问题
I’m working in a project with Rest-API in the server by using asp.net core 3.1, angular as front for single page application. From each client, the user would need to supply their username and password in order to access protected parts of the web API. I would like to use the features of Identity Server to access the ASP.NET Core Identity UserManager, RoleManager, and SignInManagers to determine if the supplied username and password is valid.
I haven't ever been done this before and I tried to search about this on Internet but not much info I could find. I would like some help of which nuget packages to use, and how should I configure startup.
Thanks
回答1:
I haven't done this with Angular in particular (I use vue), but it's basically the same concept. A quick Google search turned up an Angular specific tutorial that might be worth looking through: https://fullstackmark.com/post/21/user-authentication-and-identity-with-angular-aspnet-core-and-identityserver. On the IS4 side, I would suggest starting with the Asp.Net Identity IS4 template (https://identityserver4.readthedocs.io/en/latest/quickstarts/6_aspnet_identity.html)
回答2:
There are three main types of clients. Official Document For Identity Clients Github link for the Official Identity Sample code
Defining a client for server to server communication
In this scenario no interactive user is present - a service (aka client) wants to communicate with an API (aka scope):
public class Clients
{
public static IEnumerable<Client> Get()
{
return new List<Client>
{
new Client
{
ClientId = "service.client",
ClientSecrets = { new Secret("secret".Sha256()) },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "api1", "api2.read_only" }
}
};
}
}
Defining browser-based JavaScript client (e.g. SPA) for user authentication and delegated access and API
This client uses the so-called implicit flow to request an identity and access token from JavaScript:
var jsClient = new Client
{
ClientId = "js",
ClientName = "JavaScript Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:7017/index.html" },
PostLogoutRedirectUris = { "http://localhost:7017/index.html" },
AllowedCorsOrigins = { "http://localhost:7017" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
}
};
Defining a server-side web application (e.g. MVC) for user authentication and delegated API access
Interactive server-side (or native desktop/mobile) applications use the hybrid flow. This flow gives you the best security because the access tokens are transmitted via back-channel calls only (and gives you access to refresh tokens):
var mvcClient = new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
ClientUri = "http://identityserver.io",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowOfflineAccess = true,
ClientSecrets = { new Secret("secret".Sha256()) },
RedirectUris = { "http://localhost:21402/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:21402/" },
FrontChannelLogoutUri = "http://localhost:21402/signout-oidc",
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1", "api2.read_only"
},
};
Defining clients in appsettings.json
The AddInMemoryClients
extensions method also supports adding clients from the ASP.NET Core configuration file. This allows you to define static clients directly from the appsettings.json file:
"IdentityServer": {
"IssuerUri": "urn:sso.company.com",
"Clients": [
{
"Enabled": true,
"ClientId": "local-dev",
"ClientName": "Local Development",
"ClientSecrets": [ { "Value": "<Insert Sha256 hash of the secret encoded as Base64 string>" } ],
"AllowedGrantTypes": [ "implicit" ],
"AllowedScopes": [ "openid", "profile" ],
"RedirectUris": [ "https://localhost:5001/signin-oidc" ],
"RequireConsent": false
}
]
}
Then pass the configuration section to the AddInMemoryClients
method:In Startup.cs
AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"))
Subcategories or detail clients list:
1. Client Credentials:
2. Resource Owner Client
3. JS OIDC Client
4. JS OAuth Client
5. MVC Hybrid Client
6. MVC Implicit Client
来源:https://stackoverflow.com/questions/60347813/is-there-a-way-to-use-identity-server-features-in-asp-net-core-3-1-rest-api