0

我想使用HttpContext.User实例更新用户的声明,但在更新声明后,它们只停留在当前请求的范围内。我还需要让它为即将到来的请求持续存在,请帮我解决这个问题。

请在下面找到我的代码。在POST我更新声明的方法中,下一次GET点击该方法时,我试图获取更新的值,但我得到了旧值。

[Route("login")]
public class LoginController : Controller
{

    private readonly IList<User> users = new List<User>
    {
        new User { UserName = "admin", Password = "1234", Role="Administrator"},
        new User { UserName = "user", Password ="1234", Role="User"}
    };
    private IConfiguration _config;

    public LoginController(IConfiguration config)
    {
        this._config = config;
    }

    [HttpGet("Enter")]
    public IActionResult Login([FromQuery]string username, [FromQuery]string password)
    {
        User login = new User();
        login.UserName = username;
        login.Password = password;
        IActionResult response = Unauthorized();

        var user = AuthenticateUser(login);
        if(user != null)
        {
            var tokenStr = GenerateJSONWebToken(user);
            response = Ok(new { token = tokenStr });
        }
        return response;
    }

    private string GenerateJSONWebToken(User userinfo)
    {
        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);


        var claims = new[]
        {
            new Claim("username", userinfo.UserName),
            new Claim(ClaimTypes.Role, userinfo.Role),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
        };

        var token = new JwtSecurityToken(
        issuer: _config["Jwt:Issuer"],
        audience: _config["Jwt:Issuer"],
        claims,
        expires: DateTime.Now.AddMinutes(120),
        signingCredentials: credentials
            );

        var encodettoken = new JwtSecurityTokenHandler().WriteToken(token);
        return encodettoken;

    }

    [Authorize(Roles = "Administrator")]
    [Authorize]
    [HttpPost("Post")]
    public string Post()
    {
        var identity = HttpContext.User.Identity as ClaimsIdentity;
        IList<Claim> claim = identity.Claims.ToList();
        var username = claim[0].Value;
        return "Welcome To " + username;

      // i update claim here
          var identityClaims = (ClaimsIdentity)User.Identity;
            var username = identityClaims.FindFirst("username");
            if (username != null)
                identityClaims.RemoveClaim(username);
            identityClaims.AddClaim(new Claim("username", "sample username"));
    }

    [Authorize(Roles = "Administrator, User")]
    [HttpGet("GetValue")]
    public ActionResult<IEnumerable<string>> Get()
    {
        // in the next get request i try to access the claim, but it does not have the updated value
        // instead it has the old value
        // here i have to persist the value
          var identityClaims = (ClaimsIdentity)User.Identity;
            var username = identityClaims.FindFirst("username");
        return new string[] { "Value1", "Value2", "Value3" };
    }

    private User AuthenticateUser(User login)
    {
        User entity = null;
        if (users.Where(x=>x.UserName == login.UserName && x.Password == login.Password).ToList().Count() > 0)
        {
            entity = users.Where(x => x.UserName == login.UserName && x.Password == login.Password).FirstOrDefault();
        }
        return entity;
    }
}
4

0 回答 0