zoukankan      html  css  js  c++  java
  • .net core Identity集成IdentityServer4 (1)基本操作

    一. 新建asp.net core identity项目

    新建项目->asp.net core web应用程序-> web应用程序(模型视图控制器)&更改身份验证为个人.

    新建一个空数据库, 然后在appsettings中的连接字符串指向该空库.

    "DefaultConnection": "Data Source=.;Initial Catalog=IdentityDBTest;Integrated Security=False;Persist Security Info=False;User ID=sa;Password=sa1234;MultipleActiveResultSets=True;Pooling=True;Min Pool Size=1;Max Pool Size=300;" 

    cmd进入项目根目录, 然后执行 dotnet ef database update -c ApplicationDbContext

    会在指定的空库中创建Identity的相应数据表.

    修改launchSettings的Project执行方式的url为 http://localhost:40010

    在Startup.cs中添加如下代码, 配置asp.net core identity的用户相关信息

    public void ConfigureServices(IServiceCollection services)
            {
                services.AddDbContext<ApplicationDbContext>(options =>
                    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
    
                services.AddIdentity<ApplicationUser, IdentityRole>()
                    .AddEntityFrameworkStores<ApplicationDbContext>()
                    .AddDefaultTokenProviders();
    
                services.Configure<IdentityOptions>(options =>
                {
                    // Password settings
                    options.Password.RequireDigit = false;
                    options.Password.RequiredLength = 6;
                    options.Password.RequireNonAlphanumeric = false;
                    options.Password.RequireUppercase = false;
                    options.Password.RequireLowercase = false;
                    //options.Password.RequiredUniqueChars = 6;
    
                    // Lockout settings
                    //options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
                    //options.Lockout.MaxFailedAccessAttempts = 10;
                    //options.Lockout.AllowedForNewUsers = true;
    
                    // User settings
                    options.User.RequireUniqueEmail = true;
                });
    
                services.ConfigureApplicationCookie(options =>
                {
                    // Cookie settings
                    options.Cookie.Name = "identityCookieJJL";
                    options.Cookie.HttpOnly = true;
                    options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
                    // If the LoginPath isn't set, ASP.NET Core defaults 
                    // the path to /Account/Login.
                    options.LoginPath = "/Account/Login";
                    // If the AccessDeniedPath isn't set, ASP.NET Core defaults 
                    // the path to /Account/AccessDenied.
                    options.AccessDeniedPath = "/Account/AccessDenied";
                    options.SlidingExpiration = true;
                });
    
                // Add application services.
                services.AddTransient<IEmailSender, EmailSender>();

    启动并运行, 注册一个用户, 并且确保登录成功

     

    二. 集成IdentityServer

    添加IdentityServer4.aspnetIdentity的Nuget包, 同时会自动添加IdentityServer4.

    在根目录下新建一个AuthorizationConfig.cs类.

    添加如下代码

    /// <summary>
            ///  哪些API可以使用这个authorization server.
            /// </summary>
            /// <returns></returns>
            public static IEnumerable<ApiResource> ApiResources()
            {
                return new[]
                {
                    new ApiResource("ProductApi", "微服务之产品Api")
                };
            }
    public static IEnumerable<IdentityResource> GetIdentityResources()
            {
                return new List<IdentityResource> {
                    new IdentityResources.OpenId(),
                    new IdentityResources.Profile()  
                };
            }
    public static IEnumerable<Client> Clients()
            {
                return new[]
                {
                    new Client
                    {
                        ClientId = "WebClientImplicit",
                        ClientSecrets = new [] { new Secret("SecretKey".Sha256()) },
                        AllowedGrantTypes = GrantTypes.Implicit,
                        AllowAccessTokensViaBrowser = true, 
                         
                        RedirectUris = { http://localhost:40011/signin-oidc },
    
                        // where to redirect to after logout
                        PostLogoutRedirectUris = { http://localhost:40011/signout-callback-oidc },
                        
                        AllowedScopes = new List<string>
                        {
                            IdentityServerConstants.StandardScopes.OpenId,
                            IdentityServerConstants.StandardScopes.Profile, 
                            "ProductApi",
                            IdentityServerConstants.ClaimValueTypes.Json
                        }
                        ,
                        RequireConsent=false,//不需要确认授权页面,方便直接跳转
                        AlwaysIncludeUserClaimsInIdToken=true
                    }
                };
            }

