Memory
准备
安装IdentityServer 编写config类
using IdentityServer4. Models ;
using System. Collections. Generic ;
namespace Memory. Web. Core
{
public static class Config
{
public static IEnumerable< ApiScope> ApiScopes => new [ ]
{
new ApiScope ( )
{
Name= "sample_api" ,
DisplayName= "sample api"
}
} ;
public static IEnumerable< Client> Clients => new [ ]
{
new Client ( )
{
ClientId= "sample_client" ,
ClientSecrets= new [ ]
{
new Secret ( "sample_client_secret" . Sha256 ( ) )
} ,
AllowedGrantTypes= GrantTypes. ClientCredentials,
AllowedScopes= new [ ] { "sample_api" }
}
} ;
}
}
在startup里配置identityserver
public void ConfigureServices ( IServiceCollection services)
{
services. AddConsoleFormatter ( ) ;
services. AddControllers ( ) . AddInjectWithUnifyResult ( ) ;
services. AddRazorPages ( ) ;
services. AddServerSideBlazor ( ) ;
#region id4
var builder = services. AddIdentityServer ( ) ;
builder. AddDeveloperSigningCredential ( ) ;
builder. AddInMemoryApiScopes ( Config. ApiScopes) ;
builder. AddInMemoryClients ( Config. Clients) ;
#endregion
}
public void Configure ( IApplicationBuilder app, IWebHostEnvironment env)
{
if ( env. IsDevelopment ( ) )
{
app. UseDeveloperExceptionPage ( ) ;
}
else
{
app. UseExceptionHandler ( "/Error" ) ;
app. UseHsts ( ) ;
}
app. UseHttpsRedirection ( ) ;
app. UseStaticFiles ( ) ;
app. UseRouting ( ) ;
app. UseInject ( ) ;
#region id4
app. UseIdentityServer ( ) ;
# endregion
app. UseEndpoints ( endpoints =>
{
endpoints. MapControllerRoute (
name : "default" ,
pattern : "{controller=Home}/{action=Index}/{id?}" ) ;
endpoints. MapBlazorHub ( ) ;
endpoints. MapFallbackToPage ( "/_Host" ) ;
} ) ;
}
获取token 编写测试api
using Furion. DynamicApiController ;
using Microsoft. AspNetCore. Authorization ;
using Microsoft. AspNetCore. Mvc ;
namespace Memory. Web. Entry. Apis
{
public class IdentityController : IDynamicApiController
{
[ Authorize ]
public IActionResult Get ( )
{
var c = ( from claim in Furion. App. User. Claims select new { claim. Type, claim. Value } ) . ToList ( ) ;
return new JsonResult ( c) ;
}
}
}
再startup中启用认证服务
public void ConfigureServices ( IServiceCollection services)
{
services. AddConsoleFormatter ( ) ;
services. AddControllers ( ) . AddInjectWithUnifyResult ( ) ;
services. AddRazorPages ( ) ;
services. AddServerSideBlazor ( ) ;
#region id4
var builder = services. AddIdentityServer ( ) ;
builder. AddDeveloperSigningCredential ( ) ;
builder. AddInMemoryApiScopes ( Config. ApiScopes) ;
builder. AddInMemoryClients ( Config. Clients) ;
#endregion
#region 认证
services. AddAuthentication ( "Bearer" )
. AddJwtBearer ( "Bearer" , option =>
{
option. Authority = "https://localhost:5001" ;
option. TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
} ;
} ) ;
#endregion
}
public void Configure ( IApplicationBuilder app, IWebHostEnvironment env)
{
if ( env. IsDevelopment ( ) )
{
app. UseDeveloperExceptionPage ( ) ;
}
else
{
app. UseExceptionHandler ( "/Error" ) ;
app. UseHsts ( ) ;
}
app. UseHttpsRedirection ( ) ;
app. UseStaticFiles ( ) ;
app. UseRouting ( ) ;
app. UseInject ( ) ;
#region id4
app. UseIdentityServer ( ) ;
#endregion
#region authority
app. UseAuthentication ( ) ;
app. UseAuthorization ( ) ;
# endregion
app. UseEndpoints ( endpoints =>
{
endpoints. MapControllerRoute (
name : "default" ,
pattern : "{controller=Home}/{action=Index}/{id?}" ) ;
endpoints. MapBlazorHub ( ) ;
endpoints. MapFallbackToPage ( "/_Host" ) ;
} ) ;
}
将获取的token带入请求头 启用授权
public void ConfigureServices ( IServiceCollection services)
{
services. AddConsoleFormatter ( ) ;
services. AddControllers ( ) . AddInjectWithUnifyResult ( ) ;
services. AddRazorPages ( ) ;
services. AddServerSideBlazor ( ) ;
#region id4
var builder = services. AddIdentityServer ( ) ;
builder. AddDeveloperSigningCredential ( ) ;
builder. AddInMemoryApiScopes ( Config. ApiScopes) ;
builder. AddInMemoryClients ( Config. Clients) ;
#endregion
#region 认证
services. AddAuthentication ( "Bearer" )
. AddJwtBearer ( "Bearer" , option =>
{
option. Authority = "https://localhost:5001" ;
option. TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
} ;
} ) ;
#endregion
#region 授权
services. AddAuthorization ( options =>
{
options. AddPolicy ( "ApiScope" ,
builder =>
{
builder. RequireAuthenticatedUser ( ) ;
builder. RequireClaim ( "scope" , "sample_api" ) ;
} ) ;
} ) ;
#endregion
}
namespace Memory. Web. Entry. Apis
{
[ Authorize ( "ApiScope" ) ]
public class IdentityController : IDynamicApiController
{
public IActionResult Get ( )
{
var c = ( from claim in Furion. App. User. Claims select new { claim. Type, claim. Value } ) . ToList ( ) ;
return new JsonResult ( c) ;
}
}
}
用户密码登录
再config.cs里新建用户
public static List< TestUser> Users => new ( )
{
new TestUser ( )
{
SubjectId= "1" ,
Username= "admin" ,
Password= "123"
}
} ;
增加密码验证client
new Client
{
ClientId= "sample_pass_client" ,
ClientSecrets = new [ ]
{
new Secret ( "sample_pass_client_secret" . Sha256 ( ) ) ,
} ,
AllowedGrantTypes= GrantTypes. ResourceOwnerPassword,
AllowedScopes= new [ ] { "sample_api" }
}
再startup里,将用户添加到系统内
var builder = services. AddIdentityServer ( ) ;
builder. AddDeveloperSigningCredential ( ) ;
builder. AddInMemoryApiScopes ( Config. ApiScopes) ;
builder. AddInMemoryClients ( Config. Clients) ;
builder. AddTestUsers ( Config. Users) ;
postman用密码登录获取token