1 Server端
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryClients(Config.GetClients())
.AddInMemoryApiResources(Config.GetResource())
.AddInMemoryIdentityResources(Config.GetIdentityResource())
.AddTestUsers(Config.GetUsers());
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
}
public class Config
{
public static List<ApiResource> GetResource()
{
return new List<ApiResource>
{
new ApiResource("api1","Api Application "),
};
}
public static List<IdentityResource> GetIdentityResource()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
};
}
public static List<Client> GetClients()
{
return new List<Client>
{
//客户端模式
//new Client{
// ClientId="client",
// AllowedGrantTypes = GrantTypes.ClientCredentials,
// ClientSecrets = {
// new Secret("secret".Sha256())
// },
// AllowedScopes={ "api"},
// },
////密码模式
// new Client{
// ClientId="pwdclient",
// AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
// ClientSecrets = {
// new Secret("secret".Sha256())
// },
// AllowedScopes={ "api"},
// },
//隐式模式
new Client{
ClientId="mvc",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets = {
new Secret("secret".Sha256())
},
//是否需要用户点击按钮
RequireConsent=false,
RedirectUris={ "http://localhost:5003/signin-oidc"},
PostLogoutRedirectUris={ "http://localhost:5003/signout-callback-oidc"},
AllowedScopes={
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OpenId,
},
},
};
}
public static List<TestUser> GetUsers()
{
return new List<TestUser>
{
new TestUser{SubjectId="10000",Username="yan",Password="123123" },
};
}
}
2 客户端
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(option =>
{
option.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = "oidc";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.SaveTokens = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
}
}
3 客户端加Authorize标记