ASP.NET Core Identity & Authorization – Codebeispiele
Benutzerregistrierung
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Register(RegisterDTO registerDTO)
{
if (ModelState.IsValid)
{
var user = new ApplicationUser
{
UserName = registerDTO.Email,
Email = registerDTO.Email,
PersonName = registerDTO.PersonName
};
var result = await _userManager.CreateAsync(user, registerDTO.Password);
if (result.Succeeded)
{
if (!await _roleManager.RoleExistsAsync(registerDTO.Role))
await _roleManager.CreateAsync(new ApplicationRole(registerDTO.Role));
await _userManager.AddToRoleAsync(user, registerDTO.Role);
await _signInManager.SignInAsync(user, isPersistent: false);
return RedirectToAction("Index", "Persons");
}
foreach (var error in result.Errors)
ModelState.AddModelError("", error.Description);
}
return View(registerDTO);
}
Benutzeranmeldung
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login(LoginDTO loginDTO, string returnUrl = null)
{
if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(
loginDTO.Email, loginDTO.Password, false, false);
if (result.Succeeded)
{
var user = await _userManager.FindByEmailAsync(loginDTO.Email);
if (await _userManager.IsInRoleAsync(user, "Admin"))
return RedirectToAction("Index", "Home", new { area = "Admin" });
return RedirectToLocal(returnUrl);
}
ModelState.AddModelError(string.Empty, "Ungültiger Login-Versuch.");
}
return View(loginDTO);
}
Benutzerabmeldung
[Authorize]
public async Task<IActionResult> Logout()
{
await _signInManager.SignOutAsync();
return RedirectToAction("Index", "Persons");
}
E-Mail-Verfügbarkeit prüfen
[AcceptVerbs("Get", "Post")]
[AllowAnonymous]
public async Task<IActionResult> IsEmailAlreadyRegistered(string email)
{
var user = await _userManager.FindByEmailAsync(email);
return Json(user == null);
}
Program.cs – Identity-Konfiguration
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequiredLength = 6;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
builder.Services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/Account/Login";
});
builder.Services.AddAuthorization(options =>
{
options.FallbackPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.AddPolicy("NotAuthorized", policy =>
policy.RequireAssertion(context => !context.User.Identity.IsAuthenticated));
});
Benutzerrolle prüfen
if (await _userManager.IsInRoleAsync(user, "Admin"))
{
// Zugriff für Admin
}
Zwei-Faktor-Authentifizierung aktivieren
var token = await _userManager.GenerateTwoFactorTokenAsync(user, "Email");
await _userManager.VerifyTwoFactorTokenAsync(user, "Email", token);
CSRF-Schutz (XSRF) in View
<form asp-action="Register" method="post">
@Html.AntiForgeryToken()
<!-- Formularfelder -->
</form>
Tag Helpers in Razor Views
<a asp-controller="Account" asp-action="Login">Login</a>
<input asp-for="Email" />
<span asp-validation-for="Email"></span>
Remote Validation in DTO
public class RegisterDTO
{
[Remote(action: "IsEmailAlreadyRegistered", controller: "Account")]
public string Email { get; set; }
}