我有两个应用程序“App1”和“App2”,我为单点登录配置了IdentityServer。我添加了三个用户“User1”,“User2”和“User3”。
“ User1 ”有权登录应用程序“ App1 ”(读取权限)(或者)如何在其他方面实现基于权限的访问...
“ User2 ”有权登录应用程序“ App2 ”(阅读权限)
“ User1 ”有权登录 应用程序“ App1 ”和“ App2 ”(阅读和写权限)
范围配置:
范围#1 :
new Scope
{
Name = "App1",
DisplayName = "API 1",
Description = "API 1 features and data",
Type = ScopeType.Resource
}
范围#2 :
new Scope
{
Name = "App2",
DisplayName = "API 2",
Description = "API 2 features and data",
Type = ScopeType.Resource
}
客户端配置:
客户端应用#1 :
new Client
{
ClientName = "Application #1",
ClientId = "OneClient",
ClientSecrets = new List<Secret>
{
new Secret("madeupsecretApp1".Sha256())
},
AllowedScopes = new List<string>
{
"App1"
}
}
客户端应用#2 :
new Client
{
ClientName = "Application #2",
ClientId = "TwoClient",
ClientSecrets = new List<Secret>
{
new Secret("madeupsecretApp2".Sha256())
},
AllowedScopes = new List<string>
{
"App2"
}
}
用户配置:
用户#1 :
new InMemoryUser
{
Subject = "1",
Username = "User1",
Password = "User1",
Claims = new Claim[]
{
new Claim("Role", "App1")
}
}
用户#2 :
new InMemoryUser
{
Subject = "2",
Username = "User2",
Password = "User2",
Claims = new Claim[]
{
new Claim("Role", "App2")
}
}
用户#3 :
new InMemoryUser
{
Subject = "3",
Username = "User3",
Password = "User3",
Claims = new Claim[]
{
new Claim("Role", "App1"),
new Claim("Role", "App2")
}
}
我想我在用户配置或客户端配置中遗漏了一些内容。请帮助我如何实现这一目标。