IdentityServer4

酩酊仙人

已于 2023-12-05 13:03:09 修改

阅读量87

点赞数

文章标签： asp.net c#

于 2023-11-04 23:16:57 首次发布

本文链接：https://blog.csdn.net/m0_46704355/article/details/131684622

版权

文章目录

Memory
- 准备
- 用户密码登录

Memory

准备

安装IdentityServer
编写config类

using IdentityServer4.Models;
using System.Collections.Generic;

namespace Memory.Web.Core
{
    public static class Config
    {
        public static IEnumerable<ApiScope> ApiScopes => new[]
        {
            new ApiScope()
            {
                Name="sample_api",
                DisplayName="sample api"
            }
        };
        public static IEnumerable<Client> Clients => new[]
        {
            new Client()
            {
                ClientId="sample_client",
                ClientSecrets=new[]
                {
                    new Secret("sample_client_secret".Sha256())
                   
                },
                AllowedGrantTypes=GrantTypes.ClientCredentials,
                AllowedScopes=new []{ "sample_api" }
            }
        };
    }
}

在startup里配置identityserver

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddConsoleFormatter();
        services.AddControllers().AddInjectWithUnifyResult();
        services.AddRazorPages();
        services.AddServerSideBlazor();
        #region id4
        var builder = services.AddIdentityServer();
        builder.AddDeveloperSigningCredential();
        builder.AddInMemoryApiScopes(Config.ApiScopes);
        builder.AddInMemoryClients(Config.Clients);
        #endregion
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseInject();

        #region id4
        app.UseIdentityServer();
        #endregion
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");

            endpoints.MapBlazorHub();
            endpoints.MapFallbackToPage("/_Host");
        });
    }

获取token
编写测试api

using Furion.DynamicApiController;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace Memory.Web.Entry.Apis
{

    public class IdentityController : IDynamicApiController
    {
        [Authorize]
        public IActionResult Get()
        {            
            var c = (from claim in Furion.App.User.Claims select new { claim.Type, claim.Value }).ToList();
            return new JsonResult(c);
        }
    }
}

再startup中启用认证服务

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddConsoleFormatter();
        services.AddControllers().AddInjectWithUnifyResult();
        services.AddRazorPages();
        services.AddServerSideBlazor();
        #region id4
        var builder = services.AddIdentityServer();
        builder.AddDeveloperSigningCredential();
        builder.AddInMemoryApiScopes(Config.ApiScopes);
        builder.AddInMemoryClients(Config.Clients);
        #endregion
        #region 认证
        services.AddAuthentication("Bearer")
            .AddJwtBearer("Bearer", option =>
            {
                option.Authority = "https://localhost:5001";
                option.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false

                };
            });
        #endregion
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseInject();

        #region id4
        app.UseIdentityServer();
        #endregion
        #region authority
        app.UseAuthentication();
        app.UseAuthorization();
        #endregion
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");

            endpoints.MapBlazorHub();
            endpoints.MapFallbackToPage("/_Host");
        });
    }

将获取的token带入请求头
启用授权

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddConsoleFormatter();
        services.AddControllers().AddInjectWithUnifyResult();
        services.AddRazorPages();
        services.AddServerSideBlazor();
        #region id4
        var builder = services.AddIdentityServer();
        builder.AddDeveloperSigningCredential();
        builder.AddInMemoryApiScopes(Config.ApiScopes);
        builder.AddInMemoryClients(Config.Clients);
        #endregion
        #region 认证
        services.AddAuthentication("Bearer")
            .AddJwtBearer("Bearer", option =>
            {
                option.Authority = "https://localhost:5001";
                option.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false

                };
            });
        #endregion
        #region 授权
        services.AddAuthorization(options =>
        {
            options.AddPolicy("ApiScope",//策略名
                builder =>
            {
                builder.RequireAuthenticatedUser();//通过认证的用户
                builder.RequireClaim("scope", "sample_api");//对claim的要求
            });
        });
        #endregion
    }

namespace Memory.Web.Entry.Apis
{
    [Authorize("ApiScope")]//策略名
    public class IdentityController : IDynamicApiController
    {
        public IActionResult Get()
        {            
            var c = (from claim in Furion.App.User.Claims select new { claim.Type, claim.Value }).ToList();
            return new JsonResult(c);
        }
    }
}

用户密码登录

再config.cs里新建用户

        public static List<TestUser> Users => new()
        {
            new TestUser()
            {
                SubjectId="1",
                Username="admin",
                Password="123"
            }
        };

增加密码验证client

            new Client
            {
                ClientId="sample_pass_client",
                ClientSecrets = new[]
                {
                    new Secret("sample_pass_client_secret".Sha256()),
                },
                AllowedGrantTypes=GrantTypes.ResourceOwnerPassword,
                AllowedScopes=new []{"sample_api"}
            }

再startup里，将用户添加到系统内

        var builder = services.AddIdentityServer();
        builder.AddDeveloperSigningCredential();
        builder.AddInMemoryApiScopes(Config.ApiScopes);
        builder.AddInMemoryClients(Config.Clients);
        builder.AddTestUsers(Config.Users);