I am trying to login user through webapi.
My apicontroller function is:
public async Task<IHttpActionResult> Login(string email, string password)
{
ApplicationDbContext ctx = new ApplicationDbContext();
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(ctx);
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
var user = await UserManager.FindAsync(email, password);
if (user != null)
{
await SignInAsync(user, true); // The name 'SignInAsync' does not exist in current context
return Ok("OK");
}
return Ok("Error");
}
I want to write methods of signup, login, and logout in webapi but i am stuck at SignInAsync. Am I missing library reference? Or how to use this in webapi?
SignInAsync is a method of SignInManager class not controller class write this instead:
await HttpContext.Current.GetOwinContext()
.Get<ApplicationSignInManager>().SignInAsync(user, true, false);
Related
I'm using .net core with JWT for authentication. And I'm trying to access user claims from HttpContextAccessor in my custom attribute. From within the app, I have a UserService.cs (code below) where I can do this. But on OnActionExecuting in my custom attribute, the claims come as an empty error. Even if I call the function from my user service, the claims aren't there.
My ultimate objective is to get the user's id to check if the user has admin access. I don't wanna store the admin access status on the token.
UserService.cs
public AuthenticatedUserClaims AuthenticatedUser()
{
var userClaims = new AuthenticatedUserClaims();
var claims = _contextAccessor.HttpContext.User.Claims;
var enumerable = claims as Claim[] ?? claims.ToArray();
var userId = enumerable.SingleOrDefault(x => x.Type == "UserId")?.Value;
userClaims.UserName = enumerable.SingleOrDefault(x => x.Type == "UserName")?.Value;
userClaims.FullName = enumerable.SingleOrDefault(x => x.Type == "FullName")?.Value;
if (userId != null && !string.IsNullOrEmpty(userId)) userClaims.UserId = int.Parse(userId);
return userClaims;
}
My Custom Attribute
[AttributeUsage(AttributeTargets.Class| AttributeTargets.Method)]
public class PermissionsRequiredAttribute: ActionFilterAttribute
{
private readonly IHttpContextAccessor _contextAccessor;
public PermissionsRequiredAttribute(IHttpContextAccessor contextAccessor)
{
_contextAccessor = contextAccessor;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var claims = _contextAccessor.HttpContext.User.Claims;
var claimsList = claims as Claim[] ?? claims.ToArray();
// claimsList = Claims[0]??
// context.Result = new UnauthorizedResult();
base.OnActionExecuting(context);
}
}
Attribute Usage
[HttpGet("{id}")]
[ServiceFilter(typeof(PermissionsRequiredAttribute))]
public async Task<ActionResult<Beneficiary>> GetBeneficiary([FromRoute] int id) { //... }
ConfigureServices on Startup.cs
services.AddTransient<IHttpContextAccessor, HttpContextAccessor>();
services.AddScoped<PermissionsRequiredAttribute>();
Thanks in advance :)
I found a "hackaround" based on this answer, but I still don't know why my user HttpContext is empty.
[AttributeUsage(AttributeTargets.Class| AttributeTargets.Method)]
public class PermissionsRequiredAttribute: ActionFilterAttribute
{
private readonly IUser _user;
public PermissionsRequiredAttribute(IUser user)
{
_user = user;
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
bool headers = context.HttpContext.Request.Headers.TryGetValue("Authorization", out var tokens);
string token = tokens.FirstOrDefault()?.Split(" ")[1];
if (string.IsNullOrEmpty(token))
context.Result = new UnauthorizedResult();
var handler = new JwtSecurityTokenHandler();
JwtSecurityToken securityToken = (JwtSecurityToken) handler.ReadToken(token);
IEnumerable<Claim> claims = securityToken.Payload.Claims;
string userId = claims.SingleOrDefault(c => c.Type == "UserId")?.Value;
if (!string.IsNullOrEmpty(userId))
context.Result = new UnauthorizedResult();
var currentUser = await _user.GetUser(int.Parse(userId ?? throw new UnauthorizedAccessException()));
if (!currentUser.isAdmin)
context.Result = new UnauthorizedResult();
await base.OnActionExecutionAsync(context, next);
}
}
EDIT: 16-10-2021
I found a solution I'm happy with, it looks like I just needed to add the line in Startup.cs in ConfigureServices(IServiceCollection services)
services.AddHttpContextAccessor();
And now the line below has values Claims
var claims = _contextAccessor.HttpContext.User.Claims;
I use ASP.NET Core Identity and try "FindByNameAsync" method to get a user with username. I am sure there is a user with the username. But "FindByNameAsync" can't find the user. "GetByUserName" is my method and it queries db with username and it found the user as i expect. Has FindByNameAsync a bug or?
//this is can't find the user with username
var appUser = await UserService.FindByNameAsync(userName);
//this is my method and it works well
var appUser = UserService.GetByUserName(userName);
I'm normally using UserManager to find the info about the user
private readonly UserManager<User> _userManager;
public async Task<User> GetUserAsync(ClaimsPrincipal principal)
{
return await _userManager.GetUserAsync(principal);
}
public async Task<User> FindByNameAsync(string username)
{
return await _userManager.FindByNameAsync(username);
}
public async Task<User> FindByEmailAsync(string email)
{
return await _userManager.FindByEmailAsync(email);
}
public async Task<User> FindByIdAsync(string id)
{
return await _userManager.FindByIdAsync(id);
}
You can view my full source code here
I am building/learning token based authentication with OWIN and I would like to figure out how to insert additional information when creating a new user. The UserManager accepts IdentityUser, but the CreateAsync method only accepts a user name and passowrd. I would like to add at least the email address. I see that there is a SetEmailAsync method, but that requires a second call. I feel like there should be a single call that allows me to insert other columns, but I am not finding any documentation of how to do this, nor closely related questions in StackOverflow.
