使用 ASP.NET5 实现 OAuth 2.0 + openID 令牌

Question

我有以下代码在我运行项目时似乎没有做任何事情。 我希望浏览器重定向发生在 http://localhost:5000 请求“代码”授权流。 相反，我只看到“Hello World”。

这是我的 startup.cs 文件：

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace OAuthService
{
    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = "cookie";
                options.DefaultSignInScheme = "cookie";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddOpenIdConnect("oidc", options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false; // dev only

                options.ClientId = "pkce_client";
                options.ClientSecret = "acf2ec6fb01a4b698ba240c2b10a0243";
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.ResponseMode = "form_post";
                options.CallbackPath = "/OAuthService/GetResponse";
                options.UsePkce = true;
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseAuthentication();            

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/", async context =>
                {
                    await context.Response.WriteAsync("Hello World!");
                });
            });
        }
    }
}

Answer 1

需要有人告诉认证模块用户必须登录。你要么触发它使用

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/login", async context =>
                {
                    var claims = new Claim[]
                    {
                                        //Standard claims
                                        new Claim(ClaimTypes.Name, "Joe Svensson"),
                                        new Claim(ClaimTypes.Country, "Sweden"),
                                        new Claim(ClaimTypes.Email, "joe@edument.se"),

                                        //Custom claims
                                        new Claim("JobTitle", "Developer"),
                                        new Claim("JobLevel", "Senior"),
                    };

                    ClaimsIdentity identity = new ClaimsIdentity(claims: claims,
                                                      authenticationType: CookieAuthenticationDefaults.AuthenticationScheme);

                    ClaimsPrincipal user = new ClaimsPrincipal(identity: identity);

                    var authProperties = new AuthenticationProperties
                    {
                        IsPersistent = true
                    };

                    //Sign-in the user
                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authProperties);

                    await context.Response.WriteAsync("<!DOCTYPE html><body>");
                    await context.Response.WriteAsync("<h1>Logged in!</h1>");
                });
....

或者您使用添加授权处理程序中间件

    app.UseAuthorization();

并使用以下方法正确配置：

.AddAuthorization(options =>
{
    ...
})