Identity – user login, forgot & reset password, 2fa, external login, logout 实战篇
前言
之前写过一篇 Identity – User Login, Forgot Password, Reset Password, Logout, 当时写的比较简陋, 今天有机会就写多一篇实战版.
建议先阅读之前那篇做一个 warm up.
本篇会讲到
1. user login
2. forgot and reset password
3. two factor
4. logout
5. external login
我这个实战场景是一个 CMS 的登入. 由 Admin 提前创建好 User (员工), 所以本篇不会涉及 user registrator 的环节.
而且 external login 也是提前由 Admin 配置好的.
这篇主要是讲和 Identity 相关的代码. 不会涵盖所有的代码.
主要参考
Identity – Introduction & Scaffold (做一个 Scaffold 看代码)
Identity source code
Authentication source code
Docs – Identity (所有相关的)
Program.cs Setup
identity configuration
builder.Services .AddIdentity<User, Role/* 包含简单的 RBAC*/>(options => { options.Lockout.MaxFailedAccessAttempts = 15; // default 是 5 次, 太少了 options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); // default 是 15 分钟, 太久了 // strong password required options.Password.RequireDigit = true; options.Password.RequireLowercase = true; options.Password.RequireNonAlphanumeric = true; options.Password.RequireUppercase = true; options.Password.RequiredLength = 10; options.Password.RequiredUniqueChars = 1; options.User.AllowedUserNameCharacters = ""; // default 有一些符号是不允许的, 我 by pass all character options.User.RequireUniqueEmail = true; // default 是 false 不 practical 吧 }) .AddDefaultTokenProviders() .AddEntityFrameworkStores<ApplicationDbContext>();
cookie configuration
builder.Services.ConfigureApplicationCookie(options => { options.AccessDeniedPath = "/access-denied"; options.LoginPath = "/login"; options.LogoutPath = "/logout"; options.ReturnUrlParameter = "returnUrl"; options.ExpireTimeSpan = TimeSpan.FromDays(7); options.SlidingExpiration = true; });
改了一些路径, 和 cookie 有效期规则, 没什么重点.
External Login 的 configuration 我下面会补上.
Create User
// create super admin role var superAdminRole = new Role { Name = "Super Admin", Description = "The super admin role has full permission to access any page, API or function. Please be cautious when assigning this role.", Status = RoleStatus.Active, IsSystemRole = true, }; await roleManager.CreateAsync(superAdminRole); // create user var derrick = new User { UserName = "Derrick", Email = "hengkeat87@gmail.com", ProfileName = "Derrick Yam", }; await userManager.CreateAsync(derrick); await userManager.AddPasswordAsync(derrick, "temporary strong password"); await userManager.AddToRoleAsync(derrick, "Super Admin");
每一个新 user 都 set 一个 strong password, 用户第一次登入时可以通过 forgot password, 登入后在自行更换密码.
External Login 和 Two-factor 下面我会补上.
Login