简体   繁体   中英

Resource Authorization in ASP.net WEP API using Identity Server

I have a ASP.net MVC5 client (WEBAPP) which is authenticated using identity server . And I'm using the below code to access the web api.

1.Get access token from Identity Server

    private async Task<TokenResponse> GetTokenAsync()
    {
        var client = new TokenClient(
           "https://localhost:44301/identity/connect/token",
           "mvc_service",
           "secret");

        return await client.RequestClientCredentialsAsync("sampleApi");
    }

And using the access token, I'm calling the WEBAPI

            var client = new HttpClient();                
            client.SetBearerToken(token);
            var gg = this.HttpContext;
            var json = await client.GetStringAsync("http://localhost:50990/jarvis");
            var jsonStr = JArray.Parse(json).ToString();
            var model = JsonConvert.DeserializeObject<List<User>>(jsonStr);

The web api is secured by identity server and Resource Authotization provided by the IdentityServer (Thinktecture.IdentityModel.Owin.ResourceAuthorization.WebApi)

The APIController is as below

[Authorize]
public class AuthorizationController : ApiController
{
    [ResourceAuthorize(AuthorizationResources.AdminActions.Create, AuthorizationResources.Admin)]
    public async Task<IHttpActionResult> Get()
    {
        var user = User as ClaimsPrincipal;

        List<User> usersList = await GetUsers();
        return Json(usersList);
    }
}

And my ResourceAuthorize is as below

ResourceAuthorize

public class APIAuthorization: ResourceAuthorizationManager
{
    public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
    {
        var resource = context.Resource.First().Value;

        if (resource == AuthorizationResources.Admin)
        {
            return CheckAdminAccessAsync(context);
        }

        if (resource == AuthorizationResources.Editor)
        {
            return CheckEditorAccessAsync(context);
        }

        if (resource == AuthorizationResources.Reader)
        {
            return CheckReaderAccessAsync(context);
        }

        return Nok();
    }

    private Task<bool> CheckReaderAccessAsync(ResourceAuthorizationContext context)
    {
        return Eval(context.Principal.IsInRole("Admin"));
    }

    private Task<bool> CheckEditorAccessAsync(ResourceAuthorizationContext context)
    {
        return Eval(context.Principal.IsInRole("Admin"));
    }

    private Task<bool> CheckAdminAccessAsync(ResourceAuthorizationContext context)
    {
        return Eval(context.Principal.IsInRole("Admin"));
    }
}

My Question are

  1. How do i pass the claims to the WEBAPI so i can do a check in the APIAuthorization: Eval(context.Principal.IsInRole("Admin"))

  2. Is this the right way to do Resource Authorization?

       app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "https://localhost:44333/core",
            RequiredScopes = new[] { "profile", "openid" },
        });**This is what i was looking for , This solved my problem**

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM