Question

我有一个.net核心Web API，它跟随IS4的this example。只要IS4服务只是作为令牌提供者，它一切正常。我也希望将服务用作消费者，因为在服务本身中暴露了一些端点，如：

[Route("[controller]")]
public class ValuesController : ControllerBase
{
    [HttpGet("authorised"), Authorize]
    public IActionResult Authorised()
    {
        return new JsonResult("hello world");
    }

    [HttpGet("unauthorised")]
    public IActionResult Unauthorised()
    {
        return new JsonResult("unauth hello world");
    }
}

unauthorised来电完美无缺，但authorised来电根本不起作用。甚至更奇怪的是Postman返回404 Not Found。

IS4逻辑（Startup.cs）如下所示：

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvcCore()
            .AddAuthorization()
            .AddJsonFormatters();

        services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;

                options.ApiName = "api1";
                options.ApiSecret = "secret";
            });

        // configure identity server with in-memory stores, keys, clients and scopes
        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        //app.UseAuthentication();
        app.UseIdentityServer(); // does .UseAuthentication inside
        app.UseMvc();
    }
}

奇怪的是，这在以前使用.net核心1.1构建的IS4样本中运行良好。任何帮助将不胜感激。

Answer 1

这应该适合你。

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvcCore()
            .AddAuthorization()
            .AddJsonFormatters();

        // Use default auth scheme (cookies)
        services.AddAuthentication(options => {
                 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddIdentityServerAuthentication("Bearer", options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;

                options.ApiName = "api1";
                options.ApiSecret = "secret";
            });

            services.AddAuthorization(options =>
            {                
                options.AddPolicy("ApiPolicy", policy =>
                {
                   policy.AddAuthenticationSchemes("Bearer");
                   policy.RequireAuthenticatedUser();
                });
            });

        // configure identity server with in-memory stores, keys, clients and scopes
        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        //app.UseAuthentication();
        app.UseIdentityServer(); // does .UseAuthentication inside
        app.UseMvc();
    }
}

现在在其中一个控制器中，使用控制器方法上的[Authorize("ApiPolicy")]属性或控制器本身。

IS4 webapi服务器作为消费者和提供者

1 个答案: