05-03 02:11 阅读 105

关注

Identityserver4之.net core web客户端的接入过程

Identityserver4之.net core web客户端的接入过程

1、添加nuget引用

　　IdentityModel

　　IdentityServer4.AccessTokenValidation

　　Microsoft.AspNetCore.Authentication.Cookies

　　Microsoft.AspNetCore.Authentication.OpenIdConnect

　　Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation

　　System.IdentityModel.Tokens.Jwt

2、在Startup类里添加如下代码

public class Startup
    {        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }        public IConfiguration Configuration { get; }
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.AddMvc().AddRazorRuntimeCompilation();

            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

            services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie(options =>
            {
                options.Cookie.Name = "Cookies";
            })
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;
                options.ClientId = "localMvcCore";
                options.ClientSecret = "111111";
                options.ResponseType = "code id_token";
                options.Scope.Clear();
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.SaveTokens = true;
            });
        }
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }            else
            {
                app.UseExceptionHandler("/Home/Error");                app.UseHsts();
            }            app.UseStaticFiles();
            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }

上面的options.ClientSecret对应服务器端的密码，服务器端是：ClientSecrets = { new Secret("111111".Sha256()) }，所以这里是：111111

3、添加    [Authorize] 属性

　　在需要保护的controller或action上添加[Authorize] 

4、获取用户id

var userId = HttpContext.User.FindFirst("sub")?.Value;

5、在identityserver4服务器端的appsetting里添加

　　备注：如果不是我们项目的，就没有这个节点，这个是我们自定义的，方便维护节点用的，添加的时候注意ClientType，不要写"Mvc4"，那个是用于.net framework web的。

    "MvcClients": [
      {        "ClientName": "本地.netCoreMvc测试环境",        "ClientId": "localMvcCore",        "ClientUrl": "https://localhost:44361",        "ClientType": "MvcCore"
      }