远程Identity Server并在单独的API上授权请求
我已经设置了Identity Server 3,并使用当前的API可以正常工作。 我现在的任务是设置另一个API。此API需要允许经过身份验证的用户访问原始API和新API。
所以我设置了一个新客户端:
private static void CreateJlpClient(DatabaseContext context)
{
var client = new Client
{
ClientId = "jlp",
ClientName = "New API client",
Flow = Flows.ResourceOwner,
Enabled = true,
AllowClientCredentialsOnly = false,
RequireConsent = false,
AllowRememberConsent = false,
LogoutSessionRequired = false,
RequireSignOutPrompt = false,
AllowAccessTokensViaBrowser = false,
AllowAccessToAllScopes = false,
AllowAccessToAllGrantTypes = false,
UpdateAccessTokenOnRefresh = false,
EnableLocalLogin = true,
IncludeJwtId = false,
AlwaysSendClientClaims = false,
PrefixClientClaims = false,
AccessTokenType = AccessTokenType.Reference,
IdentityTokenLifetime = 300,
AccessTokenLifetime = 3600,
AuthorizationCodeLifetime = 300,
AbsoluteRefreshTokenLifetime = 2592000,
SlidingRefreshTokenLifetime = 1296000,
AllowedScopes = new List<ClientScope>
{
new ClientScope {Scope = "cormarapi"}, // Original API
new ClientScope {Scope = "jlpapi"} // New API
},
ClientSecrets = new List<ClientSecret>
{
new ClientSecret
{
Value = "<omitted>".Sha256(),
Type = "SharedSecret"
}
}
};
context.Clients.Add(client);
context.SaveChanges();
}
和新的作用域:
private static void CreateJlpScope(DatabaseContext context)
{
var scope = new Scope
{
Enabled = true,
Name = "jlpapi",
DisplayName = "JLP API",
Description = "Allow access to new API",
Required = true,
Emphasize = true,
Type = (int)ScopeType.Resource,
IncludeAllClaimsForUser = false,
ShowInDiscoveryDocument = true,
AllowUnrestrictedIntrospection = true,
ScopeClaims = new List<ScopeClaim>
{
new ScopeClaim
{
Name = "role",
Description = "Role claim types",
AlwaysIncludeInIdToken = true
},
new ScopeClaim
{
Name = "name",
Description = "The name of the user",
AlwaysIncludeInIdToken = true
},
new ScopeClaim
{
Name = "password",
Description = "Contains the encrypted password for a user",
AlwaysIncludeInIdToken = true
},
new ScopeClaim
{
Name = "department",
Description = "The department the user belongs to",
AlwaysIncludeInIdToken = true
}
},
ScopeSecrets = new List<ScopeSecret>
{
new ScopeSecret
{
Value = "<omitted>".Sha256(),
Type = "SharedSecret"
}
}
};
context.Scopes.Add(scope);
context.SaveChanges();
}
我在旧的API上测试了客户端,并且能够验证和访问受保护的路由,但是当我尝试使用新的API时,它未能授权。 新API上的代码如下:
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
CultureInfo.DefaultThreadCurrentCulture = CultureInfo.CreateSpecificCulture("en-GB");
var config = new HttpConfiguration();
var assembly = Assembly.GetExecutingAssembly();
var container = app.ConfigureAutofac(config, assembly);
var scope = config.DependencyResolver.GetRootLifetimeScope();
var applicationConfig = scope.Resolve<IJlpConfig>();
SwaggerConfig.Register(config);
WebApiConfig.Register(config);
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.ConfigureIdentityServerTokenAuthentication(config, applicationConfig);
app.UseWebApi(config);
}
public static void ConfigureIdentityServerTokenAuthentication(this IAppBuilder app, HttpConfiguration config, IJlpConfig jlpConfig)
{
var authority = $"{jlpConfig.AuthorityEndpoint}/identity";
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = authority,
DelayLoadMetadata = true,
RequiredScopes = new[] { "jlpapi" },
ClientId = "jlpapi",
ClientSecret = "<omitted>"
});
AntiForgeryConfig.UniqueClaimTypeIdentifier = "sub"; //TODO: Do we really need the IdentityServer3 package to get a constant for this?
}
jlpConfig.AuthorityEndpoint指向我们的远程Identity Server。
有人知道我在做什么错吗?
我正在使用以下范围登录我的身份服务器:
0 个答案:
没有答案
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?