我刚刚将我的dotnet核心webapi应用程序从 netcoreapp1.0 更新为 netcoreapp2.0 。我正在使用openiddict进行基于此sample的身份验证和授权。
ConfigureServices 方法:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
});
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(@"Server=SERVER1;Database=DB1;User Id=BLAHBLAH;Password=BLAHBLAHBLAH;");
options.UseOpenIddict();
});
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict(options =>
{
options.AddEntityFrameworkCoreStores<ApplicationDbContext>();
options.AddMvcBinders();
options.EnableTokenEndpoint("/connect/token");
options.AllowPasswordFlow();
options.DisableHttpsRequirement();
options.SetAccessTokenLifetime(TimeSpan.FromMinutes(5));
});
services.AddAuthentication()
.AddOAuthValidation();
}
配置 方法:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors(b => b.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
app.UseAuthentication();
app.UseMvc();
}
AuthorizationProvider 类:
public sealed class AuthorizationProvider : OpenIdConnectServerProvider
{
public AuthorizationProvider()
{
}
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (string.IsNullOrEmpty(context.Error))
{
var role = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Role).Value;
var userName = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Name).Value;
context.Response["role"] = role;
context.Response["userName"] = userName;
context.Response[".issued"] = DateTime.Now.ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
context.Response[".expires"] = DateTime.Now.AddHours(8).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
}
return;
}
}
以下代码无效:
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
它说'IApplicationBuilder'不包含'UseOpenIdConnectServer'的定义,并且没有可以找到接受类型'IApplicationBuilder'的第一个参数的扩展方法'UseOpenIdConnectServer'(你是否缺少using指令或程序集引用?)
我该如何解决?添加自定义提供程序的替代方法是什么?
答案 0 :(得分:2)
在Startup.cs中执行此操作的正确方法如下。 (pasting my sample code for your reference. You can re-factor based on your need)
它应该在ConfigureServices方法
services.AddAuthentication(options =>
{
options.DefaultScheme = "ServerCookie";
})
.AddCookie("ServerCookie", options =>
{
options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
})
.AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.ProviderType = typeof(AuthorizationProvider);
// Enable the authorization, logout, token and userinfo endpoints.
options.AuthorizationEndpointPath = "/connect/authorize";
options.LogoutEndpointPath = "/connect/logout";
options.TokenEndpointPath = new PathString("/Login");//"/connect/token";
options.UserinfoEndpointPath = "/connect/userinfo";
// Note: see AuthorizationController.cs for more
// information concerning ApplicationCanDisplayErrors.
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
// Note: to override the default access token format and use JWT, assign AccessTokenHandler:
//
// options.AccessTokenHandler = new JwtSecurityTokenHandler
// {
// InboundClaimTypeMap = new Dictionary<string, string>(),
// OutboundClaimTypeMap = new Dictionary<string, string>()
// };
//
// Note: when using JWT as the access token format, you have to register a signing key.
//
// You can register a new ephemeral key, that is discarded when the application shuts down.
// Tokens signed using this key are automatically invalidated and thus this method
// should only be used during development:
//
// options.SigningCredentials.AddEphemeralKey();
//
// On production, using a X.509 certificate stored in the machine store is recommended.
// You can generate a self-signed certificate using Pluralsight's self-cert utility:
// https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
//
// options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
//
// Alternatively, you can also store the certificate as an embedded .pfx resource
// directly in this assembly or in a file published alongside this project:
//
// options.SigningCredentials.AddCertificate(
// assembly: typeof(Startup).GetTypeInfo().Assembly,
// resource: "Mvc.Server.Certificate.pfx",
// password: "Owin.Security.OpenIdConnect.Server");
});
services.AddScoped<AuthorizationProvider>();
然后在你的配置方法
中app.UseAuthentication();
其中app为IApplicationBuilder
答案 1 :(得分:0)
ASP.NET Core 2.0有一个用于身份验证和身份的新模型,它通过使用服务简化了配置,以下是迁移指南
Migrating Authentication and Identity to ASP.NET Core 2.0
配置方法中的更改此
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
到此
app.UseAuthentication();
并在ConfigureServices中添加以下代码
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.Authority = Configuration["auth:oidc:authority"];
options.ClientId = Configuration["auth:oidc:clientid"];
});
答案 2 :(得分:0)
看这里
public void ConfigureServices(IServiceCollection services)
{
services.AddEntityFrameworkInMemoryDatabase()
.AddDbContext<ApplicationContext>(options =>
{
options.UseInMemoryDatabase(nameof(ApplicationContext));
});
services.AddAuthentication(options =>
{
options.DefaultScheme = "ServerCookie";
})
.AddCookie("ServerCookie", options =>
{
options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString("/signin");
options.LogoutPath = new PathString("/signout");
})
.AddGoogle(options =>
{
options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
})
.AddTwitter(options =>
{
options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
})
.AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.ProviderType = typeof(AuthorizationProvider);
// Enable the authorization, logout, token and userinfo endpoints.
options.AuthorizationEndpointPath = "/connect/authorize";
options.LogoutEndpointPath = "/connect/logout";
options.TokenEndpointPath = "/connect/token";
options.UserinfoEndpointPath = "/connect/userinfo";
// Note: see AuthorizationController.cs for more
// information concerning ApplicationCanDisplayErrors.
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
// Note: to override the default access token format and use JWT, assign AccessTokenHandler:
//
// options.AccessTokenHandler = new JwtSecurityTokenHandler
// {
// InboundClaimTypeMap = new Dictionary<string, string>(),
// OutboundClaimTypeMap = new Dictionary<string, string>()
// };
//
// Note: when using JWT as the access token format, you have to register a signing key.
//
// You can register a new ephemeral key, that is discarded when the application shuts down.
// Tokens signed using this key are automatically invalidated and thus this method
// should only be used during development:
//
// options.SigningCredentials.AddEphemeralKey();
//
// On production, using a X.509 certificate stored in the machine store is recommended.
// You can generate a self-signed certificate using Pluralsight's self-cert utility:
// https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
//
// options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
//
// Alternatively, you can also store the certificate as an embedded .pfx resource
// directly in this assembly or in a file published alongside this project:
//
// options.SigningCredentials.AddCertificate(
// assembly: typeof(Startup).GetTypeInfo().Assembly,
// resource: "Mvc.Server.Certificate.pfx",
// password: "Owin.Security.OpenIdConnect.Server");
});
services.AddScoped<AuthorizationProvider>();
services.AddMvc();
services.AddDistributedMemoryCache();
}