We also create a new model class to pass login information to our authentication method<\/p>\n
public class LoginModel\n{\n [Required]\n [EmailAddress]\n public string Email { get; set; }\n\n [Required]\n [DataType(DataType.Password)]\n public string Password { get; set; }\n\n [Display(Name = \"Remember me?\")]\n public bool RememberMe { get; set; }\n}\n<\/pre>\nlast but not least we will add out authentication method to the Accounts controller as an HTTP POST method.<\/p>\n
We will allow anonymous access to this endpoint of course.<\/p>\n
[HttpPost]\n[AllowAnonymous] \n[Route(\"Authenticate\")]\npublic async Task<IActionResult> Authenticate([FromBody] LoginModel model)\n{\n if (ModelState.IsValid)\n {\n var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);\n if (result.Succeeded)\n {\n _logger.LogInformation(\"User logged in.\");\n return Ok(model);\n }\n if (result.IsLockedOut)\n {\n return BadRequest(\"User locked out\");\n }\n else\n {\n return BadRequest(\"Invalid User or Password\");\n }\n }\n\n return BadRequest(\"Invalid User or Password\");\n}\n<\/pre>\ncalling the Authenticate method using HTTP Post with the following data in the body<\/p>\n
{\n\tEmail: \"admin@localhost\",\n\tPassword: \"Admin!1234\"\n}<\/pre>\nwill return a status 200 and also a application cookie to be used for authentication.<\/p>\n
After that we should be able to call our method on the values controller that we decorated with the Authorize keyword.<\/p>\n
Now we will add another endpoint to the Accounts controller that will allow us to add new users to the system<\/p>\n
This will be another HTTP Post method that will only be allowed for users that are part of the Administrator role.<\/p>\n
In some systems you may want to allow anonymous access if users can register themselves in the system.<\/p>\n
First we create a model for the registration data<\/p>\n
public class RegisterModel\n{\n [Required]\n [EmailAddress]\n [Display(Name = \"Email\")]\n public string Email { get; set; }\n\n [Required]\n [StringLength(100, ErrorMessage = \"The {0} must be at least {2} and at max {1} characters long.\", MinimumLength = 6)]\n [DataType(DataType.Password)]\n [Display(Name = \"Password\")]\n public string Password { get; set; }\n\n [DataType(DataType.Password)]\n [Display(Name = \"Confirm password\")]\n [Compare(\"Password\", ErrorMessage = \"The password and confirmation password do not match.\")]\n public string ConfirmPassword { get; set; }\n}\n<\/pre>\nand then we add the Register method to the AccountsController<\/p>\n
[HttpPost]\n[Authorize(Roles = \"Administrator\")] \n[Route(\"Register\")]\npublic async Task<IActionResult> Register([FromBody] RegisterModel model)\n{\n\n if (ModelState.IsValid)\n {\n var user = new ApplicationUser { UserName = model.Email, Email = model.Email };\n var result = await _userManager.CreateAsync(user, model.Password);\n if (result.Succeeded)\n {\n _logger.LogInformation(\"User created a new account with password.\");\n\n return Ok(result);\n }\n else\n {\n return BadRequest(result);\n }\n }\n\n return BadRequest(\"Failed\");\n}\n<\/pre>\nto allow access only by users belonging to the Administrator role we decorate the method with the Authorize decorator and assign the Roles.<\/p>\n
After validating the model we create a new user and return either success or the error information<\/p>\n
Next lets add an endpoint to allow the user to change his or her password.<\/p>\n
[HttpPost]\n[Route(\"ChangePassword\")]\npublic async Task<IActionResult> ChangePassword([FromBody] ChangePasswordModel model)\n{\n\n if (ModelState.IsValid)\n {\n var user = await _userManager.GetUserAsync(HttpContext.User);\n\n if (user == null)\n {\n return NotFound();\n }\n\n var result = await _userManager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword );\n if (result.Succeeded)\n {\n _logger.LogInformation(\"User changed password.\");\n\n return Ok(result);\n }\n else\n {\n return BadRequest(result);\n }\n }\n\n return BadRequest(\"Failed\");\n}\n<\/pre>\nthis will allow the user to change the password. The old password has to be known to make the change.<\/p>\n
But what if an administrator would need to change the password for a user without having access to the old password.<\/p>\n
In order to handle that requirement we add another endpoint called ChangePasswordForUser only accessible to users of the role Administrator<\/p>\n
[HttpPost]\n[Route(\"ChangePasswordForUser\")]\n[Authorize(Roles = \"Administrator\")]\npublic async Task<IActionResult> ChangePasswordForUser([FromBody] ChangePasswordForUserModel model)\n{\n\n if (ModelState.IsValid)\n {\n var user = await _userManager.FindByNameAsync(model.UserName);\n if (user == null) {\n return NotFound();\n }\n\n \/\/ compute the new hash string\n var newPassword = _userManager.PasswordHasher.HashPassword(user, model.NewPassword);\n user.PasswordHash = newPassword;\n var res = await _userManager.UpdateAsync(user);\n\n if (res.Succeeded) {\n _logger.LogInformation(\"Password for User changed.\");\n\n return Ok(res);\n }\n else {\n return BadRequest(res);\n }\n \n }\n\n return BadRequest(\"Failed\");\n}\n<\/pre>\nThis concludes part 2 of this series. In Part 3 we will be looking into additional features for the account management.<\/p>\n\n\t\t
\n\t\t\t\n\t\t\t\t\n\t\t\t
\n\t\t\t