目录:
BlazorWasmOIDC
ConsoleOIDC
BlazorOIDC.Server 项目
部署步骤跟平常blazor一样, 这里就不复述了, demo 部署后的域名是 ids2.app.es
改为以前文章配置的测试点 "applicationUrl": "https://localhost:5002;http://localhost:5003",
using BlazorWasmOIDC;
using Microsoft.AspNetCore.Components.Web;
using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add("#app");
builder.RootComponents.Add("head::after");
builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
var authority = "https://localhost:5001/";
var clientId = "Blazor5002";
var url2 = builder.HostEnvironment.BaseAddress;
//完整的配置
builder.Services.AddOidcAuthentication(options =>
{
options.ProviderOptions.Authority = authority;
options.ProviderOptions.ClientId = clientId;
options.ProviderOptions.ResponseType = "code";
options.ProviderOptions.RedirectUri = $"{url2}authentication/login-callback";
options.ProviderOptions.PostLogoutRedirectUri = $"{url2}authentication/logout-callback";
options.ProviderOptions.DefaultScopes.Add("BlazorWasmIdentity.ServerAPI");
options.UserOptions.RoleClaim = "role";
});
await builder.Build().RunAsync();
@page "/"
@using System.Diagnostics.CodeAnalysis
@using Microsoft.AspNetCore.Components
@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
Index
你好, @context.User.Identity?.Name
看起来你还没登录
先独立启动ssr工程 Blazor SSR/WASM IDS/OIDC 单点登录授权实例1-建立和配置IDS身份验证服务, 监听地址为 https://localhost:5001/
独立启动 BlazorWasmOIDC 工程, 监听地址为 https://localhost:5002/
登录测试
添加工程 ConsoleOIDC
Exe
net8.0
enable
enable
代码
using IdentityModel.Client;
using IdentityModel.OidcClient;
using Newtonsoft.Json.Linq;
using Serilog;
namespace ConsoleOIDC;
public class Program
{
static string authority = "https://localhost:5001/";
//static string authority = "https://ids2.app1.es/"; //真实环境
static string api = $"{authority}WeatherForecast";
static string clientId = "Blazor5002";
static OidcClient? _oidcClient;
static HttpClient _apiClient = new HttpClient { BaseAddress = new Uri(api) };
public static void Main(string[] args) => MainAsync().GetAwaiter().GetResult();
public static async Task MainAsync()
{
Console.WriteLine("+-----------------------+");
Console.WriteLine("| Sign in with OIDC |");
Console.WriteLine("+-----------------------+");
Console.WriteLine("");
await Login();
}
private static async Task Login()
{
// 使用环回地址上的可用端口创建重定向 URI。
// 要求 OP 允许 127.0.0.1 上的随机端口 - 否则设置静态端口
var browser = new SystemBrowser(5002);
var redirectUri = $"http://localhost:{browser.Port}/authentication/login-callback";
var redirectLogoutUri = $"http://localhost:{browser.Port}/authentication/logout-callback";
var options = new OidcClientOptions
{
Authority = authority,
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectLogoutUri,
Scope = "BlazorWasmIdentity.ServerAPI openid profile",
//Scope = "Blazor7.ServerAPI openid profile",
Browser = browser,
Policy = new Policy { RequireIdentityTokenSignature = false }
};
var serilog = new LoggerConfiguration()
.MinimumLevel.Error()
.Enrich.FromLogContext()
.WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message}{NewLine}{Exception}{NewLine}")
.CreateLogger();
options.LoggerFactory.AddSerilog(serilog);
_oidcClient = new OidcClient(options);
var result = await _oidcClient.LoginAsync(new LoginRequest());
ShowResult(result);
await CallApi(result.AccessToken);
await NextSteps(result);
}
private static void ShowResult(LoginResult result, bool showToken = false)
{
if (result.IsError)
{
Console.WriteLine("\n\nError:\n{0}", result.Error);
return;
}
Console.WriteLine("\n\nClaims:");
foreach (var claim in result.User.Claims)
{
Console.WriteLine("{0}: {1}", claim.Type, claim.Value);
}
if (showToken)
{
Console.WriteLine($"\nidentity token: {result.IdentityToken}");
Console.WriteLine($"access token: {result.AccessToken}");
Console.WriteLine($"refresh token: {result?.RefreshToken ?? "none"}");
}
}
private static async Task NextSteps(LoginResult result)
{
var currentAccessToken = result.AccessToken;
var currentRefreshToken = result.RefreshToken;
var menu = " x...exit c...call api ";
if (currentRefreshToken != null) menu += "r...refresh token ";
while (true)
{
Console.WriteLine("\n\n");
Console.Write(menu);
var key = Console.ReadKey();
if (key.Key == ConsoleKey.X) return;
if (key.Key == ConsoleKey.C) await CallApi(currentAccessToken);
if (key.Key == ConsoleKey.R)
{
var refreshResult = await _oidcClient.RefreshTokenAsync(currentRefreshToken);
if (refreshResult.IsError)
{
Console.WriteLine($"Error: {refreshResult.Error}");
}
else
{
currentRefreshToken = refreshResult.RefreshToken;
