![\"\"](\"http:\/\/salzlechner.com\/dev\/wp-content\/uploads\/sites\/2\/2019\/05\/netcore1.png\")
<\/p>\nIn this multi part blog post we will be creating a .NET Core based Web API with authentication and a number of other features.<\/p>\n
To start we will create a new project in Visual Studio by selecting the ASP.NET Core Web Application project type<\/p>\n
<\/p>\n
then we select the API option on the next dialog<\/p>\n
![\"\"](\"http:\/\/salzlechner.com\/dev\/wp-content\/uploads\/sites\/2\/2019\/05\/dotnetcore2.png\")
<\/p>\n
In this example we want to first implement authentication with a standard user and role table in our own database.<\/p>\n
That is not an option in the template so we simply select ‘No Authentication’ and add it later on.<\/p>\n
Click the OK button and wait for Visual Studio to create our base project. This will create a simple base web API with a sample values controller.<\/p>\n
First thing we need to do is to configure the database connection. Add your connection string to the appsettings.json file<\/p>\n
\"ConnectionStrings\": { \"DefaultConnection\": \"Server=SERVER\\\\INSTANCE;Database=DOTNETCORESAMPLE;Trusted_Connection=True;MultipleActiveResultSets=true\" },<\/pre>\nWe also need to create a database context and register the context with the application<\/p>\n
\/\/ \npublic class ApplicationDbContext : IdentityDbContext<IdentityUser>\n{\n public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)\n : base(options)\n {\n }\n\n}\n<\/pre>\nthen in Startup.cs add the following to add the ApplicationDbContext<\/p>\n
\/\/\nservices.AddDbContext<ApplicationDbContext>(options =>\n options.UseSqlServer(\n Configuration.GetConnectionString(\"DefaultConnection\")));<\/pre>\nTo create the base ASP.Net authentication tables in our database execute the following line in the console<\/p>\n
Add-Migration InitialCreate<\/pre>\nthis will create the migration steps for the initial creation of the authentication tables<\/p>\n
now execute the following to run the migration<\/p>\n
update-database<\/pre>\nthis will create all the tables in your database needed for authentication<\/p>\n
In order to be able to extend the user table with additional fields we will create a model for our ApplicationUser<\/p>\n
\/\/\npublic class ApplicationUser : IdentityUser\n{\n \/\/ Extended Properties\n \n}\n<\/pre>\nAnd of course we have to change all the references we have to IdenityUser to refer to the ApplicationUser instead.<\/p>\n
Now we need to configure the project for identity and authentication<\/p>\n
add the following code to the ConfigureServices method in StartUp to add the IdentoryService<\/p>\n
services.AddIdentity<ApplicationUser, IdentityRole>()\n .AddEntityFrameworkStores<ApplicationDbContext>()\n .AddDefaultTokenProviders();\n<\/pre>\nthen also in ConfigureServices we add the following to configure the IdentityOptions<\/p>\n
services.Configure<IdentityOptions>(options =>\n{\n \/\/ Password settings.\n options.Password.RequireDigit = true;\n options.Password.RequireLowercase = true;\n options.Password.RequireNonAlphanumeric = true;\n options.Password.RequireUppercase = true;\n options.Password.RequiredLength = 6;\n options.Password.RequiredUniqueChars = 1;\n\n \/\/ Lockout settings.\n options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);\n options.Lockout.MaxFailedAccessAttempts = 5;\n options.Lockout.AllowedForNewUsers = true;\n\n \/\/ User settings.\n options.User.AllowedUserNameCharacters =\n \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+\";\n options.User.RequireUniqueEmail = true;\n\n\n});\n<\/pre>\nand one more to configure the ApplicationCookie options<\/p>\n
