[英]Resource Authorization in ASP.net WEP API using Identity Server
I have a ASP.net MVC5 client (WEBAPP) which is authenticated using identity server . 我有一个使用身份服务器进行身份验证的ASP.net MVC5客户端(WEBAPP)。 And I'm using the below code to access the web api. 我正在使用以下代码访问网络api。
1.Get access token from Identity Server 1.从Identity Server获取访问令牌
private async Task<TokenResponse> GetTokenAsync()
{
var client = new TokenClient(
"https://localhost:44301/identity/connect/token",
"mvc_service",
"secret");
return await client.RequestClientCredentialsAsync("sampleApi");
}
And using the access token, I'm calling the WEBAPI 并使用访问令牌,我正在调用WEBAPI
var client = new HttpClient();
client.SetBearerToken(token);
var gg = this.HttpContext;
var json = await client.GetStringAsync("http://localhost:50990/jarvis");
var jsonStr = JArray.Parse(json).ToString();
var model = JsonConvert.DeserializeObject<List<User>>(jsonStr);
The web api is secured by identity server and Resource Authotization provided by the IdentityServer (Thinktecture.IdentityModel.Owin.ResourceAuthorization.WebApi) 该Web API由Identity Server和IdentityServer提供的资源授权(Thinktecture.IdentityModel.Owin.ResourceAuthorization.WebApi)保护。
The APIController is as below APIController如下
[Authorize]
public class AuthorizationController : ApiController
{
[ResourceAuthorize(AuthorizationResources.AdminActions.Create, AuthorizationResources.Admin)]
public async Task<IHttpActionResult> Get()
{
var user = User as ClaimsPrincipal;
List<User> usersList = await GetUsers();
return Json(usersList);
}
}
And my ResourceAuthorize is as below 我的ResourceAuthorize如下
ResourceAuthorize ResourceAuthorize
public class APIAuthorization: ResourceAuthorizationManager
{
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
var resource = context.Resource.First().Value;
if (resource == AuthorizationResources.Admin)
{
return CheckAdminAccessAsync(context);
}
if (resource == AuthorizationResources.Editor)
{
return CheckEditorAccessAsync(context);
}
if (resource == AuthorizationResources.Reader)
{
return CheckReaderAccessAsync(context);
}
return Nok();
}
private Task<bool> CheckReaderAccessAsync(ResourceAuthorizationContext context)
{
return Eval(context.Principal.IsInRole("Admin"));
}
private Task<bool> CheckEditorAccessAsync(ResourceAuthorizationContext context)
{
return Eval(context.Principal.IsInRole("Admin"));
}
private Task<bool> CheckAdminAccessAsync(ResourceAuthorizationContext context)
{
return Eval(context.Principal.IsInRole("Admin"));
}
}
My Question are 我的问题是
How do i pass the claims to the WEBAPI so i can do a check in the APIAuthorization: Eval(context.Principal.IsInRole("Admin")) 我如何将声明传递给WEBAPI,以便可以在APIAuthorization中进行检查:Eval(context.Principal.IsInRole(“ Admin”))
Is this the right way to do Resource Authorization? 这是进行资源授权的正确方法吗?
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44333/core",
RequiredScopes = new[] { "profile", "openid" },
});**This is what i was looking for , This solved my problem**
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.