← Каталог
Identity — JWT, cookie и MVC — DTO и контроллер аутентификации
Фрагмент из «Identity — JWT, cookie и MVC»: DTO и контроллер аутентификации.
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using SecureNotesApi.Contracts;
using SecureNotesApi.Models;
namespace SecureNotesApi.Controllers;
[ApiController]
[Route("[controller]")]
public class AuthController : ControllerBase
{
private readonly UserManager<ApplicationUser> _users;
private readonly IConfiguration _config;
public AuthController(UserManager<ApplicationUser> users, IConfiguration config)
{
_users = users;
_config = config;
}
[HttpPost("register")]
public async Task<IActionResult> Register(RegisterRequest req)
{
var user = new ApplicationUser { UserName = req.Email, Email = req.Email };
var result = await _users.CreateAsync(user, req.Password);
if (!result.Succeeded)
return BadRequest(result.Errors);
return Ok(new { message = "Пользователь создан" });
}
[HttpPost("login")]
public async Task<ActionResult<AuthResponse>> Login(LoginRequest req)
{
var user = await _users.FindByEmailAsync(req.Email);
if (user is null || !await _users.CheckPasswordAsync(user, req.Password))
return Unauthorized();
var token = await CreateTokenAsync(user);
var jwt = _config.GetSection("Jwt");
var expire = DateTime.UtcNow.AddMinutes(int.Parse(jwt["ExpireMinutes"]!));
return new AuthResponse(token, expire);
}
private async Task<string> CreateTokenAsync(ApplicationUser user)
{
var jwt = _config.GetSection("Jwt");
var roles = await _users.GetRolesAsync(user);
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, user.Id),
new(ClaimTypes.Email, user.Email ?? user.UserName ?? "")
};
claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwt["Key"]!));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: jwt["Issuer"],
audience: jwt["Audience"],
claims: claims,
expires: DateTime.UtcNow.AddMinutes(int.Parse(jwt["ExpireMinutes"]!)),
signingCredentials: creds);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using SecureNotesApi.Contracts;
using SecureNotesApi.Models;
namespace SecureNotesApi.Controllers;
[ApiController]
[Route("[controller]")]
public class AuthController : ControllerBase
{
private readonly UserManager<ApplicationUser> _users;
private readonly IConfiguration _config;
public AuthController(UserManager<ApplicationUser> users, IConfiguration config)
{
_users = users;
_config = config;
}
[HttpPost("register")]
public async Task<IActionResult> Register(RegisterRequest req)
{
var user = new ApplicationUser { UserName = req.Email, Email = req.Email };
var result = await _users.CreateAsync(user, req.Password);
if (!result.Succeeded)
return BadRequest(result.Errors);
return Ok(new { message = "Пользователь создан" });
}
[HttpPost("login")]
public async Task<ActionResult<AuthResponse>> Login(LoginRequest req)
{
var user = await _users.FindByEmailAsync(req.Email);
if (user is null || !await _users.CheckPasswordAsync(user, req.Password))
return Unauthorized();
var token = await CreateTokenAsync(user);
var jwt = _config.GetSection("Jwt");
var expire = DateTime.UtcNow.AddMinutes(int.Parse(jwt["ExpireMinutes"]!));
return new AuthResponse(token, expire);
}
private async Task<string> CreateTokenAsync(ApplicationUser user)
{
var jwt = _config.GetSection("Jwt");
var roles = await _users.GetRolesAsync(user);
var claims = new List<Claim>
{
new(ClaimTypes.NameIdentifier, user.Id),
new(ClaimTypes.Email, user.Email ?? user.UserName ?? "")
};
claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwt["Key"]!));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: jwt["Issuer"],
audience: jwt["Audience"],
claims: claims,
expires: DateTime.UtcNow.AddMinutes(int.Parse(jwt["ExpireMinutes"]!)),
signingCredentials: creds);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}