我想在 ASP.NET 核心中从后端或 cli 创建超级管理员或系统管理员
I want to create a super admin or system admin from backend or cli in ASP.NET Core
我正在构建一个注册页面仅对管理员用户可用的应用程序,因此我可以将注册页面提供给管理员用户。但是我需要创建一个可以创建这些用户的管理员用户。我无法通过 Api.
问题
我正在使用基于 JWT 令牌的身份验证。在基于 JWT Token 的 Authention 中,它需要特定的过程来通过 C# 代码创建用户。
有什么方法可以在不调用 API 的情况下从反手创建用户?
[HttpPost]
[Route("register")]
public async Task<IActionResult> Register(RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Username);
if (userExists != null)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User already exists!" });
ApplicationUser user = new ApplicationUser()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Username
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User creation failed! Please check user details and try again." });
return Ok(new Response { Status = "Success", Message = "User created successfully!" });
}
[HttpPost]
[Route("register-admin")]
public async Task<IActionResult> RegisterAdmin(RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Username);
if (userExists != null)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User already exists!" });
ApplicationUser user = new ApplicationUser()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Username
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User creation failed! Please check user details and try again." });
if (!await roleManager.RoleExistsAsync(UserRoles.Admin))
await roleManager.CreateAsync(new IdentityRole(UserRoles.Admin));
if (!await roleManager.RoleExistsAsync(UserRoles.User))
await roleManager.CreateAsync(new IdentityRole(UserRoles.User));
if (await roleManager.RoleExistsAsync(UserRoles.Admin))
{
await userManager.AddToRoleAsync(user, UserRoles.Admin);
}
return Ok(new Response { Status = "Success", Message = "User created successfully!" });
}
public void ConfigureServices(IServiceCollection services)
{
// Allow Cross for Centain Network
services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins(Configuration["JWT:ValidAudience"]);
});
});
services.AddControllers();
// For Entity Framework
services.AddDbContext<DentalDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
// For Identity
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
})
.AddEntityFrameworkStores<DentalDbContext>()
.AddDefaultTokenProviders();
// Adding Authentication
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
// Adding Jwt Bearer
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = Configuration["JWT:ValidAudience"],
ValidIssuer = Configuration["JWT:ValidIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:Secret"]))
};
});
}
是的,如果您使用 Microsoft Identity。这是有出路的。
在Program.cs
public static void Main(string[] args)
{
var host = CreateHostBuilder(args).Build();
try
{
using var scope = host.Services.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<IdentityUser>>();
context.Database.EnsureCreated();
if (!context.Users.Any())
{
var superAdminUser= new IdentityUser
{
UserName = "SuperAdmin"
};
userManager.CreateAsync(superAdminUser, "SuperAdminPassword").GetAwaiter().GetResult();
//Roles contains user, user contains claims
var adminClaim = new Claim("Role", "SuperAdminUser");
userManager.AddClaimAsync(SuperAdminUser, adminClaim).GetAwaiter().GetResult();
}
}
catch(Exception ex)
{
Console.WriteLine(ex.Message);
}
host.Run();
}
在启动时使用授权。
services.AddAuthorization(options =>
{
options.AddPolicy("SuperAdmin", policy => policy.RequireClaim("Role", "SuperAdmin"));
});
在Controller中为SuperAdmin角色添加授权
[Authorize(Policy = "SuperAdmin ")]
public class SecretController : Controller
{}
我正在构建一个注册页面仅对管理员用户可用的应用程序,因此我可以将注册页面提供给管理员用户。但是我需要创建一个可以创建这些用户的管理员用户。我无法通过 Api.
问题
我正在使用基于 JWT 令牌的身份验证。在基于 JWT Token 的 Authention 中,它需要特定的过程来通过 C# 代码创建用户。 有什么方法可以在不调用 API 的情况下从反手创建用户?
[HttpPost]
[Route("register")]
public async Task<IActionResult> Register(RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Username);
if (userExists != null)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User already exists!" });
ApplicationUser user = new ApplicationUser()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Username
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User creation failed! Please check user details and try again." });
return Ok(new Response { Status = "Success", Message = "User created successfully!" });
}
[HttpPost]
[Route("register-admin")]
public async Task<IActionResult> RegisterAdmin(RegisterModel model)
{
var userExists = await userManager.FindByNameAsync(model.Username);
if (userExists != null)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User already exists!" });
ApplicationUser user = new ApplicationUser()
{
Email = model.Email,
SecurityStamp = Guid.NewGuid().ToString(),
UserName = model.Username
};
var result = await userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User creation failed! Please check user details and try again." });
if (!await roleManager.RoleExistsAsync(UserRoles.Admin))
await roleManager.CreateAsync(new IdentityRole(UserRoles.Admin));
if (!await roleManager.RoleExistsAsync(UserRoles.User))
await roleManager.CreateAsync(new IdentityRole(UserRoles.User));
if (await roleManager.RoleExistsAsync(UserRoles.Admin))
{
await userManager.AddToRoleAsync(user, UserRoles.Admin);
}
return Ok(new Response { Status = "Success", Message = "User created successfully!" });
}
public void ConfigureServices(IServiceCollection services)
{
// Allow Cross for Centain Network
services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins(Configuration["JWT:ValidAudience"]);
});
});
services.AddControllers();
// For Entity Framework
services.AddDbContext<DentalDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
// For Identity
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
})
.AddEntityFrameworkStores<DentalDbContext>()
.AddDefaultTokenProviders();
// Adding Authentication
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
// Adding Jwt Bearer
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = Configuration["JWT:ValidAudience"],
ValidIssuer = Configuration["JWT:ValidIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:Secret"]))
};
});
}
是的,如果您使用 Microsoft Identity。这是有出路的。 在Program.cs
public static void Main(string[] args)
{
var host = CreateHostBuilder(args).Build();
try
{
using var scope = host.Services.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
var userManager = scope.ServiceProvider.GetRequiredService<UserManager<IdentityUser>>();
context.Database.EnsureCreated();
if (!context.Users.Any())
{
var superAdminUser= new IdentityUser
{
UserName = "SuperAdmin"
};
userManager.CreateAsync(superAdminUser, "SuperAdminPassword").GetAwaiter().GetResult();
//Roles contains user, user contains claims
var adminClaim = new Claim("Role", "SuperAdminUser");
userManager.AddClaimAsync(SuperAdminUser, adminClaim).GetAwaiter().GetResult();
}
}
catch(Exception ex)
{
Console.WriteLine(ex.Message);
}
host.Run();
}
在启动时使用授权。
services.AddAuthorization(options =>
{
options.AddPolicy("SuperAdmin", policy => policy.RequireClaim("Role", "SuperAdmin"));
});
在Controller中为SuperAdmin角色添加授权
[Authorize(Policy = "SuperAdmin ")]
public class SecretController : Controller
{}