    在StartUp.cs中的服务注册方法中添加代码

    // configure identity server with in-memory stores, keys, clients and scopes
                //我们在将Asp.Net Identity添加到DI容器中时,一定要把注册IdentityServer放在Asp.Net Identity之后,
                //因为注册IdentityServer会覆盖Asp.Net Identity的一些配置,这个非常重要。
                services.AddIdentityServer()
                    .AddDeveloperSigningCredential()
                    .AddInMemoryPersistedGrants()
                    .AddInMemoryIdentityResources(AuthorizationConfig.GetIdentityResources())
                    .AddInMemoryApiResources(AuthorizationConfig.ApiResources())
                    .AddInMemoryClients(AuthorizationConfig.Clients())
                    .AddAspNetIdentity<ApplicationUser>();
    
    
                services.AddMvc();

    在选暖宝的Configure使用注册项的方法中添加如下代码

    // app.UseAuthentication(); // not needed, since UseIdentityServer adds the authentication middleware
                app.UseIdentityServer();

    接下来使用命令dotnet run启动项目

    三. 新建地址为http://localhost:40011/的asp.net core mvc项目, 命名为MvcClientImplict

    新建项目的方法和上面的.net core identity一样, 只是不需要个人验证. 修改launchSettings的端口是40010, 对应identityserver的配置url

    nuget获取 identitymodel

    public void ConfigureServices(IServiceCollection services)
            {
                services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies";
                    options.DefaultChallengeScheme = "oidc";
                })
               .AddCookie("Cookies")
               .AddOpenIdConnect("oidc", options =>
               {
                   options.SignInScheme = "Cookies";
    
                   options.Authority = "http://localhost:40010";
                   options.RequireHttpsMetadata = false;
                    //options.ResponseType = "id_token code";
                    options.ResponseType = "id_token token";
    
                   options.ClientId = "WebClientImplicit";
                   options.SaveTokens = true;
                   options.ClientSecret = "SecretKey";
                    
                    options.Scope.Add("ProductApi");
                   //options.Scope.Add("offline_access"); 
    
                   options.GetClaimsFromUserInfoEndpoint = true;//
    
                });
    
                services.AddMvc();
            }

    下面也别忘了 app.UseAuthentication()

    运行并验证授权成功成功

    image

    四. 新建一个webApi(端口40012), 配置受到identityserver的保护

    nuget :IdentityServer4.AccessTokenValidation

    public void ConfigureServices(IServiceCollection services)
            {
                services.AddAuthentication("Bearer")
                    .AddIdentityServerAuthentication(option =>
                    {
                        option.Authority = "http://localhost:40010";//这里填写/.well-known/openid-configuration里看到的issuer
                        option.RequireHttpsMetadata = false;
    
                        option.ApiName = "ProductApi";
                        option.ApiSecret = "SecretKey";
                    });
                services.AddMvc();
            }

    app.UseAuthentication();

    在默认的api上添加验证

    [Authorize]
       [Route("api/[controller]")]
       public class ValuesController : Controller
       {

    image

    在webapi里面新建一个 controller

    [Route("api/[controller]")]
        [Authorize]
        public class IdentityController : ControllerBase
        {
            [HttpGet]
            public IActionResult Get()
            {
                return new JsonResult(from c in User.Claims select new { c.Type, c.Value });
            }
        }

    image

     

  • 相关阅读:
    智能推荐算法演变及学习笔记(三):CTR预估模型综述
    从中国农业银行“雅典娜杯”数据挖掘大赛看金融行业数据分析与建模方法
    智能推荐算法演变及学习笔记(二):基于图模型的智能推荐(含知识图谱/图神经网络)
    (设计模式专题3)模板方法模式
    (设计模式专题2)策略模式
    (设计模式专题1)为什么要使用设计模式?
    关于macOS上常用操作命令(持续更新)
    记录下关于RabbitMQ常用知识点(持续更新)
    EMERGENCY! EUREKA MAY BE INCORRECTLY CLAIMING INSTANCES ARE UP WHEN THEY'RE NOT. RENEWALS ARE LESSER THAN THRESHOLD AND HENCE THE INSTANCES ARE NOT BEING EXPIRED JUST TO BE SAFE.
    SpringCloud教程二:Ribbon(Finchley版)
  • 原文地址:https://www.cnblogs.com/jianjialin/p/9291743.html
Copyright © 2011-2022 走看看