我做到了,但是通过设置Thinktecture 的身份服务器 v 3作为我的令牌提供商,但我认为如果您有另一个令牌提供商,它将是相同的流程......
(更新:我添加了一个 github 存储库,代码如下:here https://github.com/CedricDumont/vnext-playground/tree/master/idsrv3-vnext/idsrv3)
这是我的启动类:(Identityserver v3 也可以在 Vnext 上运行,但需要进行一些小调整)。请注意,我在同一个 Web 应用程序中拥有服务器和 Web API。如果你有两个不同的网络项目也没关系,但这里只是为了演示......
public class Startup
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
}
public void Configure(IApplicationBuilder app)
{
app.Map("/core", core =>
{
var factory = InMemoryFactory.Create(
users: Users.Get(),
clients: Clients.Get(),
scopes: Scopes.Get());
var idsrvOptions = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "test vnext Identity server",
Factory = factory,
SigningCertificate = Certificate.Get(),
RequireSsl = false,
CorsPolicy = CorsPolicy.AllowAll,
AuthenticationOptions = new AuthenticationOptions
{
}
};
core.UseIdentityServer(idsrvOptions);
});
app.Map("/api", api =>
{
api.UseOAuthBearerAuthentication(options => {
options.Authority = Constants.AuthorizationUrl;
options.MetadataAddress = Constants.AuthorizationUrl + "/.well-known/openid-configuration";
options.TokenValidationParameters.ValidAudience = "https://idsrv3.com/resources";
});
api.UseMvc();
});
}
}
从这里您可以看到我的 IdentityServerV3 映射到“/core”,并且在同一个 Web 应用程序项目(可能是另一个项目)中,我有一个使用 MVC 的 Web api。下面是控制器:
[Authorize]
[Route("[controller]")]
public class Test : Controller
{
[HttpGet]
public JsonResult Get()
{
return Json(new
{
message = "You See this then it's ok auth is :" + User.Identity.IsAuthenticated,
});
}
}
我在我的身份服务器中配置了一个客户端:
new Client
{
//Resource Owner Flow Client (our web UI)
ClientName = "WebUI",
Enabled = true,
ClientId = "IdentityWebUI",
ClientSecrets = new List<ClientSecret>
{
new ClientSecret("secret".Sha256())
},
Flow = Flows.ResourceOwner,
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600
}
这是用户(使用 InMemory 用户):
return new List<InMemoryUser>
{
new InMemoryUser
{
Username = "testUser",
Password = "testPwd",
Subject = "I am the Subject"
}
};
在 fidler 中,我发出以下 POST 来获取不记名令牌:
POST : http://localhost:4357/core/connect/token
User-Agent: Fiddler
Host: localhost:4357
Content-Length: 67
Content-Type: application/x-www-form-urlencoded
Authorization: Basic SWRlbnRpdHlXZWJVSTpzZWNyZXQ=
grant_type=password&username=testUser&password=testPwd&scope=openid
在响应中你将得到一个 Access_token
{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaIFtbp9j7KnXxQ3ZdGmaYAO96xuhHfO1DbgRdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ","expires_in":3600,"token_type":"Bearer"}
然后我使用该 access_token 来调用我的 Web api
这是小提琴手(在作曲家窗格中)
GET http://localhost:4357/api/Test
User-Agent: Fiddler
Host: localhost:4357
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaIFtbp9j7KnXxQ3ZdGmaYAO96xuhHfO1DbgRdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ
然后我在 fiddler 中仍然得到响应:
您可以通过以下方式获得更多信息link http://cedric-dumont.com/tutorials/identityserver-v3-membershipreboot-angularjs-webapi-2-and-mvc-mix-it-introduction/identityserver-v3-membershipreboot-angularjs-webapi-2-and-mvc-mix-it-part-1/下面,但与 vnext 无关。我将就此创建一篇文章,因为我需要一个 angularJS 应用程序来进行身份验证并使用隐式流程而不是资源所有者流程...使用 Visual Studio 2015 预览版