最简单的IdentityServer实现——IdentityServer

1.新建项目

新建ASP .Net Core项目IdentityServer.EasyDemo.IdentityServer,选择.net core 2.0

最简单的IdentityServer实现——IdentityServer_第1张图片
1

最简单的IdentityServer实现——IdentityServer_第2张图片
2

引用IdentityServer4
最简单的IdentityServer实现——IdentityServer_第3张图片
3

2.定义Api资源

添加一个Config.cs文件,在其中定义Api资源
Api资源指上述的Api,可以有多个,在这里设置了,并且Api的配置与之匹配,IdentityServer才能识别那个Api
eg.IdentityServer项目的Api资源池里面有一个名叫"api1"的Api资源,Api项目中设置ApiName为"api1",则双方匹配

public static IEnumerable GetApiResources()
{
    return new List
    {
        //参数是资源名称,资源显示名称
        new ApiResource("api1", "My API")
    };
}

3.定义客户端Client

继续在Config.cs中添加Client
Client指的是各个调用服务的客户端,可以有多个
用户要设置ClientId,这是它的唯一标志,在Client列表里面,ClientId不能重复,ClientSecrets是用来验证用户的密码,AllowedScopes记录了它的权限范围
注意:可以多个客户端共用一个ClientId,则对于IdentityServer来说,这些客户端都是一个"Client"。这个在你的客户端都具有相同的权限范围,或者说要求完全一样的时候,可以简化为这样。

public static IEnumerable GetClients()
{
    return new List
    {
        new Client
        {
            ClientId = "client",

            AllowedGrantTypes = GrantTypes.ClientCredentials,

            // 用于验证的secret
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // 允许的范围
            AllowedScopes = { "api1" }
        }
    };
}

4.配置IdentityServer

在services里面添加IdentityServer,并且将Api资源和Client集合放入内存,交给IdentityServer

public void ConfigureServices(IServiceCollection services)
{
    //配置IdentityServer,包括把Api资源,Client集合,密钥保存在内存
    services.AddIdentityServer()
        //设置临时签名凭据
        .AddDeveloperSigningCredential()
        //从Config类里面读取刚刚定义的Api资源
        .AddInMemoryApiResources(Config.GetApiResources())
        //从Config类里面读取刚刚定义的Client集合
        .AddInMemoryClients(Config.GetClients());
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseIdentityServer();
}

5.在属性中将IdentityServer项目的端口号设置为5000

最简单的IdentityServer实现——IdentityServer_第4张图片
1

6.查看IdentityServer的相关信息

通过这个网址查看:http://localhost:5000/.well-known/openid-configuration

2

{
  "issuer": "http://localhost:5000",
  "jwks_uri": "http://localhost:5000/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "http://localhost:5000/connect/authorize",
  "token_endpoint": "http://localhost:5000/connect/token",
  "userinfo_endpoint": "http://localhost:5000/connect/userinfo",
  "end_session_endpoint": "http://localhost:5000/connect/endsession",
  "check_session_iframe": "http://localhost:5000/connect/checksession",
  "revocation_endpoint": "http://localhost:5000/connect/revocation",
  "introspection_endpoint": "http://localhost:5000/connect/introspect",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "api1",
    "offline_access"
  ],
  "claims_supported": [],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ]
}

你可能感兴趣的:(最简单的IdentityServer实现——IdentityServer)