zoukankan      html  css  js  c++  java
  • 使用IdentityServer4,在一个ASPNetCore项目中,配置oidc和api的AccessToken两种认证授权

    1.配置两种认证方式

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
                services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies";
                    options.DefaultChallengeScheme = "oidc";
                })
    
                .AddCookie("Cookies")
                .AddOpenIdConnect("oidc", options =>
                {
                    options.SignInScheme = "Cookies";
                    options.Authority = GZSetting.ApiAuthIp;
                    options.RequireHttpsMetadata = false;
                    options.ClientId = GZSetting.MvcClientId;
                    options.ClientSecret = GZSetting.ClientSecret;
                    options.ResponseType = "code id_token";
                    options.Scope.Clear();
                    options.Scope.Add("openid");
                    options.Scope.Add(GZSetting.ApiName);
                    //options.Scope.Add("roles");
                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;
    
                    options.ClaimActions.MapUniqueJsonKey("role", "role");
    
                })
                    .AddIdentityServerAuthentication("Bearer", options =>
                     {
                         options.RequireHttpsMetadata = false;
                         options.Authority = GZSetting.ApiAuthIp;
                         options.ApiName = GZSetting.ApiName;
                     });

    2.配置授权策略

     services.AddAuthorization(option =>
                {
                    //默认 只写 [Authorize],表示使用oidc进行认证
                    option.DefaultPolicy = new AuthorizationPolicyBuilder("oidc").RequireAuthenticatedUser().Build();
    //ApiController使用这个  [Authorize(Policy = "ApiPolicy")],使用jwt认证方案
                    option.AddPolicy("ApiPolicy", policy =>
                    {
                        policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme);
                        policy.RequireAuthenticatedUser();
                    });
                });

    3.给Webapi的控制器添加授权标签

        [Authorize(Policy = "ApiPolicy")]
        [Route("api/[controller]/[action]")]
        [ApiController]
        public class TestInfoController : ControllerBase

     4.如果一个控制器要求Jwt认证或OpenId认证(当在普通控制器中写Api接口时,就需要这样写)

    [Authorize(AuthenticationSchemes = "Bearer,Cookies")]
    public class KeyValueStoresController : Controller

     

  • 相关阅读:
    spring3: Bean的命名与Bean的实例化
    极客软件测试52讲总结分享
    如何有效地搭建测试环境?
    用xshell 连接docker Linux服务器
    python+requests+excel+unittest+ddt接口自动化数据驱动并生成html报告
    CI持续集成系统环境--Gitlab+Gerrit+Jenkins完整对接
    jenkins 关联 钉钉机器人
    Jenkins pipeline 语法详解
    jenkins 添加 证书凭证Credentials
    项目中使用的S2SH整合中使用的struts.xml(参考模板)
  • 原文地址:https://www.cnblogs.com/xiaoti/p/10118930.html
Copyright © 2011-2022 走看看