我使用的Identity Server 4和实施了以下两个接口:验证反对凭据自定义用户DB - IResourceOwnerPasswordValidator
IResourceOwnerPasswordValidator:针对我自定义的验证用户凭据DB
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
private IUserRepository _userRepository;
public ResourceOwnerPasswordValidator(IUserRepository userRepository)
{
this._userRepository = userRepository;
}
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var isAuthenticated = _userRepository.ValidatePassword(context.UserName, context.Password);
//code is omitted for simplicity
}
}
的目的IProfileService:用于获取必要的声明
public class ProfileService : IdentityServer4.Services.IProfileService
{
public IUserRepository _userRepository;
public ProfileService(IUserRepository userRepository)
{
_userRepository = userRepository;
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
//code is ommitted
}
然后在Startup类的服务中添加必要的接口和依赖项。通过调用
public class LoginService
{
private readonly IUserRepository _userRepository;
public LoginService(IUserRepository userRepository)
{
_userRepository = userRepository;
}
public bool ValidateCredentials(string username, string password)
{
return _userRepository.ValidatePassword(username, password);
}
的的AccountController“登录”行动验证的凭据:我也通过注射它具有以下实现的登录服务修改账户控制器
if (_loginService.ValidateCredentials(model.Username, model.Password))
{
var user = _loginService.FindByUsername(model.Username);
await HttpContext.Authentication.SignInAsync(user.Subject, user.Username);
//other code is omitted
在调试该项目AccountContoller的登录动作被调用,然后是我的登录服务。验证用户凭证后,会显示许可页面,该页面将触发ProfileService GetProfileDataAsync方法。
但是,ResourceOwnerPasswordValidator从未被调用过。我以正确的方式实现LoginService,还是应该替换由IResourceOwnerPasswordValidation注入的IUserRepository,然后在Login Service ValidateCredentails中调用“ValidateAsync”方法?
如果是这样的话,那么将它传递给LoginService有什么好处,因为我已经以这种方式验证了用户?