简体繁体 English

Identityserver和SQL Server数据库

[英]Identityserver and SQL server Database

原文 2018-10-01 10:04:26 9 1 sql-server/ identityserver4

we are looking for brand new implementation for Identityserver4, I wnet thru the documentation and install the Project on VS2017 and DB in sqlserver. 我们正在寻找Identityserver4的全新实现，我通过文档访问并在VS2017和sqlserver中的DB上安装了Project。

Database is created with the default migration script provided for bot ConfigurationData as well as Operational DAta. 使用为机器人ConfigurationData提供的默认迁移脚本以及Operational DAta创建数据库。 I am very much confused , where the user will be how the clients will be add etc? 我很困惑，用户将如何添加客户端等？ Also in the startup the default ASPNEtIdentity is add, but in database there is no ApplicationUser table, so where the userdata will be? 同样在启动时，默认的ASPNEtIdentity被添加，但是在数据库中没有ApplicationUser表，那么用户数据将在哪里？ My requirement is simple - User will be aple to login to application by his credentials(or may be by 3rd party application) and will use the application or API will directly use Identity server to with clientcredential scope, 我的要求很简单-用户将足以通过其凭据（或可能由第三方应用程序）登录到应用程序，并且将使用该应用程序或API将直接使用身份服务器进行客户端凭据范围的访问，

Here please do let me know: 请在此告诉我：

Should I introduce AspNetIdentity or Not, and Why? 是否应该介绍AspNetIdentity，为什么？
Where is the user table and Password of the user in the database generated by the migration. 迁移生成的数据库中的用户表和用户密码在哪里。
How we can add User clients and resources to the Created Database 我们如何将用户客户端和资源添加到已创建的数据库中
Do I need to add Login/Logout page ? 我需要添加“登录/注销”页面吗？
In API APIResource is used to defined the Resources "api1" and same is used by the client code to get the access but this "api1" is not used anywhere with the definition/signature of the Method, so ow will it be correlated? 在API中，APIResource用于定义资源“ api1”，并且客户端代码使用相同的资源来获取访问权限，但是此“ api1”在任何与方法的定义/签名都不使用的地方，那么它会被关联吗？

1 个解决方案

First off, IdentityServer4 on it's own does not handle users or authentication thereof - you either need to use ASP.Net Identity and the integration library that hooks it up to IdentityServer4 or build all of that stuff yourself. 首先，IdentityServer4本身无法处理用户或其身份验证-您要么需要使用ASP.Net Identity以及将其连接到IdentityServer4的集成库，要么自己构建所有这些东西。

So to sum up: 所以总结一下：

Yes you'll need to use that or roll your own user store and authentication logic 是的，您需要使用它或滚动您自己的用户存储和身份验证逻辑
Either provided by ASP.Net Identity or built yourself 由ASP.Net Identity提供或自行构建
https://www.identityserver.com/documentation/admin-ui/ may fit your needs or you could build your own tooling and/or scripts to do so https://www.identityserver.com/documentation/admin-ui/可能适合您的需求，或者您可以构建自己的工具和/或脚本来这样做
Yes although the quickstart samples provide good basic starting points 是的，尽管快速入门示例提供了良好的基本起点
The bearer token middleware by default will validate the audience (ApiResource.Name) but I prefer to enforce scope at a more granular controller or action level using a filter (eg [ScopeAuthorize("my.api")] public MyResult ApiAction() { ... } ). 默认情况下，不记名令牌中间件将验证受众（ApiResource.Name），但我更喜欢使用过滤器（例如[ScopeAuthorize("my.api")] public MyResult ApiAction() { ... }在更精细的控制器或操作级别上强制作用域[ScopeAuthorize("my.api")] public MyResult ApiAction() { ... } ）。 This filter will check that the specified scope is defined in the set of claims in the ClaimsPrincipal). 此过滤器将检查是否在ClaimsPrincipal中的一组索赔中定义了指定的范围。