Asp.Net Web API with .net core is updating the password automatically on JWT token generation.
So firstly, I had an MVC5 application with asp net membership tables, and wanted to create an API for the same with .net core.
And to support both MVC5 Web APP and WEB API. I added four more columns for AspNetUsers table (ConcurrencyStamp, LockoutEnd, NormalizedEmail, NormalizedUserName).
Although I'm able to get JWT token without any issues, it's also updating the password each time I generate the JWT token which is not allowing users to login from MV5 web APP.
Below is the JWT generate token code
[Route("login")] // /login
[HttpPost]
public async Task<ActionResult> Login([FromBody] LoginViewModel
model)
{
try
{
var user = await
_userManager.FindByNameAsync(model.Username);
if (user != null && await
_userManager.CheckPasswordAsync(user, model.Password))
{
var claim = new[] {
new Claim(JwtRegisteredClaimNames.Sub, user.Id)
};
var signinKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_configuration["Jwt:SigningKey"]));
int expiryInMinutes =
Convert.ToInt32(_configuration["Jwt:ExpiryInMinutes"]);
var token = new JwtSecurityToken(
issuer: _configuration["Jwt:Site"],
claims: claim,
audience: _configuration["Jwt:Site"],
expires: DateTime.UtcNow.AddMinutes(expiryInMinutes),
signingCredentials: new SigningCredentials(signinKey,
SecurityAlgorithms.HmacSha256)
);
return Ok(
new
{
token = new
JwtSecurityTokenHandler().WriteToken(token),
expiration = token.ValidTo,
userName = user.UserName
});
}
return Unauthorized();
}
catch (Exception ex)
{
return Unauthorized();
}
}
Please let me know how to stop updating the PasswordHash and SecurityStamp column in AspNetUsers on generating JWT token.
Update: CheckPasswordAsync(used in web API) method is updating the password field and PasswordSignInAsync method is used in web app
Aucun commentaire:
Enregistrer un commentaire