问题
I make multiple calls to a Web API during login operations in IdentityServer4. Same applies during password reset operations which is custom code I have added to the IdentityServer4 project.
So how should I protect my ASP.NET Core Web API when the user isn't yet authenticated via OIDC which implies that there also isn't exist any access token at that stage. I would like to only allow IdentityServer4 to call these Web API methods instead of running unprotected Web API's.
Any suggestions?
回答1:
You can use this
https://identityserver4.readthedocs.io/en/release/topics/tools.html
to generate your own tokens to call the APIs.
来源:https://stackoverflow.com/questions/46084139/how-to-protect-web-api-called-by-identityserver4