【发布时间】:2021-04-30 09:12:11
【问题描述】:
我尝试使用 ASP.NET Core API 创建身份服务器。我已经准备了一个 API:
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetAllApiResources())
.AddInMemoryClients(Config.GetClients())
.AddInMemoryApiScopes(Config.GetApiScopes());
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
}
}
}
带配置:
public class Config
{
public static IEnumerable<ApiScope> GetApiScopes()
{
return new List<ApiScope>
{
new ApiScope
{
Name = "OpenIDApi",
Emphasize=true
}
};
}
public static IEnumerable<ApiResource> GetAllApiResources()
{
return new List<ApiResource>
{
new ApiResource("OpenIDApi", "Customer Api for OpenID")
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "OpenIDApi" }
}
};
}
}
}
还有一个 API:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<OpenIDContext>(opts =>
opts.UseInMemoryDatabase("OpenIDDb"));
services.AddControllers();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "OpenIDApi";
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
带控制器:
namespace OpenID.API.Controllers
{
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class CustomersController : ControllerBase
{
private readonly OpenIDContext _context;
public CustomersController(OpenIDContext context)
{
_context = context;
}
// GET: api/Customers
[HttpGet]
public async Task<ActionResult<IEnumerable<Customer>>> GetCustomers()
{
return await _context.Customers.ToListAsync();
}
// GET: api/Customers/5
[HttpGet("{id}")]
public async Task<ActionResult<Customer>> GetCustomer(long id)
{
var customer = await _context.Customers.FindAsync(id);
if (customer == null)
{
return NotFound();
}
return customer;
}
// PUT: api/Customers/5
[HttpPut("{id}")]
public async Task<IActionResult> PutCustomer(long id, Customer customer)
{
if (id != customer.Id)
{
return BadRequest();
}
_context.Entry(customer).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!CustomerExists(id))
{
return NotFound();
}
else
{
throw;
}
}
return NoContent();
}
// POST: api/Customers
[HttpPost]
public async Task<ActionResult<Customer>> PostCustomer(Customer customer)
{
_context.Customers.Add(customer);
await _context.SaveChangesAsync();
return CreatedAtAction("GetCustomer", new { id = customer.Id }, customer);
}
// DELETE: api/Customers/5
[HttpDelete("{id}")]
public async Task<ActionResult<Customer>> DeleteCustomer(long id)
{
var customer = await _context.Customers.FindAsync(id);
if (customer == null)
{
return NotFound();
}
_context.Customers.Remove(customer);
await _context.SaveChangesAsync();
return customer;
}
private bool CustomerExists(long id)
{
return _context.Customers.Any(e => e.Id == id);
}
}
}
namespace OpenID.API.Models
{
public class Customer
{
public long Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
}namespace OpenID.API.Models
{
public class Customer
{
public long Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
}namespace OpenID.API.Models
{
public class Customer
{
public long Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
}namespace OpenID.API.Models
{
public class Customer
{
public long Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
}
型号:
namespace OpenID.API.Models
{
public class Customer
{
public long Id { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
}
}
数据库上下文:
namespace OpenID.API.Models
{
public class OpenIDContext : DbContext
{
public OpenIDContext(DbContextOptions<OpenIDContext> options)
: base(options)
{
}
public DbSet<Customer> Customers { get; set; }
}
}
我通过 Postman 获取令牌,他们在 API 上进行 GET 获取客户:
因此,我得到了 401 Unauthorized。有什么问题?
感谢您的帮助。
【问题讨论】:
-
您能否将令牌粘贴到jwt.ms 并验证您的范围属性中是否有“OpenIDApi”?您没有记录您的令牌请求。您需要请求 OpenIDApi 范围。
标签: c# asp.net jwt authorization identityserver4