在Startup.cs中注入IdentityServer服务并使用中间件,代码如下:
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //注入IdentityServer服务 services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryClients(ApiConfig.GetClients()) .AddInMemoryApiResources(ApiConfig.GetApiResources()); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } //添加认证中间件 app.UseIdentityServer(); app.UseMvc(); }用Postman测试并获取AccessToken吧!如下图所示,在Post请求中传入,认证类型,client_id以及client_secret即可获取AccessToken:
当传入错误的Client_id或者密码将出现下面的结果
至此IdentityServer服务已经简单地完成了!下面改造下我们的图片上传服务。
改造图片上传接口,加入授权认证
在图片上传api项目中添加IdentityServer nuget包,这里只需要加入AccessTokenValidation包即可,注意选择api项目:
Install-Package IdentityServer4.AccessTokenValidationappsettings.json中加入IdentityServerOptions,进行IdentityServer的一些配置
"IdentityServerOptions": { "ServerIP": "localhost", "ServerPort": 5001, "IdentityScheme": "Bearer", "ResourceName": "PictureApi" }
新建一个类用来匹配这个options,这样可以爽爽的使用:
/// <summary> /// yilezhu /// 2018.7.15 /// IdentityServer的配置选项 /// </summary> public class IdentityServerOptions { /// <summary> /// 授权服务器的Ip地址 /// </summary> public string ServerIP { get; set; } /// <summary> /// 授权服务器的端口号 /// </summary> public int ServerPort { get; set; } /// <summary> /// access_token的类型,获取access_token的时候返回参数中的token_type一致 /// </summary> public string IdentityScheme { get; set; } /// <summary> /// 资源名称,认证服务注册的资源列表名称一致, /// </summary> public string ResourceName { get; set; } }在Startup.cs中加入identityServer验证
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //注入Options OptionsConfigure(services); var identityServerOptions = new IdentityServerOptions(); Configuration.Bind("IdentityServerOptions", identityServerOptions); services.AddAuthentication(identityServerOptions.IdentityScheme) .AddIdentityServerAuthentication(options => { options.RequireHttpsMetadata = false; //是否启用https options.Authority = $"http://{identityServerOptions.ServerIP}:{identityServerOptions.ServerPort}";//配置授权认证的地址 options.ApiName = identityServerOptions.ResourceName; //资源名称,跟认证服务中注册的资源列表名称中的apiResource一致 } ); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAuthentication(); app.UseMvc(); } /// <summary> /// yilezhu /// 2018.7.10 /// 注册Options /// </summary> /// <param>服务容器</param> private void OptionsConfigure(IServiceCollection services) { //MongodbHost信息 services.Configure<MongodbHostOptions>(Configuration.GetSection("MongodbHost")); //图片选项 services.Configure<PictureOptions>(Configuration.GetSection("PictureOptions")); }
为需要说全访问的图片上传接口添加[Authorize]特性,当然要引用下命名空间:
using Microsoft.AspNetCore.Authorization; /// <summary> /// 接口上传图片方法 /// </summary> /// <param>文件传输对象,传过来的json数据</param> /// <returns>上传结果</returns> [HttpPost] [Authorize] public async Task<UploadResult> Post([FromBody] FileDtos fileDtos) { ………… }
把授权服务以及图片上传接口同时启动下,然后Postman再次进行下图片上传的测试: