使用ASP.NET Core和服务栈进行身份验证和授权 [英] Authentication and Authorization with ASP.NET Core and Service Stack
问题描述
我有一个ASP.Net Core MVC Web App,用户需要登录才能从IdentityServer4获取id_token,然后将该id_token传递到ServiceStack中实现的webapi以获得授权代码.随后对webapi的调用将使用授权码.
I have a ASP.Net Core MVC Web App that users needs to logon to get the id_token from the IdentityServer4 and then that id_token will be passed to webapi implemented in ServiceStack to obtain the authorization code. The subsequent call to the webapi will use the authorization code.
到目前为止,我已经阅读了该Web应用程序,它应该使用openid cookie令牌(UseOpenIdConnectAuthentication).对于webapi,它应使用不记名令牌.我的问题是如何将客户端浏览器中的仅HTTP cookie令牌作为承载令牌传递给http标头.由于cookie仅是http,因此Javascript无法访问它.此外,ASP.NET Core cookie中间件对cookie进行加密,ServiceStack webapi可以将加密的cookie解密吗(如果将cookie传递给了webapi)?
So far what I have read is for the Web App, it should use openid cookie token (UseOpenIdConnectAuthentication). For the webapi, it should use the bearer token. My question is how I can pass that http only cookie token from the client side browser as a bearer token in the http header. As the cookie is http only, it can't be accessed by the Javascript. Moreover, the ASP.NET Core cookie middleware encrypts the cookie, can that encrypted cookie be decrypted by the ServiceStack webapi (if the cookie is passed to the webapi)?
我朝着正确的方向前进吗?欢迎任何建议.
Am I going in the right direction? Any suggestion is welcome.
谢谢
推荐答案
You can find an example of your scenario here: https://identityserver4.readthedocs.io/en/release/quickstarts/5_hybrid_and_api_access.html
授权码仅用于从身份服务器获取访问令牌,而不用于对API进行身份验证.
The authorization code is only used to get access tokens from the identity server, it is not used to authenticate to APIs.
这是流 的工作方式:
- 用户在Identity Server上登录
- 您的MVC应用获得授权码和ID令牌
- id令牌告诉您的MVC应用程序用户是谁
- User logs in at Identity Server
- Your MVC app gets an authorization code and id token
- The id token tells your MVC app who the user is
这篇关于使用ASP.NET Core和服务栈进行身份验证和授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
