码迷,mamicode.com
首页 > 其他好文 > 详细

identityservice4使用案例

时间:2018-12-17 11:30:47      阅读:528      评论:0      收藏:0      [点我收藏+]

标签:image   log   一个   gas   ali   注释   rgs   request   sed   


一 使用缘由                          

                  

    最近写微服务的blog,研读了o’reilly出的 《building Microservices With Asp.net Core》,其中使用的微服务分布式权限组件是microsoft.aspnetcore.authentication.jwtbearer,那最近identityserver4这么流行,就决定替换掉它。

 

二 开始                         


1 认证流程:

                                                                       技术分享图片

2 开发

    

    认证服务器:

            (1)  首先一个空的asp.net core 项目,在nuget包中安装identityserver4 包

            (2)  项目组织,会增加Config.cs的文件。

                                                                                     技术分享图片


 

相关代码

using IdentityServer4.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Walt.Freamwork.Sec
{
    public class Config
    {
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
                {
                    new ApiResource("api1", "My API")
                };
        }

        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
                    {
                        new Client
                        {
                            ClientId = "client",

                            // no interactive user, use the clientid/secret for authentication
                            AllowedGrantTypes = GrantTypes.ClientCredentials,

                            // secret for authentication
                            ClientSecrets =
                            {
                                new Secret("secret".Sha256())
                            },


                            // scopes that client has access to
                            AllowedScopes = { "api1" }
                        }
                    };
        }
    }
} 
 public void ConfigureServices(IServiceCollection services)
        {
            // configure identity server with in-memory stores, keys, clients and resources
            services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients());
            services.AddMvc();
        }                  

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            app.UseIdentityServer();
            app.UseMvc((route) => {
                route.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
            });
        }

        授权服务器

               (1)为webapi增加identityserver4.accesstokenvalidation包

                    (2) 配置

 public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
            services.AddAuthorization();
            services.AddAuthentication("Bearer")
          .AddIdentityServerAuthentication(options =>
          {
              options.Authority = "http://localhost:64433"; //授权服务器
              options.RequireHttpsMetadata = false;

              options.ApiName = "api1";
          });
        }


 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
           var log=     LoggerFac.CreateLogger<Startup>();
            log.LogInformation("infomation");
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }
            app.UseAuthentication();   //使用认证
             app.UseHttpsRedirection();
            app.UseMvc();
        }


       客户端:从代码中可以看出,分两步,第一步获取token

                    ,第二部根据token去访问需要的服务。


using System;
using System.Net.Http;
using IdentityModel.Client;
using IdentityServer4;
using Newtonsoft.Json.Linq;

namespace Walt.Freamwork.Sec.Client
{
    class Program
    {
        static  void Main(string[] args)
        {
            var disco =  DiscoveryClient.GetAsync("http://localhost:64433/").Result;
            if (disco.IsError)
            {
                Console.WriteLine(disco.Error);
                return;
            }


            // request token
            var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "secret");
            var tokenResponse =  tokenClient.RequestClientCredentialsAsync("api1").Result;

            if (tokenResponse.IsError)
            {
                Console.WriteLine(tokenResponse.Error);
                return;
            }

            Console.WriteLine(tokenResponse.Json);

            // call api
            var client = new HttpClient();
            client.SetBearerToken(tokenResponse.AccessToken);

            var response =  client.GetAsync("http://localhost:50403/api/identity").Result;
            if (!response.IsSuccessStatusCode)
            {
                Console.WriteLine(response.StatusCode);
            }
            else
            {
                var content =  response.Content.ReadAsStringAsync().Result;
                Console.WriteLine(JArray.Parse(content));
            }


            Console.ReadKey();
        }
    }
}

       运行情况:咱们为webapi定义一个api

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Walt.Freamwork.Sec
{
    [Route("api/[controller]")]
    [ApiController]
    [Authorize]
    public class IdentityController : ControllerBase
    {
        [HttpGet]
        public IActionResult Get()
        {
            return new JsonResult(from c in User.Claims select new { c.Type, c.Value });
        }
    }
}

技术分享图片

如果不带token

using System;
using System.Net.Http;
using IdentityModel.Client;
using IdentityServer4;
using Newtonsoft.Json.Linq;

namespace Walt.Freamwork.Sec.Client
{
    class Program
    {
        static  void Main(string[] args)
        {
            var disco =  DiscoveryClient.GetAsync("http://localhost:64433/").Result;
            if (disco.IsError)
            {
                Console.WriteLine(disco.Error);
                return;
            }


            // request token
            var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "secret");
            var tokenResponse =  tokenClient.RequestClientCredentialsAsync("api1").Result;

            if (tokenResponse.IsError)
            {
                Console.WriteLine(tokenResponse.Error);
                return;
            }

            Console.WriteLine(tokenResponse.Json);

            // call api
            var client = new HttpClient();
           // client.SetBearerToken(tokenResponse.AccessToken);   这块注释掉了

            var response =  client.GetAsync("http://localhost:50403/api/identity").Result;
            if (!response.IsSuccessStatusCode)
            {
                Console.WriteLine(response.StatusCode);
            }
            else
            {
                var content =  response.Content.ReadAsStringAsync().Result;
                Console.WriteLine(JArray.Parse(content));
            }


            Console.ReadKey();
        }
    }
}

技术分享图片


总结:本实例使用的是声明的方式认证,也可以使用用户名密码。 identityserver4是个功能强大但是使用很简洁的一个认证框架,

也支持OAUTH为外部认证提供支持,这里就不讨论了。








identityservice4使用案例

标签:image   log   一个   gas   ali   注释   rgs   request   sed   

原文地址:https://www.cnblogs.com/ck0074451665/p/10129829.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!