户的基本信息至少为用户名,Staffid(如果有)
我创建了三个角色,即管理员和员工。
namespace Web.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthenticationController : ControllerBase
{
private readonly UserManager<User> userManager;
private readonly SignInManager<User> signInManager;
public object DefaultAuthenticationTypes { get; private set; }
public AuthenticationController(UserManager<User> userManager, SignInManager<User> signInManager)
{
this.userManager = userManager;
this.signInManager = signInManager;
}
[HttpPost("login")]
public async Task<ActionResult<UserDto>> Login(LoginDto dto)
{
var user = await userManager.FindByNameAsync(dto.UserName);
if (user == null)
{
return BadRequest();
}
var password = await signInManager.CheckPasswordSignInAsync(user, dto.Password, true);
if (!password.Succeeded)
{
return BadRequest();
}
await signInManager.SignInAsync(user, false, "Password");
return Ok(new UserDto
{
UserName = user.UserName
});
}
[HttpGet]
[Authorize]
public async Task<string> GetUserProfile()
{
var userName = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
var userId = userName.Id;
var roleId = User.IsInRole("Staff");
if (!(roleId.ToString() == "Staff"))
{
return userName.ToString();
}
return userId.ToString();
}
[HttpPost("logout")]
public async Task<ActionResult> logout()
{
await signInManager.SignOutAsync();
return Ok();
}
}
}
如果你想使用HttpGet,这里有一个演示:
登录:
[HttpGet("login")]
public async Task<IActionResult> Login(InputModel Input) {
return Ok();
}
输入模型:
public class InputModel
{
[Required]
[EmailAddress]
public string Email { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
视图(在表单上使用 method="get"):
<form id="account" method="get" asp-controller="Home" asp-action="Login">
<h4>Use a local account to log in.</h4>
<hr />
<div asp-validation-summary="All" class="text-danger"></div>
<div class="form-group">
<label asp-for="Input.Email"></label>
<input asp-for="Input.Email" class="form-control" />
<span asp-validation-for="Input.Email" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Input.Password"></label>
<input asp-for="Input.Password" class="form-control" />
<span asp-validation-for="Input.Password" class="text-danger"></span>
</div>
<div class="form-group">
<div class="checkbox">
<label asp-for="Input.RememberMe">
<input asp-for="Input.RememberMe" />
@Html.DisplayNameFor(m => m.Input.RememberMe)
</label>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Log in</button>
</div>
</form>
结果:
但是,当你使用HttpGet时,你的用户登录信息会暴露在url中,所以不安全,你最好使用HttpPost。
如果你想获取用户详细信息,你可以使用这个:
var info = await _userManager.GetUserAsync(HttpContext.User);
我已经解决了这个问题:
[HttpGet]
[Authorize]
public async Task<object> GetUserProfile()
{
var userName = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
var userId = userName.Id;
var role = await userManager.GetRolesAsync(userName);
if (User.IsInRole("Staff"))
{
return Ok(new
{
userName,
userId
});
}
return Ok(new
{
userName,
role
});
我已经创建了身份验证控制器,并且能够创建用于登录和注销的 HttpPost,但不能创建 HttpGet。我正在尝试的是只有经过身份验证的用户才能点击和 return 关于当前登录用户的基本信息至少为用户名,Staffid(如果有) 我创建了三个角色,即管理员和员工。
namespace Web.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthenticationController : ControllerBase
{
private readonly UserManager<User> userManager;
private readonly SignInManager<User> signInManager;
public object DefaultAuthenticationTypes { get; private set; }
public AuthenticationController(UserManager<User> userManager, SignInManager<User> signInManager)
{
this.userManager = userManager;
this.signInManager = signInManager;
}
[HttpPost("login")]
public async Task<ActionResult<UserDto>> Login(LoginDto dto)
{
var user = await userManager.FindByNameAsync(dto.UserName);
if (user == null)
{
return BadRequest();
}
var password = await signInManager.CheckPasswordSignInAsync(user, dto.Password, true);
if (!password.Succeeded)
{
return BadRequest();
}
await signInManager.SignInAsync(user, false, "Password");
return Ok(new UserDto
{
UserName = user.UserName
});
}
[HttpGet]
[Authorize]
public async Task<string> GetUserProfile()
{
var userName = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
var userId = userName.Id;
var roleId = User.IsInRole("Staff");
if (!(roleId.ToString() == "Staff"))
{
return userName.ToString();
}
return userId.ToString();
}
[HttpPost("logout")]
public async Task<ActionResult> logout()
{
await signInManager.SignOutAsync();
return Ok();
}
}
}
如果你想使用HttpGet,这里有一个演示: 登录:
[HttpGet("login")]
public async Task<IActionResult> Login(InputModel Input) {
return Ok();
}
输入模型:
public class InputModel
{
[Required]
[EmailAddress]
public string Email { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
视图(在表单上使用 method="get"):
<form id="account" method="get" asp-controller="Home" asp-action="Login">
<h4>Use a local account to log in.</h4>
<hr />
<div asp-validation-summary="All" class="text-danger"></div>
<div class="form-group">
<label asp-for="Input.Email"></label>
<input asp-for="Input.Email" class="form-control" />
<span asp-validation-for="Input.Email" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Input.Password"></label>
<input asp-for="Input.Password" class="form-control" />
<span asp-validation-for="Input.Password" class="text-danger"></span>
</div>
<div class="form-group">
<div class="checkbox">
<label asp-for="Input.RememberMe">
<input asp-for="Input.RememberMe" />
@Html.DisplayNameFor(m => m.Input.RememberMe)
</label>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Log in</button>
</div>
</form>
结果:
如果你想获取用户详细信息,你可以使用这个:
var info = await _userManager.GetUserAsync(HttpContext.User);
我已经解决了这个问题:
[HttpGet]
[Authorize]
public async Task<object> GetUserProfile()
{
var userName = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
var userId = userName.Id;
var role = await userManager.GetRolesAsync(userName);
if (User.IsInRole("Staff"))
{
return Ok(new
{
userName,
userId
});
}
return Ok(new
{
userName,
role
});