services.ConfigureApplicationCookie(options =>\n{\n \/\/ Cookie settings\n options.Cookie.HttpOnly = true;\n options.ExpireTimeSpan = TimeSpan.FromMinutes(5);\n\n options.LoginPath = \"\/Identity\/Account\/Login\";\n options.AccessDeniedPath = \"\/Identity\/Account\/AccessDenied\";\n options.SlidingExpiration = true;\n\n options.Events.OnRedirectToLogin = context =>\n {\n if (context.Request.Path.StartsWithSegments(\"\/api\") &&\n context.Response.StatusCode == (int)HttpStatusCode.OK)\n {\n context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;\n }\n else\n {\n context.Response.Redirect(context.RedirectUri);\n }\n return Task.FromResult(0);\n\n \/\/context.Response.StatusCode = 401;\n \/\/return Task.CompletedTask;\n };\n});\n<\/pre>\nNext step is to make sure we have some default roles and a default user in our database. To do this we can add code to seed the database with our defaults<\/p>\n
Then we add the following line to the Configure method<\/p>\n
app.UseAuthentication();<\/pre>\nLets create a class called SeedDataManager as follows<\/p>\n
\/\/\npublic static class SeedDataManager\n {\n public static void SeedData\n (UserManager<ApplicationUser> userManager,\n RoleManager<IdentityRole> roleManager)\n {\n SeedRoles(roleManager);\n SeedUsers(userManager);\n }\n\n public static void SeedUsers\n (UserManager<ApplicationUser> userManager)\n {\n }\n\n public static void SeedRoles\n (RoleManager<IdentityRole> roleManager)\n {\n }\n }<\/pre>\nWe can call the SeedData method from the configure method in Startup<\/p>\n
public void Configure(IApplicationBuilder app, IHostingEnvironment env, \n UserManager<ApplicationUser> userManager,\n RoleManager<IdentityRole> roleManager)\n{\n ....\n\n SeedDataHelper.SeedData(userManager, roleManager);\n\n \n}<\/pre>\nWe use Dependency Injection to injext the UserManager as well as the RoleManager, then call our SeedData method.<\/p>\n
Now lets take a look at seeding the role table. For our example lets create a role called ‘User’ and another role called ‘Administrator’<\/p>\n
public static void SeedRoles\n (RoleManager<IdentityRole> roleManager)\n{\n if (!roleManager.RoleExistsAsync\n (\"User\").Result)\n {\n IdentityRole role = new IdentityRole();\n role.Name = \"User\";\n \n IdentityResult roleResult = roleManager.\n CreateAsync(role).Result;\n }\n\n\n if (!roleManager.RoleExistsAsync\n (\"Administrator\").Result)\n {\n IdentityRole role = new IdentityRole();\n role.Name = \"Administrator\";\n\n IdentityResult roleResult = roleManager.\n CreateAsync(role).Result;\n }\n}\n<\/pre>\nand then we also create an admin user<\/p>\n
public static void SeedUsers\n (UserManager<ApplicationUser> userManager)\n{\n if (userManager.FindByNameAsync(\"admin@localhost\").Result == null)\n {\n ApplicationUser user = new ApplicationUser();\n user.UserName = \"admin@localhost\";\n user.Email = \"admin@localhost\";\n\n IdentityResult result = userManager.CreateAsync\n (user, \"Admin!1234\").Result;\n\n if (result.Succeeded)\n {\n userManager.AddToRoleAsync(user,\n \"Administrator\").Wait();\n }\n }\n\n}\n<\/pre>\nnext time you run the project the system will create the two roles as well as our default admin user<\/p>\n
to test the authentication we can add another endpoint to the values controller as follows<\/p>\n
\/\/\n[HttpGet]\n[Route(\"GetAuthorized\")]\n[Authorize]\npublic ActionResult<IEnumerable<string>> GetAuthorized()\n{\n return new string[] { \"value1\", \"value2\" };\n}\n\n<\/pre>\ncalling the following endpoint<\/p>\n
https:\/\/localhost:44307\/api\/values<\/pre>\nshould return the following data<\/p>\n
[\"value1\",\"value2\"]<\/pre>\ncalling the new end point decorated with Authorize will return an HTTP status code of 401 because we are not authenticated<\/p>\n
https:\/\/localhost:44307\/api\/values\/GetAuthorized<\/pre>\nIn Part 2 we will add an endpoint to authenticate a user with our web api<\/p>\n\n\t\t
\n\t\t\t\n\t\t\t\t\n\t\t\t
\n\t\t\t