asp.net core mvc - Add admin page without full fledged user management -
i building rather simple site asp.net core mvc 2.0 more or less image gallery, me. not using database far. json file metadata , image files itself.
now site supposed hidden admin page (and i) can upload new pictures.
what simple still secure way add admin page without having introduce full fledged user management site? i'd avoid add database , entity framework etc. site - there 1 user.
in other words, secure , simple way add user management there 1 user authenticates: me, admin.
store hashed version of desired username/password in appsettings.json , rehash values provided through login screen , compare them.
here's example of how logging in accomplished. bootstraps off of default hasher present in asp.net identity use hashing function.
you might want create other helpers in case want reset hashed password application versus having go settings file.
appsettings.json
{ ... "logincredentials": { "usernamehash": "aqaaaaeaaccqaaaaenmv+rilvttia5wafxxzex4rmsmxwvzg00q4jzkbi7lx/oe2pfdqw1r521hbsl567g==", "passwordhash": "aqaaaaeaaccqaaaaekwwppiixeqm9qo7hoxcoxxgivhks9qhrz1k0laz3novwid2lv+i+dwc9oheqdgfba==" } }
startup.cs
public void configureservices(iservicecollection services) { //assuming services.addidentity<...>(...) not added service services.configure<logincredentialoptions>(configuration.getsection("logincredentials")); services.addtransient<ipasswordhasher<user>, passwordhasher<user>>(); ... }
logincredentialoptions.cs
public class logincredentialoptions { public string usernamehash { get; set; } public string passwordhash { get; set; } }
accountcontroller.cs
... public async task<iactionresult> login([fromservices] ioptions<logincredentialoptions> logincreds, loginviewmodel model, string returnurl = null) { if (modelstate.isvalid) { var passwordresult = passwordhasher.verifyhashedpassword(null, logincreds.value.passwordhash, model.password); var usernameresult = passwordhasher.verifyhashedpassword(null, logincreds.value.usernamehash, model.username); if (passwordresult == passwordverificationresult.success && usernameresult == passwordverificationresult.success) { //create identity cookie , sign in redirecttoaction(nameof(index), "home"); } } // if got far, failed, redisplay form return view(model); }
Comments
Post a Comment