使用客户端认证保护Api
此博客介绍了使用IdentityServer保护API的最基本场景.
在这种情况下,我们将定义一个API和要访问它的客户端.客户端将在IdentityServer上请求访问令牌,并使用它来访问API.
准备
先交代一下需要用的到包以及版本
- .Net Core 3.0.0
- IdentityServer4.AccessTokenValidation 3.0.1
- IdentityServer4 3.0.2
- IdentityModel 4.0.0
IdentityServerCenter
这是一个ASP.NET Core Web Api项目,认证服务中心,主要用为Token的发放,引用IdentityServer4包
Config.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| public class Config
{
public static IEnumerable<ApiResource> GetResources()
{
return new List<ApiResource>()
{
new ApiResource("api", "My Api")
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client()
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
AllowedScopes = {"api"}
}
};
}
}
|
Startup.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetResources())
.AddInMemoryClients(Config.GetClients());
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseIdentityServer();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
|
通过查看launchsettings.json,获知和修改项目运行时的端口.