c#asp.net-coreasp.net-web-apiasp.net-identity
unable to create HttpGet controller to find user detail using identity
I have created authentication controller and there i was able to create HttpPost for login and logout but not HttpGet. what i'm trying is Only authenticated user can hit and return basic information about currently logged in user at a minimum Username,Staffid(if any) i have created three role that is admin manager and staff.
namespace Web.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class AuthenticationController : ControllerBase
{
private readonly UserManager<User> userManager;
private readonly SignInManager<User> signInManager;
public object DefaultAuthenticationTypes { get; private set; }
public AuthenticationController(UserManager<User> userManager, SignInManager<User> signInManager)
{
this.userManager = userManager;
this.signInManager = signInManager;
}
[HttpPost("login")]
public async Task<ActionResult<UserDto>> Login(LoginDto dto)
{
var user = await userManager.FindByNameAsync(dto.UserName);
if (user == null)
{
return BadRequest();
}
var password = await signInManager.CheckPasswordSignInAsync(user, dto.Password, true);
if (!password.Succeeded)
{
return BadRequest();
}
await signInManager.SignInAsync(user, false, "Password");
return Ok(new UserDto
{
UserName = user.UserName
});
}
[HttpGet]
[Authorize]
public async Task<string> GetUserProfile()
{
var userName = await userManager.FindByNameAsync(HttpContext.User.Identity.Name);
var userId = userName.Id;
var roleId = User.IsInRole("Staff");
if (!(roleId.ToString() == "Staff"))
{
return userName.ToString();
}
return userId.ToString();
}
[HttpPost("logout")]
public async Task<ActionResult> logout()
{
await signInManager.SignOutAsync();
return Ok();
}
}
}
Solution
If you want to use HttpGet,Here is a demo: Login:
[HttpGet("login")]
public async Task<IActionResult> Login(InputModel Input) {
return Ok();
}
InputModel:
public class InputModel
{
[Required]
[EmailAddress]
public string Email { get; set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
View(use method="get" on form):
<form id="account" method="get" asp-controller="Home" asp-action="Login">
<h4>Use a local account to log in.</h4>
<hr />
<div asp-validation-summary="All" class="text-danger"></div>
<div class="form-group">
<label asp-for="Input.Email"></label>
<input asp-for="Input.Email" class="form-control" />
<span asp-validation-for="Input.Email" class="text-danger"></span>
</div>
<div class="form-group">
<label asp-for="Input.Password"></label>
<input asp-for="Input.Password" class="form-control" />
<span asp-validation-for="Input.Password" class="text-danger"></span>
</div>
<div class="form-group">
<div class="checkbox">
<label asp-for="Input.RememberMe">
<input asp-for="Input.RememberMe" />
@Html.DisplayNameFor(m => m.Input.RememberMe)
</label>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary">Log in</button>
</div>
</form>
result:
However,when you use HttpGet,your user login infomation will exposed in the url,so it is not safe,you'd better use HttpPost.
If you want to get user detail,you can use this:
var info = await _userManager.GetUserAsync(HttpContext.User);
