[英]Talking to IdentityServer4 with an Angular SPA application for authentication/authorization receiving a token then talking to Web API
I have an asp.net core Web API. 我有一个asp.net核心Web API。 I am currently making calls directly to it using an Angular 4 app.
我目前正在使用Angular 4应用程序直接调用它。
I now want to add authentication and authorization layer. 我现在想要添加身份验证和授权层。
I would like to do this by adding another project (strictly for auth) of type : ASP.NET Core MVC (w/ Individual User Accounts) to my solution and then adding IdentityServer4 to it. 我想通过向我的解决方案添加另一个类型的项目(严格意义上为auth)来实现这一点:ASP.NET Core MVC(带有个人用户帐户),然后将IdentityServer4添加到它。 The plan is to use the existing Identity tables to store users, roles, etc.
计划是使用现有的Identity表来存储用户,角色等。
Once this is all setup I am a bit confused about how my Angular 4 SPA app or any other third party authenticates through the IdentityServer app. 一旦完成这一切,我对Angular 4 SPA应用程序或任何其他第三方通过IdentityServer应用程序进行身份验证的方式感到有些困惑。 I would assume this then returns a token of some sort.
我会假设这会返回某种类型的令牌。 Then proceeds to make calls to my original Web API project (ie GetCustomers()) with that token.
然后继续使用该令牌调用我原来的Web API项目(即GetCustomers())。
From the research I did it looks like the only other thing that I need is JWT bearer authentication in ASP.NET Core. 从我做的研究看来,我需要的唯一其他东西是ASP.NET Core中的JWT承载认证。
Can someone please provide me with some links/information on how to go about this entire process. 有人可以提供一些关于如何进行整个过程的链接/信息。 Haven't found any good videos that go through the entire thing.
没有找到任何通过整个事情的好视频。 Also, please confirm that the above pattern I am talking about sounds correct.
另外,请确认我所说的上述模式听起来是正确的。
Identity Server
has different flows/grant types
, the one you talking about called implicit in that case Identity Server
will return a jwt token
so you have to be storing that jwt token
on a client and then attaching that token to request header when requesting your secure webapi
routes. Identity Server
具有不同的flows/grant types
,您所谈论的那个是隐式的,在这种情况下, Identity Server
将返回一个jwt token
因此您必须在客户端上存储该jwt token
,然后在请求您的安全时将该令牌附加到请求头webapi
路线。
Official samples it is very good starting point also checkout their blog that has lots of useful info covering the topic. 官方样本这是一个非常好的起点,也可以查看他们的博客 ,其中包含大量有关该主题的有用信息。
Talking about the good videos on the topic here is a good one from the recent NDC conf IdentityServer4: New & Improved for ASP.NET Core also if you want to learn stuff more deeply you can checkout this pluralsignt course by Dominick Baier 在这里谈论关于这个主题的好视频是一个很好的视频来自最近的NDC conf IdentityServer4:新的和改进的ASP.NET核心如果你想更深入地学习东西,你可以通过Dominick Baier结束这个复数课程
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.