currentAccessToken = refreshResult.AccessToken;
Console.WriteLine("\n\n");
Console.WriteLine($"access token: {refreshResult.AccessToken}");
Console.WriteLine($"refresh token: {refreshResult?.RefreshToken ?? "none"}");
}
}
}
}
private static async Task CallApi(string currentAccessToken)
{
try
{
_apiClient.SetBearerToken(currentAccessToken);
var response = await _apiClient.GetAsync("");
if (response.IsSuccessStatusCode)
{
var str = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Response: {str}");
var json = JArray.Parse(await response.Content.ReadAsStringAsync());
Console.WriteLine("\n\n");
Console.WriteLine(json);
}
else
{
Console.WriteLine($"Error: {response.ReasonPhrase}");
}
}
catch (Exception e)
{
Console.WriteLine($"Error: {e.Message}");
}
}
}
添加 SystemBrowser.cs
using IdentityModel.OidcClient.Browser;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleOIDC;
public class SystemBrowser : IBrowser
{
public int Port { get; }
private readonly string _path;
public SystemBrowser(int? port = null, string path = null)
{
_path = path;
if (!port.HasValue)
{
Port = GetRandomUnusedPort();
}
else
{
Port = port.Value;
}
}
private int GetRandomUnusedPort()
{
var listener = new TcpListener(IPAddress.Loopback, 0);
listener.Start();
var port = ((IPEndPoint)listener.LocalEndpoint).Port;
listener.Stop();
return port;
}
public async Task InvokeAsync(BrowserOptions options, CancellationToken cancellationToken = default)
{
using (var listener = new LoopbackHttpListener(Port, _path))
{
OpenBrowser(options.StartUrl);
try
{
var result = await listener.WaitForCallbackAsync();
if (string.IsNullOrWhiteSpace(result))
{
return new BrowserResult { ResultType = BrowserResultType.UnknownError, Error = "Empty response." };
}
return new BrowserResult { Response = result, ResultType = BrowserResultType.Success };
}
catch (TaskCanceledException ex)
{
return new BrowserResult { ResultType = BrowserResultType.Timeout, Error = ex.Message };
}
catch (Exception ex)
{
return new BrowserResult { ResultType = BrowserResultType.UnknownError, Error = ex.Message };
}
}
}
public static void OpenBrowser(string url)
{
try
{
Process.Start(url);
}
catch
{
// hack because of this: https://github.com/dotnet/corefx/issues/10361
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
url = url.Replace("&", "^&");
Process.Start(new ProcessStartInfo("cmd", $"/c start {url}") { CreateNoWindow = true });
}
else if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
{
Process.Start("xdg-open", url);
}
else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
Process.Start("open", url);
}
else
{
throw;
}
}
}
}
public class LoopbackHttpListener : IDisposable
{
const int DefaultTimeout = 60 * 5; // 5 mins (in seconds)
IWebHost _host;
TaskCompletionSource _source = new TaskCompletionSource();
public string Url { get; }
public LoopbackHttpListener(int port, string path = null)
{
path = path ?? string.Empty;
if (path.StartsWith("/")) path = path.Substring(1);
Url = $"http://localhost:{port}/{path}";
_host = new WebHostBuilder()
.UseKestrel()
.UseUrls(Url)
.Configure(Configure)
.Build();
_host.Start();
}
public void Dispose()
{
Task.Run(async () =>
{
await Task.Delay(500);
_host.Dispose();
});
}
void Configure(IApplicationBuilder app)
{
app.Run(async ctx =>
{
if (ctx.Request.Method == "GET")
{
await SetResultAsync(ctx.Request.QueryString.Value, ctx);
}
else if (ctx.Request.Method == "POST")
{
if (!ctx.Request.ContentType.Equals("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase))
{
ctx.Response.StatusCode = 415;
}
else
{
using (var sr = new StreamReader(ctx.Request.Body, Encoding.UTF8))
{
var body = await sr.ReadToEndAsync();
await SetResultAsync(body, ctx);
}
}
}
else
{
ctx.Response.StatusCode = 405;
}
});
}
private async Task SetResultAsync(string value, HttpContext ctx)
{
try
{
ctx.Response.StatusCode = 200;
ctx.Response.ContentType = "text/html; charset=utf-8";
await ctx.Response.WriteAsync("您现在可以返回应用程序.
");
await ctx.Response.Body.FlushAsync();
_source.TrySetResult(value);
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
ctx.Response.StatusCode = 400;
ctx.Response.ContentType = "text/html; charset=utf-8";
await ctx.Response.WriteAsync("无效的请求.
");
await ctx.Response.Body.FlushAsync();
}
}
public Task WaitForCallbackAsync(int timeoutInSeconds = DefaultTimeout)
{
Task.Run(async () =>
{
await Task.Delay(timeoutInSeconds * 1000);
_source.TrySetCanceled();
});
return _source.Task;
}
}