如何建立与NancyFx和IdentityServer3（非API网站）基于cookie的认证 [英] How to set up cookie based authentication with NancyFx and IdentityServer3 (non-API website)

问题描述

我们有以下的环境中：

• 独立IdentityServer3实例（问题的参考的标记，而不是JWT）


• ASP.NET的WebAPI资源服务器


• .NET，对IdSvr验证（通过资源所有者流量）客户端应用程序

• Standalone IdentityServer3 instance (issues reference tokens, not jwt)
• ASP.NET WebAPI resource server
• .NET client applications that authenticate against IdSvr (via resource owner flow)

...现在我们想开始添加将使用NancyFx服务服务器生成的网页，以及一对夫妇AngularJS的SPA的OWIN托管的Web应用程序。这南希网站将不提供任何的API，但可以从我们现有的API消耗数据。我想补充的认证在OWIN管道，以帮助被发送到不能访问用户谁保护我们的角度应用。

...and now we'd like to start adding an OWIN-hosted web app that will use NancyFx to serve server-rendered pages as well as a couple AngularJS SPAs. This Nancy website will NOT host any APIs, but may consume data from our existing API. I'd like to add authentication in the OWIN pipeline to help secure our Angular applications from being sent down to users who don't have access.

这将是在相反的向下发送了SPA code和具有角确定用户是否应该看到任何东西。在这种情况下，我们已经提供的JavaScript code群，这一点，我们希望避免的。的

我想知道我应该怎么配置这个南希网站进行身份验证使用隐流对IdentityServer用户。我已经实现在独立的SPA这个认证方案之前（所有认证被AngularJS code处理和令牌存储在HTML5本地存储），但我对如何正确的OWIN管道内解决这个有点失落。

I'm trying to understand how I should configure this Nancy site to authenticate users against IdentityServer using the implicit flow. I have implemented this authentication scheme in standalone SPAs before (where all authentication was handled by AngularJS code and tokens were stored in HTML5 local storage), but I'm a bit lost on how to properly tackle this within the OWIN pipeline.

我以为OWIN cookie认证中间件是答案，但这是否意味着以下？

I'm thinking that the OWIN cookie authentication middle-ware is the answer, but does that mean the following?

• 我需要将用户重定向到IdentityServer（使用隐式流动正确的URL参数）？


• IdentityServer将用户重定向到我的成功登录网站，所以这是我在哪里挂钩到OWIN授权管理器来设置相应的cookie？

...还是我想这一切都错了吗？

...or am I thinking about this all wrong?

的作为参考，我已经通过下面的帖子阅读，他们是非常有益的，但​​我不太看大局与OWIN。我打算用UseOpenIdConnectAuthentication中间件接下来的实验，但我会AP preciate任何指导，可能会在这里。的

<一个href=\"http://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/\" rel=\"nofollow\">http://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/

https://github.com/IdentityServer/IdentityServer3/issues/487

推荐答案

从根本上说，在通过OWIN举办了南希的应用中实施的OpenID群验证是真的不以任何MVC /武士刀的应用程序实现它不同（Thinktecture队有一个样本对于这种情况：<一href=\"https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients/MVC%20OWIN%20Client\" rel=\"nofollow\">https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients/MVC%20OWIN%20Client)

Fundamentally, implementing OpenID Connect authentication in a Nancy app hosted via OWIN is really not different from implementing it in any MVC/Katana app (the Thinktecture team has a sample for this scenario: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Clients/MVC%20OWIN%20Client)

您基本上需要三样东西：cookie的中间件，在OpenID的连接中间件和南希中间件：

You basically need 3 things: the cookie middleware, the OpenID Connect middleware and the Nancy middleware:

public class Startup {
    public void Configuration(IAppBuilder app) {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationMode = AuthenticationMode.Active,
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions {
            AuthenticationMode = AuthenticationMode.Active,

            // Set the address of your OpenID Connect server:
            Authority = "http://localhost:54541/"

            // Set your client identifier here:
            ClientId = "myClient",

            // Set the redirect_uri and post_logout_redirect_uri
            // corresponding to your application:
            RedirectUri = "http://localhost:56765/oidc",
            PostLogoutRedirectUri = "http://localhost:56765/"
        });

        app.UseNancy(options => options.PerformPassThrough = context => context.Response.StatusCode == HttpStatusCode.NotFound);
    }
}

如果你正在寻找一个功能演示，你可以看看<一个href=\"https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Nancy/Nancy.Client\" rel=\"nofollow\">https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Nancy/Nancy.Client （注意：它不使用IdentityServer3的OIDC服务器的一部分，但它不应该做的客户端应用程序的任何区别）。

If you're looking for a functional demo, you can take a look at https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Nancy/Nancy.Client (note: it doesn't use IdentityServer3 for the OIDC server part but it shouldn't make any difference for the client app).

这篇关于如何建立与NancyFx和IdentityServer3（非API网站）基于cookie的认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！