Here is the save routine:
public class AuthRepository : IDisposable
{
private readonly AuthContext _context;
private readonly UserManager<IdentityUser> _userManager;
public AuthRepository()
{
_context = new AuthContext();
_userManager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(_context));
}
public async Task<IdentityUser> FindUserAsync(string userName, string password)
{
IdentityUser user = await _userManager.FindAsync(userName, password);
return user;
}
public async Task<IdentityResult> RegisterUserAsync(UserModel userModel)
{
var user = new IdentityUser
{
UserName = userModel.UserName
};
//save all of this in one call?
var result = await _userManager.CreateAsync(user, userModel.Password);
var result1 = await _userManager.SetEmailAsync(userModel.UserName, userModel.EmailAddress);
return result;
}
public async Task<IdentityUser> FindIdentityUserAsync(string userName, string password)
{
var user = await _userManager.FindAsync(userName, password);
return user;
}
public void Dispose()
{
_context.Dispose();
_userManager.Dispose();
}
}
you can create your own User class by inheriting IdentityUser class.
public class User : IdentityUser
{
public string Email { get; set; }
}
var user = new User
{
UserName = userModel.UserName,
Email = userModel.EmailAddress
};
var result = await _userManager.CreateAsync(user, userModel.Password);
Make sure you are using User Class instead of IdentityUser.
In my ASP.NET Core application I have made facebook login, which works fine. In my Controller there are two methods to make that facebook login
public IActionResult ExternalLogin(string provider, string returnUrl)
public async Task<IActionResult> ExternalLoginCallback(string returnUrl, string remoteError = null)
ExternalLogin makes the request to facebook and opens the approval page. When I click Continue in that approval page ExternalLoginCallback is called.
Now the problem is that I made api calls to these two actions and I am using them in my Angular2 application.
So when I click facebook login button in angular2 app my ExternalLogin action is called and it returns success response, because facebook approval page is opened, but now I can't get ant response from ExternalLoginCallback, which is called automatically. How could I get the wanted response in my facebookLogin method???
[HttpPost]
[AllowAnonymous]
public IActionResult ExternalLogin(string provider, string returnUrl)
{
// Request a redirect to the external login provider.
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "User", new { ReturnUrl = returnUrl });
var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return Challenge(properties, provider);
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl, string remoteError = null)
{
var info = await _signInManager.GetExternalLoginInfoAsync();
if (!string.IsNullOrEmpty(remoteError))
{
return new StatusCodeResult(401);
}
if (info == null)
{
return new StatusCodeResult(401);
}
// Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, false, true);
if (result.Succeeded)
{
return new StatusCodeResult(200);
}
//Register with facebook
var email = info.Principal.FindFirstValue(ClaimTypes.Email);
if (string.IsNullOrEmpty(email))
{
return new StatusCodeResult(401);
}
var user = new User
{
UserName = email,
Email = email
};
var createResult = await _userManager.CreateAsync(user);
if (createResult.Succeeded)
{
createResult = await _userManager.AddLoginAsync(_userManager.Users.First(m => m.Email == user.Email), info);
if (createResult.Succeeded)
{
await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, false, true);
return new StatusCodeResult(200);
}
}
return new StatusCodeResult(401);
}
This is my typescript method of subscribing the api call:
facebookLogin(provider: string, returnUrl: string) {
this.productService.externalLogin(provider, returnUrl).subscribe(x => {
console.log(x);
},
error => {
});
}
And this is my api call:
public externalLogin(provider: string, returnUrl: string) {
var url = 'http://mywebsite.com/api/User/ExternalLogin?Provider=Facebook&ReturnUrl=%2F';
return this.http.post(url, `Provider=${provider}&ReturnUrl=${returnUrl}`);
}
I have a small Web API application that uses Identity to manage users using Owin Bearer Tokens. The basics of this implementation work fine: I can register a user, login a user and access Web API end points that are marked with [Authorize].
My next step is to limit Web API endpoints using roles. For example, a controller that only users in the Admin role can access. I've created the Admin user as below and I add them to the Admin role. However when I update my existing controllers from [Authorize] to [Authorize(Roles = "Admin")] and try to access it using the Adim account, I get a 401 Unauthorized.
//Seed on Startup
public static void Seed()
{
var user = await userManager.FindAsync("Admin", "123456");
if (user == null)
{
IdentityUser user = new IdentityUser { UserName = "Admin" };
var createResult = await userManager.CreateAsync(user, "123456");
if (!roleManager.RoleExists("Admin"))
var createRoleResult = roleManager.Create(new IdentityRole("Admin"));
user = await userManager.FindAsync("Admin", "123456");
var addRoleResult = await userManager.AddToRoleAsync(user.Id, "Admin");
}
}
//Works
[Authorize]
public class TestController : ApiController
{
// GET api/<controller>
public bool Get()
{
return true;
}
}
//Doesn't work
[Authorize(Roles = "Admin")]
public class TestController : ApiController
{
// GET api/<controller>
public bool Get()
{
return true;
}
}
Q: What is the correct way to set up and use roles?
How do you set the claims for the users when they login I believe you are missing this line of code in method GrantResourceOwnerCredentials
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
identity.AddClaim(new Claim(ClaimTypes.Role, "Supervisor"));
And if you want to create the identity from DB use the below:
public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager, string authenticationType)
{
// Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType
var userIdentity = await manager.CreateIdentityAsync(this, authenticationType);
// Add custom user claims here
return userIdentity;
}
Then in GrantResourceOwnerCredentials do the below:
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);