1. 技术文章
  2. Is there a way to use Identity Server features in asp.net core 3.1 Rest-API

Is there a way to use Identity Server features in asp.net core 3.1 Rest-API

拥有回忆 提交于 2021-01-28 02:34:37

问题


I’m working in a project with Rest-API in the server by using asp.net core 3.1, angular as front for single page application. From each client, the user would need to supply their username and password in order to access protected parts of the web API. I would like to use the features of Identity Server to access the ASP.NET Core Identity UserManager, RoleManager, and SignInManagers to determine if the supplied username and password is valid.

I haven't ever been done this before and I tried to search about this on Internet but not much info I could find. I would like some help of which nuget packages to use, and how should I configure startup.

Thanks


回答1:


I haven't done this with Angular in particular (I use vue), but it's basically the same concept. A quick Google search turned up an Angular specific tutorial that might be worth looking through: https://fullstackmark.com/post/21/user-authentication-and-identity-with-angular-aspnet-core-and-identityserver. On the IS4 side, I would suggest starting with the Asp.Net Identity IS4 template (https://identityserver4.readthedocs.io/en/latest/quickstarts/6_aspnet_identity.html)




回答2:


There are three main types of clients. Official Document For Identity Clients Github link for the Official Identity Sample code

Defining a client for server to server communication

In this scenario no interactive user is present - a service (aka client) wants to communicate with an API (aka scope):

public class Clients
{
    public static IEnumerable<Client> Get()
    {
        return new List<Client>
        {
            new Client
            {
                ClientId = "service.client",
                ClientSecrets = { new Secret("secret".Sha256()) },

                AllowedGrantTypes = GrantTypes.ClientCredentials,
                AllowedScopes = { "api1", "api2.read_only" }
            }
        };
    }
}

Defining browser-based JavaScript client (e.g. SPA) for user authentication and delegated access and API

This client uses the so-called implicit flow to request an identity and access token from JavaScript:

var jsClient = new Client
{
    ClientId = "js",
    ClientName = "JavaScript Client",
    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Implicit,
    AllowAccessTokensViaBrowser = true,

    RedirectUris =           { "http://localhost:7017/index.html" },
    PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
    AllowedCorsOrigins =     { "http://localhost:7017" },

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"
    }
};

Defining a server-side web application (e.g. MVC) for user authentication and delegated API access

Interactive server-side (or native desktop/mobile) applications use the hybrid flow. This flow gives you the best security because the access tokens are transmitted via back-channel calls only (and gives you access to refresh tokens):

var mvcClient = new Client
{
    ClientId = "mvc",
    ClientName = "MVC Client",
    ClientUri = "http://identityserver.io",

    AllowedGrantTypes = GrantTypes.Hybrid,
    AllowOfflineAccess = true,
    ClientSecrets = { new Secret("secret".Sha256()) },

    RedirectUris =           { "http://localhost:21402/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:21402/" },
    FrontChannelLogoutUri =  "http://localhost:21402/signout-oidc",

    AllowedScopes =
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile,
        IdentityServerConstants.StandardScopes.Email,

        "api1", "api2.read_only"
    },
};

Defining clients in appsettings.json

The AddInMemoryClients extensions method also supports adding clients from the ASP.NET Core configuration file. This allows you to define static clients directly from the appsettings.json file:

"IdentityServer": {
  "IssuerUri": "urn:sso.company.com",
  "Clients": [
    {
      "Enabled": true,
      "ClientId": "local-dev",
      "ClientName": "Local Development",
      "ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
      "AllowedGrantTypes": [ "implicit" ],
      "AllowedScopes": [ "openid", "profile" ],
      "RedirectUris": [ "https://localhost:5001/signin-oidc" ],
      "RequireConsent": false
    }
  ]
}

Then pass the configuration section to the AddInMemoryClients method:In Startup.cs

AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"))

Subcategories or detail clients list:

1. Client Credentials:

2. Resource Owner Client

3. JS OIDC Client

4. JS OAuth Client

5. MVC Hybrid Client

6. MVC Implicit Client



来源:https://stackoverflow.com/questions/60347813/is-there-a-way-to-use-identity-server-features-in-asp-net-core-3-1-rest-api

标签
c#
asp.net-core
asp.net-web-api
asp.net-core-identity
asp.net-core-3.1
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!