« Asp.net core identity » : différence entre les versions

De Banane Atomic
Aller à la navigationAller à la recherche
Ligne 19 : Ligne 19 :

It will create 4 SQL tables:
It will create 4 SQL tables: {{boxx|AspNetUsers}} {{boxx|AspNetUserClaims}} {{boxx|AspNetUserLogins}} {{boxx|AspNetUserTokens}}
* AspNetUsers
* AspNetUserClaims
* AspNetUserLogins
* AspNetUserTokens

<filebox fn='Data/MyAppSeeder.cs'>
<filebox fn='Data/MyAppSeeder.cs'>

Version du 23 mars 2021 à 21:07


Update the database to store the identities

// replace DbContext by IdentityDbContext<IdentityUser>
// use IdentityUserContext<IdentityUser> to have Identity without roles
public sealed class MyAppContext : IdentityDbContext<IdentityUser>
{ }
# create the migration file Migrations/xxx_Identity.cs
dotnet ef add migrations Identity

# update the database
dotnet ef database update

It will create 4 SQL tables: AspNetUsers AspNetUserClaims AspNetUserLogins AspNetUserTokens

private readonly UserManager<IdentityUser> _userManager;

public MyAppSeeder(MyAppContext context, UserManager<IdentityUser> userManager)
    _context = context;
    _userManager = userManager;

public async Task Seed()

    var user = await _userManager.FindByNameAsync("Billy");
    if (user == null)
        user = new IdentityUser("Billy");
        var result = await _userManager.CreateAsync(user, "P@ssw0rd!");
        if (result != IdentityResult.Success)
            throw new InvalidOperationException("Failed to create the default user.");
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    using (var scope = app.ApplicationServices.CreateScope())
        var seeder = scope.ServiceProvider.GetService<MyAppSeeder>();
        seeder.Seed().Wait();  // appel de Wait car Seed est maintenant asynchrone


public void ConfigureServices(IServiceCollection services)
    services.AddIdentity<StoreUser, IdentityRole>(cfg =>
        cfg.User.RequireUniqueEmail = true;
        cfg.Password.RequireDigit = true;
    .AddEntityFrameworkStores<MyAppContext>();  // get identity from an EF store

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    // UseAuthentication doit de trouver avant UseMvc

Login View

@model LoginViewModel
    ViewBag.Title = "Login";
@section scripts {
    <script src="~/vendor/jquery-validation/jquery.validate.min.js"></script>
    <script src="~/vendor/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js"></script>
<div class="row">
    <div class="col-md-4 col-md-offset-4">
        <form method="post">
            <div asp-validation-summary="ModelOnly" class="text-danger"></div>
            <div class="form-group">
                <label asp-for="Username" class="control-label"></label>
                <input asp-for="Username" class="form-control" />
                <span asp-validation-for="Username" class="text-danger"></span>
            <div class="form-group">
                <label asp-for="Password" class="control-label"></label>
                <input asp-for="Password" type="password" class="form-control" />
                <span asp-validation-for="Password" class="text-danger"></span>
            <div class="form-group">
                <label asp-for="RememberMe" class="control-label">Remember me ?</label>
                <input asp-for="RememberMe" type="checkbox" class="checkbox-inline" />
            <div class="form-group">
                <input type="submit" value="Login" class="btn btn-success" />
public class LoginViewModel
    public string Username { get; set; }
    public string Password { get; set; }
    public bool RememberMe { get; set; }
public class AccountController : Controller
    private readonly SignInManager<IdentityUser> _signInManager;

    public AccountController(SignInManager<IdentityUser> signInManager)
        _signInManager = signInManager;

    public IActionResult Login()
        if (this.User.Identity.IsAuthenticated)
            return RedirectToAction("Index", "List");

        return View();

    public IActionResult Login(LoginViewModel model)
            var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberMe, false);
            if (result.Succeeded)
                if (Request.Query.Keys.Contains("ReturnUrl"))
                    return Redirect(Request.Query["ReturnUrl"].First());
                    RedirectToAction("Index", "List");

        // erreur générique
        ModelState.AddModelError("", "Failed to login");
        // retour vers la vue de login
        return View();


Par défaut l'authentification se fait avec des cookies.
Pour les API, il vaut mieux utiliser OpenId, OAuth2 ou JWT


public void ConfigureServices(IServiceCollection services)
        .AddJwtBearer(cfg =>
            cfg.TokenValidationParameters = new TokenValidationParameters()
                ValidIssuer = Configuration["Tokens:Issuer"],
                ValidAudience = Configuration["Tokens:Audience"],
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
"Tokens": {
  "Key": "MyKey",
  "Issuer": "localhost",
  "Audience": "users"
[Produces("application/json")]  // force le format JSON
[Route("api/[Controller]")]     // /api/items
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class ItemsController : Controller

Test avec PostMan:

  • Headers
    • Key: Authorization
    • Bearer montoken

Création des tokens

private readonly SignInManager<IdentityUser> _signInManager;
private readonly UserManager<IdentityUser> _userManager;
private readonly IConfiguration _config;

public AccountController(SignInManager<IdentityUser> signInManager, UserManager<IdentityUser> userManager, IConfiguration config)
    _signInManager = signInManager;
    _userManager = userManager;
    _config = config;

public async Task<IActionResult> CreateToken([FromBody]LoginViewModel model)
    if (ModelState.IsValid)
        var user = await _userManager.FindByNameAsync(model.Username);
        if (user!= null)
            var result = await _signInManager.CheckPasswordSignInAsync(user, model.Password, false);
            if (result.Succeeded)
                // créer le token
                var claims = new[]
                    // name of the subject
                    //new Claim(JwtRegisteredClaimNames.Sub, user.Email),
                    // unique string which represents the token
                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                    // name used for the mapping
                    new Claim(JwtRegisteredClaimNames.UniqueName, user.UserName),

                var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:key"]));
                var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                var token = new JwtSecurityToken(
                    expires: DateTime.UtcNow.AddMinutes(30),
                    signingCredentials: credentials

                var wrappedToken = new
                    token = new JwtSecurityTokenHandler().WriteToken(token),
                    expiration = token.ValidTo

                return Created("", wrappedToken);

    return BadRequest();

Test avec PostMan:

  • POST
  • Body → raw + JSON