如何扩展IdentityServer4工作流程以运行自定义代码 [英] How to extend IdentityServer4 workflow to run custom code

问题描述

我有一个基于的基本Identityserver4实现.快速入门示例.

在我的创业公司中，我有以下东西:

In my startup I have the following:

    public void ConfigureServices(IServiceCollection services)
    {
        // configure identity server with in-memory stores, keys, clients and scopes
        services.AddIdentityServer()
            .AddTemporarySigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());
    }

    public void Configure(IApplicationBuilder app)
    {
        ...
        app.UseIdentityServer();
    }

我想扩展IdentityServer4工作流程，以便在生成访问令牌之后，我可以运行业务逻辑(基于访问令牌中的声明)，并修改发送给主叫客户端的响应.我尝试创建.NET核心中间件，但是IdentityServer中间件似乎使其余的管道短路(将在UseIdentityServer被执行之后再没有中间件).

I want to extend the IdentityServer4 workflow so that after the access token is generated I can run business logic (based on the claims in the access token) and modify the response send to the calling client. I tried creating a .NET core middleware but it seems the IdentityServer middleware short-circuits the rest of the pipeline (no middleware place after the UseIdentityServer will be executed).

它们是否可以用来始终修改IdentityServer4发出的响应的Identityserver4中的任何扩展方法?我正在使用凭据授予.本质上，一旦IdentityServer4完成其工作流程，我想运行一些业务逻辑来修改发送给客户端的响应

Are they any extension method in Identityserver4 that I can use to always modify the response issued by IdentityServer4? I am using the credentials grant. Essentially I want to run some business logic to modify the response send to the client once IdentityServer4 is done with its workflow

推荐答案

不幸的是，没有办法做到这一点. 当您请求任何IdentityServer端点时，IdentityServer中间件会使其余的管道短路. 您可以检查源代码: IdentityServerMiddleware类.

Unfortunately, there is no way to do that. When you request any IdentityServer endpoint, IdentityServer middleware short-circuits the rest of the pipeline. You can check source code: IdentityServerMiddleware class.

我相信这样做是有原因的.但是，如果您确实需要修改响应，则至少有三个选项:

I believe it was done for a reason. But if you really need to modify the response, you have at least three options:

1. 创建一个叉子，并从中删除 return 运算符 IdentityServerMiddleware Invoke 方法(请小心地将剩余的管道短路，将 return 添加到您的上一个中间件中).
2. 创建自己的 IdentityServerMiddleware ， IdentityServerApplicationBuilderExtensions 实现并使用 它们而不是默认值.

3. 将中间件放在UseIdentityServer之前.您的中间件应如下所示:

1. Create a fork and remove return operator from IdentityServerMiddleware Invoke method (be careful to short-circuit the rest of the pipeline adding return into your last middleware).
2. Create your own IdentityServerMiddleware, IdentityServerApplicationBuilderExtensions implementations and use them instead of default.

3. Place your middleware before the UseIdentityServer. Your middleware should look like this:

public ResponseBodyEditorMiddleware(RequestDelegate next)
{
    _next = next;
}

public async Task Invoke(HttpContext context)
{
    // get the original body
    var body = context.Response.Body;

    // replace the original body with a memory stream
    var buffer = new MemoryStream();
    context.Response.Body = buffer;

    // invoke the next middleware from the pipeline
    await _next.Invoke(context);

    // get the body as a string
    var bodyString = Encoding.UTF8.GetString(buffer.GetBuffer());

    // make some changes
    bodyString = $"The body has been replaced!{Environment.NewLine}Original body:{Environment.NewLine}{bodyString}";

    // update the memory stream
    var bytes = Encoding.UTF8.GetBytes(bodyString);
    buffer.SetLength(0);
    buffer.Write(bytes, 0, bytes.Length);

    // replace the memory stream with updated body
    buffer.Position = 0;
    await buffer.CopyToAsync(body);
    context.Response.Body = body;
}

这篇关于如何扩展IdentityServer4工作流程以运行自定义代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！