//ConfigureServices(IServiceCollection services) 设置
var DbContextConnStr = Configuration.GetConnectionString("DefaultConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext<ApplicationDbContext>(options => {
options.UseSqlServer(DbContextConnStr, b => { b.MigrationsAssembly(migrationsAssembly); });
});//设置SQLServer-dbCOntext
//设置AspNet.Identity
services.AddIdentity<ApplicationUser, IdentityRole>(IdentityOpts =>
{
// Password settings.
IdentityOpts.Password.RequireDigit = true;
IdentityOpts.Password.RequireLowercase = true;
IdentityOpts.Password.RequireNonAlphanumeric = true;
IdentityOpts.Password.RequireUppercase = true;
IdentityOpts.Password.RequiredLength = 6;
IdentityOpts.Password.RequiredUniqueChars = 1;
// Lockout settings.
IdentityOpts.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
IdentityOpts.Lockout.MaxFailedAccessAttempts = 5;
IdentityOpts.Lockout.AllowedForNewUsers = true;
// User settings.
IdentityOpts.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
IdentityOpts.User.RequireUniqueEmail = false;
})
.AddClaimsPrincipalFactory<CustomUserClaimsFactory<IdentityRole>>()//添加凭证支持IdentityRole到Claim
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
//认证服务器
//http://localhost:5000/.well-known/openid-configuration
services.AddIdentityServer(options =>
{
options.UserInteraction = new IdentityServer4.Configuration.UserInteractionOptions
{
LoginUrl = "/Account/Login",//【必备】登录地址
LogoutUrl = "/Account/Logout",//【必备】退出地址
//ConsentUrl = "/Consent",//【必备】允许授权同意页面地址
//ErrorUrl = "/Account/Error", //【必备】错误页面地址
LoginReturnUrlParameter = "ReturnUrl",//【必备】设置传递给登录页面的返回URL参数的名称。默认为returnUrl
LogoutIdParameter = "logoutId", //【必备】设置传递给注销页面的注销消息ID参数的名称。缺省为logoutId
ConsentReturnUrlParameter = "ReturnUrl", //【必备】设置传递给同意页面的返回URL参数的名称。默认为returnUrl
ErrorIdParameter = "errorId", //【必备】设置传递给错误页面的错误消息ID参数的名称。缺省为errorId
CustomRedirectReturnUrlParameter = "ReturnUrl", //【必备】设置从授权端点传递给自定义重定向的返回URL参数的名称。默认为returnUrl
CookieMessageThreshold = 5, //【必备】由于浏览器对Cookie的大小有限制,设置Cookies数量的限制,有效的保证了浏览器打开多个选项卡,一旦超出了Cookies限制就会清除以前的Cookies值
};
})
.AddDeveloperSigningCredential(filename: "tempkey.rsa")//开发环境证书
// 添加配置数据到 from DB (clients, resources, CORS)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlServer(DbContextConnStr, opts =>
{
//MigrationsAssembly程序集必须设置一致
//dotnet ef migrations add InitConfigration -c ConfigurationDbContext -o Data/Migrations/IdentityServer/Configuration
opts.MigrationsAssembly(migrationsAssembly);//"MyIdentityServer"
});
options.DefaultSchema = "";
})
// 添加配置数据到 from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlServer(DbContextConnStr, opts =>
{
//MigrationsAssembly程序集必须设置一致
//dotnet ef migrations add InitPersistedGrant -c PersistedGrantDbContext -o Data/Migrations/IdentityServer/PersistedGrant
opts.MigrationsAssembly(migrationsAssembly);//"MyIdentityServer"
});
options.DefaultSchema = "";
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30; // interval in seconds, short for testing
})
.AddAspNetIdentity<ApplicationUser>();//添加AspNet.Identity支持
自定义 客户端资源密钥验证
//services.AddTransient<IClientSecretValidator, ClientSecretValidatorExt>();
自定义 Api资源密钥验证
//services.AddTransient<IApiSecretValidator, MyApiSecretValidatorExt>();
services.AddTransient<IProfileService, MyProfileServices>();//自定义 用户权限页信息
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordExt>();//自定义资源所有者密码模式认证
Configure(IApplicationBuilder app, IWebHostEnvironment env)设置
//认证方式
//app.UseAuthentication();// UseAuthentication not needed -- UseIdentityServer add this
app.UseIdentityServer();