[英]IdentityServer4 Admin UI
I'm working on IdentityServer4.AdminUI which developed on github GitHub IdentityServer4.AdminUI 我正在研究在github GitHub IdentityServer4.AdminUI上开发的IdentityServer4.AdminUI
First of all I created a new user simply and set it's password, then I Created new ApiResource with name Api_Name . 首先,我简单地创建了一个新用户并设置了它的密码,然后我创建了名为Api_Name的新ApiResource 。 Then I Created IdentityResource with the same name Api_Name . 然后我创建了具有相同名称Api_Name的 IdentityResource。 Finally I Created new client with name Api_Client and set client Allowed Scopes to Api_Name and Allowed Grant Types to Password and finally Set the client secret to secret 最后,我创建了名为Api_Client的新客户端,并将客户端允许的范围设置为Api_Name ,将允许的授权类型设置为密码 ,最后将客户端密钥设置为secret
Now, I created new WebApi project (Core 2.1) and use this in startup class 现在,我创建了新的WebApi项目(Core 2.1)并在启动类中使用它
public void ConfigureServices(IServiceCollection services) {
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddMvcCore().AddAuthorization().AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options => {
options.Authority = "http://localhost:5000"; //Identity Server URL
options.RequireHttpsMetadata = false; // make it false since we are not using https
options.ApiName = "Api_Name"; //api name which should be registered in IdentityServer
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
else {
app.UseHsts();
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
and sure I used [Authorize] attribute in WebApi controller 确定我在WebApi控制器中使用了[Authorize]属性
Finally, the test. 最后,测试。 I Created console application and use this code 我创建了控制台应用程序并使用此代码
var identityServer = await DiscoveryClient.GetAsync("http://localhost:5000"); //discover the IdentityServer
if (identityServer.IsError) {
Console.Write(identityServer.Error);
return;
}
HttpClient client = new HttpClient();
var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest {
Address = identityServer.TokenEndpoint,
ClientId = "Api_Client",
ClientSecret = "secret",
UserName = "Majd",
Password = "P@ssw0rd@123"
});
if (tokenResponse.IsError) {
Console.WriteLine(tokenResponse.Error);
return;
}
//Call the API
client.SetBearerToken(tokenResponse.AccessToken);
var response = await client.GetAsync("https://localhost:44368/api/values");
var response2 = await client.GetAsync("https://localhost:44368/api/values/1");
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
Console.ReadKey();
The problem is response2 return UnAuthorized 401. so why i got this error since I used the received access token from the identity server 问题是响应2返回UnAuthorized 401.所以为什么我收到此错误,因为我使用从身份服务器收到的访问令牌
You need to also add a requested scope in your token request (even though you said that the client is allowed to access Api_Name
). 您还需要在令牌请求中添加请求的范围(即使您说允许客户端访问Api_Name
)。
var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest {
Address = identityServer.TokenEndpoint,
ClientId = "Api_Client",
ClientSecret = "secret",
UserName = "Majd",
Password = "P@ssw0rd@123",
Scope = "Api_Name"
});
In IDS4, the tokens are only issued for the scopes that have been requested, unlike IDS3 where you would get all the scopes that the client is allowed. 在IDS4中,仅针对已请求的作用域发出标记,与IDS3不同,在IDS3中,您将获得允许客户端的所有作用域。 So as far as your Api authentication middleware is concerned, your client was not allowed to access it because the token did not suffice. 因此,就您的Api身份验证中间件而言,您的客户端不允许访问它,因为令牌不够用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.