如何保护IdentityServer4调用的Web API [英] How to protect Web API called by IdentityServer4

问题描述

在IdentityServer4中的登录操作期间，我多次调用Web API.在密码重置操作中也是如此，这是我添加到IdentityServer4项目中的自定义代码.

I make multiple calls to a Web API during login operations in IdentityServer4. Same applies during password reset operations which is custom code I have added to the IdentityServer4 project.

因此，当用户尚未通过OIDC进行身份验证时，我应该如何保护ASP.NET Core Web API，这意味着在此阶段还不存在任何访问令牌.我只允许IdentityServer4调用这些Web API方法，而不是运行不受保护的Web API.

So how should I protect my ASP.NET Core Web API when the user isn't yet authenticated via OIDC which implies that there also isn't exist any access token at that stage. I would like to only allow IdentityServer4 to call these Web API methods instead of running unprotected Web API's.

有什么建议吗?

推荐答案

您可以使用此

https://identityserver4.readthedocs.io/en/release/topics/tools.html

生成自己的令牌以调用API.

to generate your own tokens to call the APIs.

这篇关于如何保护IdentityServer4调用的Web API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！