Identity Server和用于用户管理的Web API [英] Identity Server and web api for user management

查看：109 发布时间：2020/5/23 18:54:11 c# asp.net-web-api oauth-2.0 owin identityserver3

本文介绍了Identity Server和用于用户管理的Web API的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在为我的项目使用Identity Server3，我目前有一个受ID服务器保护的网站和api，但工作正常，但是因为我将用户存储在ID服务器数据库中，所以我无法真正更改网站上的任何用户数据，例如更改个人资料图片或任何索赔值.

I'm using Identity Server3 for my project, I currently have a website and api being protected by the Id server, this is working fine however because I'm storing the users in the Id Server database I can't really change any user's data from the website like changing the profile picture or any claim value.

为了解决这个问题，我正在考虑在IdServer上创建一个API，该API将管理用户，更改密码，检索用户或基本上更改与用户相关的任何内容，我想在使用Owin映射的IdServer所在的示例项目.

In order to solve this I'm thinking in creating an API on top of IdServer, this API will manage the users, changing a password, retrieving users or changing anything related to a user basically, I want to create this API on the sample project where I have my IdServer using Owin mapping.

现在，我的idServer在/identity路由中像这样

Right now I have my idServer in the /identity route like this

public class Startup
{
    public void Configuration(IAppBuilder app)
    {

        Log.Logger = new LoggerConfiguration().MinimumLevel.Debug().WriteTo.Trace().CreateLogger();            

        app.Map("/identity", idserverApp =>
         {
             var efConfig = new EntityFrameworkServiceOptions
             {
                 ConnectionString = "IdSvr3Config"
             };

             var options = new IdentityServerOptions
             {
                 SiteName = "Identity server",
                 IssuerUri = ConfigurationManager.AppSettings["idserver:stsIssuerUri"],
                 PublicOrigin = ConfigurationManager.AppSettings["idserver:stsOrigen"],
                 SigningCertificate = Certificate.Get(),
                 Factory = Factory.Configure(efConfig),
                 AuthenticationOptions = AuthOptions.Configure(app),
                 CspOptions = new CspOptions { Enabled = false },
                 EnableWelcomePage=false
             };


             new TokenCleanup(efConfig, 3600 * 6).Start();
             idserverApp.UseIdentityServer(options);
         });

        app.UseIdServerApi();

    }        
}

我的api中间件"就是这样

My api "middleware" is as this

**public static class IdServerApiExtensions
    {
        public static void UseIdServerApi(this IAppBuilder app, IdServerApiOptions options = null)
        {
            if (options == null)
                options = new IdServerApiOptions();            

            if (options.RequireAuthentication)
            {
                var dic = app.Properties;
                JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
                app.UseIdentityServerBearerTokenAuthentication(
                    new IdentityServerBearerTokenAuthenticationOptions
                    {
                        Authority = "https://localhost:44302/identity", //here is the problem, it says not found even though I already mapped idServer to /identity
                        RequiredScopes = new[]
                        {
                        "idserver-api"
                        },
                        ValidationMode=ValidationMode.ValidationEndpoint
                    });
            }
            var config = new HttpConfiguration();
            WebApiConfig.Register(config,options.RequireAuthentication);
            app.UseNinjectMiddleware(() => NinjectConfig.CreateKernel.Value);
            app.UseNinjectWebApi(config);
            app.Use<IdServerApiMiddleware>(options);
        }
    }**

我知道有可能我只是不知道将api放在同一个项目中是否是一个好主意，而且我也不知道该怎么做.

I know is possible I just don't know if it is a good idea to have the api on the same project or not and also I don't know how to do it.

创建此API来管理用户是否是一个好主意?如果不能，我该怎么用?
如何创建适当的设置以启动/api下的API，同时使用IdServer保护此api?

更新

添加 ValidationMode = ValidationMode.ValidationEndpoint 可以解决我的问题，这要归功于Scott Brady

Adding ValidationMode=ValidationMode.ValidationEndpoint, fixed my problem, thanks to Scott Brady

谢谢

推荐答案

Identity Server团队的一般建议是将任何管理页面或API作为一个单独的项目运行(

The general advice from the Identity Server team is to run any admin pages or API as a separate project (Most recent example). Best practice would be only to give your Identity Server and identity management applications access to your identity database/store.

是的，要管理用户，可以编写自己的API.其他选择是将其包含在单个MVC网站中或使用 Identity Manager 之类的东西.

To manage your users, yes, you could write your own API. Other options would be to contain it to a single MVC website or to use something like Identity Manager.

但是，仍然可以使用OWIN映射使用相同的应用程序方法.为了确保这一点，您可以使用 IdentityServer3.AccessTokenValidation 包，并使用以下代码:

You can still use the same application approach however, using the OWIN map. To secure this you could use the IdentityServer3.AccessTokenValidation package, using code such as:

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = ConfigurationManager.AppSettings["idserver:stsOrigen"],
    RequiredScopes = new[] { "adminApi" },
    ValidationMode = ValidationMode.ValidationEndpoint
});

这篇关于Identity Server和用于用户管理的Web API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Identity Server和用于用户管理的Web API [英] Identity Server and web api for user management

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

Identity Server和用于用户管理的Web API [英] Identity Server and web api for user management

问题描述

推荐答案

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录关闭