MVC Client和Api在IdentityServer4中一起工作 [英] MVC Client and Api working together in IdentityServer4

问题描述

我正在使用IdentityServer4创建身份服务器，并且我有一个使用身份服务器安全性的MVC项目，但是我还在同一MVC项目中公开了API，并且没有分开，我已经阅读并遵循了切换到"的指示. Hybrid Flow并添加回来的API Access，但我还没有. 我需要的是让一个MVC客户端和一个Api在同一个项目上一起工作，并且都受到身份项目安全性的保护.这可能吗?.

I am using IdentityServer4 to create the Identity server, and I have a MVC project that uses identity server security but I also expose an API in this same MVC project and not separated, I have read and followed the indications of the Switching to Hybrid Flow and adding API Access back but I have not got it. What I need is to have a MVC client and an Api working together on the same project both protected with the security of the identity project. Is this possible?.

推荐答案

请参见

See https://github.com/auth0-samples/aspnet-core-mvc-plus-webapi for an example of how to configure your ASP.NET MVC application.

从本质上讲，它可以归结为:

Essentially, it boils down to:

1. 添加Cookie身份验证，但对于API调用，返回HTTP 401 而不是挑战.您将需要面对非API调用的挑战.
2. 添加Jwt承载令牌认证(或使用 IdentityServer4.AccessTokenValidation )
3. 使用[Authorize]时指定AuthenticationScheme 控制器/动作上的属性.当您要使用Cookie身份验证时，您可能会想使用AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme，而当您要使用访问令牌时，您可能要指定AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme

1. Add Cookie authentication, but for API calls, return HTTP 401 instead of challenging. You will need to keep the challenge for non-API calls.
2. Add Jwt bearer token authentication (or use IdentityServer4.AccessTokenValidation)
3. Specify the AuthenticationScheme when using the [Authorize] attribute on your controllers/actions. When you want to use the cookie authentication, you will probably want to use AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme, and when you want to use the access token, you would probably want to specify AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme

这篇关于MVC Client和Api在IdentityServer4中一起工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！