通过多个API使用IdentityServer4创建用户 [英] User creation with IdentityServer4 from multiple API's
问题描述
所以我一直在为这个问题problem头.
So I have been bashing my head for a while with this problem.
我们有一个Web应用程序正在使用 IdentityServer4 和 AspNetIdentity 进行身份验证和注册用户(这可按预期工作). 此外,我们还有另一个API(在同一解决方案内部),该API能够使用IdentityServer4来验证访问该API的用户的身份.
We have one web app that is using IdentityServer4 and AspNetIdentity to authenticate and register users (this is working as intended). In addition, we have an other API (inside the same solution) that is able to use IdentityServer4 to authenticate users accessing the API.
但是,问题是,除了身份验证之外,我们不能使用API 创建新用户.
However, the problem is, that besides authentication we cannot use the API to create new users.
例如,用户应该不仅可以通过Web应用程序,还可以通过Web API创建其他用户,因为在我们的情况下,用户已链接到其他用户(将其视为多个配置文件).
For instance, users should be able to create other users through the web API and not only from the web app, because in our case, users are linked to other users (think of it as multiple profiles).
我不是很熟悉.Net Core框架附带的所有配置服务,并且我尝试了多种通过API访问Web应用程序用户管理器的方法,以通过经典的POST请求注册我的用户,但是似乎没有工作.在线搜索非常棘手,因为我们的问题非常具体,这就是我在这里发布的原因.
I am not really familiar with all the configuration services that come up with .Net Core framework and I have tried multiple ways of accessing the user manager of the web app through the API to register my users through classic POST requests but nothing seems to be working. Searching online is tricky because our problem is kind of very specific, that's why I am posting here.
API Startup.cs-ConfigureServices:
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
// base-address of your identityserver
options.Authority = Configuration["IdentityServer:Url"];
// name of the API resource
options.ApiName = Configuration["IdentityServer:APIName"];
options.ApiSecret = Configuration["IdentityServer:APISecret"];
options.EnableCaching = true;
options.CacheDuration = TimeSpan.FromMinutes(10); // that's the default
options.RequireHttpsMetadata = Convert.ToBoolean(Configuration["IdentityServer:RequireHttpsMetadata"]);
});
API Startup.cs-配置:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowAllOrigins");
app.UseAuthentication();
app.UseMvc();
}
API UsersController.cs-构造函数:
private readonly UserManager<ApplicationUser> _userManager;
private readonly ApplicationDbContext _context;
public UsersController(IUserService service,
ApplicationDbContext context,
UserManager<ApplicationUser> userManager)
{
_service = service;
_userManager = userManager;
_context = context;
}
现在的问题是,当我启动API并尝试访问UsersController时,出现以下错误:
Now the problem is that when I start the API and try to access the UsersController I get the following error:
System.InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.UserManager`1[XXXXX.Data.Models.ApplicationUser]' while attempting to activate 'XXXXXXX.Api.Controllers.UsersController'.
我衷心希望我至少能找到一些有关如何进行的建议.
I sincerely hope I can find at least some advice on how to proceed with it.
如果不清楚,请回答,我将很乐意添加更多信息或使事情更清楚.
Please if something is unclear reply and I will be more than happy to add more information or make things clear.
亲切的问候,
Marios.
谢谢大家的答复. @Vidmantas在下面提供的代码段可以解决问题.
Thanks all for replying. The code snippet provided below by @Vidmantas did the trick.
由于我对.net核心的了解有限,因此我在配置服务功能中进行了大量的尝试和错误,如您所想,这是行不通的.我坚信使用.net核心很容易(例如API),但是在配置服务时,复杂性(主要是令人困惑/困惑)会激增.
Due to my limited knowledge of .net core I did a lot of trial and error in the configure services function which, as you can imagine, didn't work. I strongly believe that using .net core is kind of easy (e.g. API), but when it comes to configuring services the complexity (puzzling/confusing mostly) explodes.
关于体系结构,您给我提供了一些很好的构想,供以后进行重构.记录下来.
As for the architecture, you gave me good ideas for future refactoring. Notes taken.
Marios.
推荐答案
如果我对您的理解正确,那么您真的不应该通过API创建用户-这就是为什么使用Identity Server 4来提供中央对您的用户群进行身份验证的权限.您实际需要什么:
If I understand you correctly, then you are not really supposed to create users through the API - that is why you have Identity Server 4 in place - to provide central authority for authentication for your user base. What you actually need:
- Identity Server 4端的一组API端点,用于管理AspNetIdentity
- 全新的API,但是与您的AspNetIdentity与Identity Server 4共享同一数据库的API
- 让您的API共享数据库以获取AspNet身份
如果您选择了最后一个选项,则可能需要添加以下内容:
If you go with the last option then you probably need something like below to add the:
services.AddDbContext<IdentityContext>(); //make sure it's same database as IdentityServer4
services.AddIdentityCore<ApplicationUser>(options => { });
new IdentityBuilder(typeof(ApplicationUser), typeof(IdentityRole), services)
.AddRoleManager<RoleManager<IdentityRole>>()
.AddSignInManager<SignInManager<ApplicationUser>>()
.AddEntityFrameworkStores<IdentityContext>();
这将为您提供足够的服务来使用UserManager,并且不会设置任何不必要的身份验证方案.
This will give you enough services to use the UserManager and it won't set up any unnecessary authentication schemes.
由于关注点分离,我不建议采用最后一种方法-您的API应该关注提供资源,而不是创建用户和提供资源.我认为第一种和第二种方法都不错,但是我总是倾向于为AspNetIdentity管理提供干净的单独服务.
I would not recommend the last approach due to the separation of concerns - your API should be concerned about providing resources, not creating users and providing resources. First and second approach are alright in my opinion, but I would always lean for clean separate service for AspNetIdentity management.
我的一个项目中的一个示例架构,我们实现了这种方法:
An example architecture from one of my projects where we implemented such approach:
- auth.somedomain.com-具有AspNetIdentity的IdentityServer4 Web应用程序,用于用户身份验证.
- accounts.somedomain.com-具有AspNetIdentity(与Identity Server 4相同的数据库)的AspNetCore Web应用程序,用于AspNetIdentity用户管理
- webapp1.somedomain.com-所有前端逻辑都驻留在其中的Web应用程序(如果AspNetCore MVC或类似的东西当然也可以有一个后端)
- api1.somedomain.com-一个纯粹用于API的Web应用程序(如果您将单个应用程序用于前端和后端,则可以将最后两个结合起来)
这篇关于通过多个API使用IdentityServer4创建用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
