一.添加服务端的api
1.添加NUGet包 IdentityServer4
点击下载,重新生成
2。添加Startup配置
打开Startup文件
public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //添加依赖注入配置 services.AddIdentityServer() .AddDeveloperSigningCredential(); services.AddMvc(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseIdentityServer(); //app.UseMvc(); } }
3.添加config配置,添加一个config类
public class config { public static IEnumerable<ApiResource> GetResources() { return new List<ApiResource> { new ApiResource("api","MQapi")}; } public static IEnumerable<Client> GetClients() { return new List<Client> { new Client() { ClientId="ClientId", AllowedGrantTypes=GrantTypes.ClientCredentials, ClientSecrets={ new Secret("secrt".Sha256())}, AllowedScopes={ "api"} } }; } }
4.修改IdentityServer的配置,打开Startup文件
public void ConfigureServices(IServiceCollection services) { //添加依赖注入配置 services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryApiResources(config.GetResources()) .AddInMemoryClients(config.GetClients()); services.AddMvc(); }
运行在浏览器中输入http://localhost:51227/.well-known/openid-configuration
二,添加客户端的api
添加一个api项目 ClientCredentialApi, 应用NuGet 包IdentityServer4.AccessTokenValidation
在控制器上添加[Authorize]标识。
然后在Startup文件里把认证授权添加进来
public void ConfigureServices(IServiceCollection services) { services.AddAuthentication("Bearer") .AddIdentityServerAuthentication(c => { c.Authority = "http://localhost:50000"; c.RequireHttpsMetadata = false; c.ApiName = "api"; }); services.AddMvc(); }
我们用visual studio code 把两个项目打开
运行WebApiIdentityServer项目 dotnet run
打开浏览器http://localhost:50000/.well-known/openid-configuration
可以通过http://localhost:50000/connect/token 这个拿到token
打开Postman
post访问http://localhost:50000/connect/token
参数是在这里设置的
我再启动客户端
打开postMan去访问http://localhost:50001/api/values
最后一张流程图