使用ASP.NET 5 MVC 6 Web API进行Cookie身份验证

Question

我完全理解,如果有人发现我的问题非常基本,或者一直没有多大意义.我是新手,我正在尝试使用最新的.NET Framework 5和MVC 6来构建可以从Angular JS客户端使用的Web Api.这将允许我为它创建一个网站,以及通过Phonegap包装它的移动应用程序.所以请跟我一点.

我现在想要实现的是拥有一个Web API控制器,它接收登录请求并根据Cookie身份验证将结果返回给客户端(稍后客户端应存储此cookie并将其用于与服务器通信)

• 我在project.json中添加了以下内容

• 在Startup.cs中,我在ConfigureServices下添加:

  // Add entity framework support
  services.AddEntityFramework()
      .AddSqlServer()
      .AddDbContext<ApplicationDbContext>(options =>
      {
          options.UseSqlServer(Configuration["Data:DefaultConnection:ConnectionString"]);
      });
  
      // add ASP.NET Identity
      services.AddIdentity<ApplicationUser, IdentityRole>(options => {
          options.Password.RequireDigit = false;
          options.Password.RequireLowercase = false;
          options.Password.RequireUppercase = false;
          options.Password.RequireNonLetterOrDigit = false;
          options.Password.RequiredLength = 6;
      })
         .AddEntityFrameworkStores<ApplicationDbContext>()
         .AddDefaultTokenProviders();
  

• 在Startup.cs中的Configure下:

      // Using the identity that technically should be calling the UseCookieAuthentication
      app.UseIdentity();
  

现在,在Controller方法登录,我能够找到用户使用其电子邮件地址和UserManager:

            // Verify that the model is valid according to the validation rules in the model itself. 
            // If it isn't valid, return a 400 Bad Request with some JSON reviewing the errors
            if (!ModelState.IsValid)
            {
                return HttpBadRequest(ModelState);
            }

            // Find the user in our database.  If the user does not exist, then return a 400 Bad Request with a general error.
            var user = await userManager.FindByEmailAsync(model.Email);
            if (user == null)
            {
                ModelState.AddModelError("", INVALID_LOGIN_MESSAGE);
                return HttpBadRequest(ModelState);
            }

            // If the user has not confirmed his/her email address, then return a 400 Bad Request with a request to activate the account.
            if (!user.EmailConfirmed)
            {
                ModelState.AddModelError("Email", "Account not activated");
                return HttpBadRequest(ModelState);
            }

            // Authenticate the user with the Sign-In Manager
            var result = await signInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);
            // If the authentication failed, add the same error that we add when we can't find the user
            // (so you can't tell the difference between a bad username and a bad password) and return a 400 Bad Request
            if (!result.Succeeded)
            {
                ModelState.AddModelError("", INVALID_LOGIN_MESSAGE);
                return new BadRequestObjectResult(ModelState);
            }

            return Ok();

问题出现在这条线上:

            // Authenticate the user with the Sign-In Manager
            var result = await signInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);

它抛出以下错误:

错误:未配置身份验证处理程序来处理该方案:Microsoft.AspNet.Identity.Application

我目前被封锁,我搜索谷歌搜索几乎所有可能的令牌,我能想到并尝试多种解决方案仍然没有白费.任何帮助都非常感谢.

问候,

Answer 1

好吧,在写完整个问题之后我终于想通了,我想分享答案,以避免因为我犯了同样的错误而给别人带来麻烦!

问题是在Startup.cs中的Configure中,我在调用"app.UseMVC()"后调用了"app.UseIdentity()".订单应该已经反转.如果这是常识,我不知道或者我应该在某个地方阅读它.