[英]IdentityServer4 and calling a custom function
What I'm trying to achieve is this: set up an instance of IdentityServer4 that hands off authentication of a username/password to a function located in another .net assembly. 我要实现的目标是:设置IdentityServer4实例,该实例将用户名/密码的身份验证传递给位于另一个.net程序集中的函数。 I understand that OpenID Connect is one option but coming up with a custom IdP gives the impression of making a mountain out of a molehill.
我知道OpenID Connect是一种选择,但是提供自定义的IdP可以给人以摆脱困境的印象。
Are there any simple ways of achieving this using Identityserver? 是否有使用Identityserver实现此目的的简单方法?
Yes. 是。 In your
ConfigureServices
method in Startup
you need to register your own implementations of IProfileService
and IResourceOwnerPasswordValidator
. 在
Startup
的ConfigureServices
方法中,您需要注册自己的IProfileService
和IResourceOwnerPasswordValidator
。 For example: 例如:
services.AddTransient<IProfileService, CustomProfileService>();
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
The ValidatedAsync
method on the IResourceOwnerPasswordValidator
is where you can then access the username/password and call your own assemblies for validation. 然后,您可以在
IResourceOwnerPasswordValidator
上使用ValidatedAsync
方法访问用户名/密码并调用自己的程序集进行验证。 You then return a GrantValidationResult
object from that method to indicate success/failure. 然后,您从该方法返回
GrantValidationResult
对象以指示成功/失败。 For example: 例如:
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
logWriter.Debug("Validating resource owner password: " + context.UserName);
if (_userRepository.ValidatePassword(context.UserName, context.Password))
{
context.Result = new GrantValidationResult(context.UserName, "password");
return Task.FromResult(0);
}
logWriter.Debug("Unauthorised resource owner password for: " + context.UserName);
return Task.FromResult(new GrantValidationResult(TokenRequestErrors.UnauthorizedClient));
}
The IProfileService
is where you can set the claims on the context, for example by examining what has been requested (as defined in the ApiResource
definition) and then make your own calls to whichever assemblies/repo you need to find out the details for those claims. IProfileService
是您可以在上下文上设置声明的位置,例如,通过检查请求的内容(在ApiResource
定义中定义),然后对需要的程序集/存储库进行自己的调用,以查找这些声明的详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.