.net5 identityservice4 客户端模式
.net5 identityservice4 客户端模式
.net5 identityservice4 相关包以及术语
Quickstart UI
包含一个简单的入门UI,包括登录,注销和授权询问页面。
Access token validation middleware
用于验证API中令牌的ASP.NET Core身份验证处理程序。处理程序允许在同一API中支持JWT和reference Token。
Identity
IdentityServer的ASP.NET Core Identity集成包。此包提供了一个简单的配置API,可以让IdentityServer用户使用ASP.NET Identity。
EntityFramework Core
IdentityServer的EntityFramework Core存储实现。这个包提供了IdentityServer的配置和操作存储的EntityFramework Core实现。
第一步安装identityservice4模板
dotnet new -i IdentityServer4.Templates
打开模板项目https://localhost:5001/.well-known/openid-configuration
出现
{"issuer": "https://localhost:5001",//验证的网站站点"jwks_uri": "https://localhost:5001/.well-known/openid-configuration/jwks",//获取验证jwt数字签名的公钥"authorization_endpoint": "https://localhost:5001/connect/authorize","token_endpoint": "https://localhost:5001/connect/token",//获取token"userinfo_endpoint": "https://localhost:5001/connect/userinfo",//获取用户信息"end_session_endpoint": "https://localhost:5001/connect/endsession",//注销"check_session_iframe": "https://localhost:5001/connect/checksession","revocation_endpoint": "https://localhost:5001/connect/revocation","introspection_endpoint": "https://localhost:5001/connect/introspect","device_authorization_endpoint": "https://localhost:5001/connect/deviceauthorization","frontchannel_logout_supported": true,"frontchannel_logout_session_supported": true,"backchannel_logout_supported": true,"backchannel_logout_session_supported": true,"scopes_supported": ["openid", "offline_access"],"claims_supported": ["sub"],"grant_types_supported": ["authorization_code", "client_credentials", "refresh_token", "implicit", "urn:ietf:params:oauth:grant-type:device_code"],"response_types_supported": ["code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token"],"response_modes_supported": ["form_post", "query", "fragment"],"token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"],"id_token_signing_alg_values_supported": ["RS256"],"subject_types_supported": ["public"],"code_challenge_methods_supported": ["plain", "S256"],"request_parameter_supported": true
}
public class IdentityServer{public static IEnumerable<Client> GetClients(){return new List<Client>{new Client{ClientId = "client1",// AllowedGrantTypes = GrantTypes.ClientCredentials,//客户端模式//AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,//密码模式AllowedGrantTypes = GrantTypes.Code,// 授权码 模式// AllowedGrantTypes = GrantTypes.Implicit,// 隐藏 模式RedirectUris = { "http://localhost:5008/api/Identity/Get"}, // 认证成功后允许的回调地址 // RequireConsent = false, //隐藏模式下面的是否需要确认授权.RequirePkce= false,//授权码模式下面的// 用于认证的密码ClientSecrets ={new Secret("secret".Sha256())},AllowAccessTokensViaBrowser=true, //允许token通过浏览器 (必须 true)// 客户端有权访问的范围(Scopes)AllowedScopes = {"api1",IdentityServerConstants.StandardScopes.OpenId,IdentityServerConstants.StandardScopes.Profile}}};}public static IEnumerable<ApiScope> GetApiScopes(){return new List<ApiScope>{new ApiScope("api1", "我的 API"),};}/// services.AddIdentityServer().AddDeveloperSigningCredential().AddInMemoryClients(IdentityServer.GetClients()).AddInMemoryApiScopes(IdentityServer.GetApiScopes())//.AddTestUsers(IdentityServer.GetTestUsers())密码模式.AddTestUsers(IdentityServerHost.Quickstart.UI.TestUsers.Users);
app.UseIdentityServer(); // 要放在 UseRouting 的后面
在客户端api项目中
// 认证和授权中间件要放到路由中间后面app.UseAuthentication();app.UseAuthorization();
services.AddAuthentication("Bearer").AddJwtBearer("Bearer", o => {o.Authority = "http://localhost:5007";o.RequireHttpsMetadata = false;o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters(){ValidateAudience = false};});
[Route("api/[controller]/[action]")][Authorize]public class IdentityController : ControllerBase{[HttpGet]public string Get(){return "ids4";}}
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!