34:NETIdentityServer4客户端模式与密码模式⽬录
介绍
作⽤
官⽹
准备⼯作
安装模板
安装模板的作⽤是⼀会可以⾃动⽣成代码。
dotnet new -i IdentityServer4.Templates
创建项⽬
输⼊如下语句,即可创建⼀个客户端程序。
dotnet new is4aspid -n IdentityServerAspNetIdentity
或
dotnet new is4empty -n AuthenticationCenterIDS4
项⽬结构
Config配置使⽤什么模式进⾏鉴权授权。
使⽤dotnet new is4aspid -n IdentityServerAspNetIdentity默认带了客户端模式与code模式,密码模式简单进⾏下配置即可。
使⽤
完成模板创建后,就可以使⽤了
这⾥以控制台程序来访问IdentityServer。返回Token后,再带上Toen对受保护的鉴权授权api进⾏访问
class Program
{
static async Task Main(string[] args)
{
//如果要授权
var client =new HttpClient();
DiscoveryDocumentResponse disco =await client.GetDiscoveryDocumentAsync("localhost:5001/");
if(disco.IsError)
{
Console.WriteLine(disco.Error);
}
var accessTokenResponse =await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest {
Address = disco.TokenEndpoint,
ClientId ="m2m.client",
ClientSecret ="511536EF-F270-4058-80CA-1C89C192F69A",
Scope ="scope1"
});
if(accessTokenResponse.IsError)
{
Console.WriteLine(accessTokenResponse.Error);
}
var apiclient =new HttpClient();
apiclient.SetBearerToken(accessTokenResponse.AccessToken);
var resultResponse =await apiclient.GetAsync("localhost:5002/WeatherForecast/Get");
if(!resultResponse.IsSuccessStatusCode)
{
Console.WriteLine(resultResponse.StatusCode);
}
else
{
var content =await resultResponse.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
//之前都是postman ;如果需要使⽤postman,参数如何传递?
Console.Read();
}
}
WebApi受保护的资源
Startup⽂件中注册服务
#region客户端模式
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Authority ="localhost:5001";
options.RequireHttpsMetadata =false;
options.TokenValidationParameters =new TokenValidationParameters
{
ValidateIssuer =true,
ValidIssuer ="localhost:5001",
ValidateAudience =true,
ValidAudience ="localhost:5001/resources",
ValidateIssuerSigningKey =true
};
});
#endregion
引⽤客户端验证
#region Identityserver4
{
app.UseAuthentication();
app.UseAuthorization();
}
#endregion
客户端模式
1>特点描述:
1.客户端模式不代表⽤户,授权是授权给某⼀个应⽤程序客户端;客户端本⾝就是资源所有者
2.通常⽤于机器和机器的通信
3.客户端也需要⾝份验证
2>流程实操:
writeline特点1.授权,配置密码模式,⽣成Token;
Startup中的ConfigureServices ⽅法中添加:
var builder = services.AddIdentityServer(options =>
{
// see adthedocs.io/en/latest/topics/resources.html
options.EmitStaticAudienceClaim =true;
})
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryClients(Config.Clients);
builder.AddDeveloperSigningCredential();
⽀持配置:
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
public static IEnumerable<ApiScope> ApiScopes =>
new ApiScope[]
{
new ApiScope("scope1"),
new ApiScope("scope2"),
};
public static IEnumerable<Client> Clients =>
new Client[]
{
new Client
{
ClientId ="m2m.client",
ClientName ="Client Credentials Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets ={new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256())}, AllowedScopes ={"scope1"}
}
};
}
3>请求规则:
获取Token:
访问受保护的Api:
密码模式
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论