使用IdentityServer 4 Jwt保护.NET 4.7.X中的ASP.NET WebAPI [英] Protect ASP.NET WebAPI in .NET 4.7.X with IdentityServer 4 Jwt

问题描述

因此，我已经在.NET Core 3.1项目中设置了IdentityServer 4.我有Web应用程序，也有.NET Core 3.1通过OpenId Connect(oidc)登录用户.完美运行.

但是我还有一个在 .NET Framework 4.7.2 中创建的ASP.NET WebAPI项目，我想让用户使用我的IdentityServer 4创建的Bearer令牌对此进行身份验证.

如果该项目也是.NET Core，那将完美地工作.但事实并非如此.它是.NET 4.7.2，我可以找到的所有示例都将.NET Core与" UseIdentityServerAuthentication "一起使用.在.NET 4.7.2中不可用.或者，我发现使用" IdentityServerBearerTokenAuthenticationOptions "的示例，但这需要NuGet for IdentityServer 3，并且似乎不支持IdentityServer 4创建的Jwt令牌(或者据我所知-可能不正确)./p>

有人可以在这里将我推向正确的方向吗?WebAPI项目必须是.NET Framework 4.7.2，这是一项技术要求.

解决方案

使用 IdentityServerBearerTokenAuthenticationOptions ，您将步入正轨.您需要在API项目上使用 IdentitySever3.AccessTokenValidation .IdentityServer4生成的令牌的问题在于它们的类型是 at + jwt ，但是您需要在API上使用 JWT ，您可以像这样轻松地在IdentityServer上更改类型

  var builder = services.AddIdentityServer(选项=>{options.AccessTokenJwtType ="JWT";}) 

您可能还会遇到其他问题，建议您阅读我的博客，其中包括IdentityServer4和.NET 4.5.2 https://nahidfa.com/posts/identityserver4-and-asp-.net-web-api/

So, I have set up IdentityServer 4 in a .NET Core 3.1 project. And I have Web application, also .NET Core 3.1 signing in users through OpenId Connect (oidc). Works perfectly.

But I also have another ASP.NET WebAPI project created in .NET Framework 4.7.2 and I want to let users authenticate to that with a Bearer token created by my IdentityServer 4.

That would work perfectly if that project was also .NET Core. But it's not. It's .NET 4.7.2 and all examples I can find uses .NET Core with "UseIdentityServerAuthentication" which is not available in .NET 4.7.2. Or I find examples using "IdentityServerBearerTokenAuthenticationOptions", but that requires NuGet for IdentityServer 3 and doesn't seem to support Jwt tokens created by IdentityServer 4 (or so I understood - might be incorrect).

Can someone push me in the right direction here? The WebAPI project needs to be .NET Framework 4.7.2, that is a technical requirement.

解决方案

You are on right track with IdentityServerBearerTokenAuthenticationOptions. you need to use IdentitySever3.AccessTokenValidation on API project. The issue with IdentityServer4 generated tokens is that their type is at+jwt, but you need JWT on your API, you can easily change the type on IdentityServer like this

var builder = services.AddIdentityServer(                
                options =>
                {
                    options.AccessTokenJwtType = "JWT";
                })

You may have other issues along the way, which I suggest you to read my blog explaining this with IdentityServer4 and .NET 4.5.2 https://nahidfa.com/posts/identityserver4-and-asp-.net-web-api/

这篇关于使用IdentityServer 4 Jwt保护.NET 4.7.X中的ASP.NET WebAPI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！