Web Api .net框架4.6.1和identityServer4 [英] Web Api .net framework 4.6.1 and identityServer4
问题描述
Web Api .net框架
Web Api .net framework
我使用IdentityServer4 .net core 1.1完成了身份验证服务. 客户端设置如下:
I have an authentication service done with IdentityServer4 .net core 1.1. The client settings are as follows:
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1" }
},
// resource owner password grant client
new Client
{
ClientId = "ro.client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1" }
},
// OpenID Connect hybrid flow and client credentials client (MVC)
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
},
// JavaScript Client
new Client
{
ClientId = "js",
ClientName = "JavaScript Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost/web/main.html#/redirectLogin#" },
PostLogoutRedirectUris = { "http://localhost/web" },
AllowedCorsOrigins = { "http://localhost" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
RequireConsent = false
}
我有一个使用oidc-client的javascript前端应用程序. 在其中,我可以使用以下设置对身份验证服务器进行身份验证:
I have a front-end application with javascript using oidc-client. In it I can authenticate to the authentication server with the following settings:
var userManagerConfig = {
authority: "http://localhost:5000",
client_id: "js",
redirect_uri: "http://localhost/web/main.html#/redirectLogin#",
response_type: "id_token token",
scope: "openid profile api1",
post_logout_redirect_uri: "http://localhost/web",
};
var userManager = new Oidc.UserManager(userManagerConfig);
我也有一个用.net Framework 4.6.1制作的api网站. 在其中,我希望从前端接收身份验证,并使用身份验证服务器来验证访问权限.
I also have an api web made in .net framework 4.6.1. In it I want to receive authentication from the front end and use the authentication server to validate the access.
在这种情况下应如何进行设置?
How should the settings be made for this case?
推荐答案
您的API应该在Identity Server中注册为API资源.然后-它应该实现OwinStartup并将其包含在其中:
Your API should be registered as an API Resource in Identity Server. Then - it should implement the OwinStartup and have this in it:
public void Configuration(IAppBuilder app)
{
// accept access tokens from identityserver and require a scope of 'api1'
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "<ids address>",
ValidationMode = ValidationMode.Both,
RequiredScopes = new[] { "myapi" }
});
// configure web api
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
并且,因为它是.NET Framework API,所以它需要引用IdentityServer3.AccessTokenValidation.这不会打扰您,也不会引起任何问题.它毫不犹豫地处理IdentityServer4令牌.
And, because it is a .NET Framework API, it needs to reference IdentityServer3.AccessTokenValidation. This should not bother you and cause any concerns. It deals with IdentityServer4 tokens with no hesitation.
其他所有内容都是标准的-您需要在所有需要的控制器/方法上添加AuthorizeAttribute或添加以下内容:
Everything else is standard - you need AuthorizeAttribute on all controllers/methods that you want to require or add this:
// require authentication for all controllers
config.Filters.Add(new AuthorizeAttribute());
在Startup.cs中并在所有控制器上强制授权.
In the Startup.cs and force authorization on all controllers.
这篇关于Web Api .net框架4.6.1和identityServer4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
