Edition 0 Updated to asp. Net core 0
Authenticate with bearer tokens
Yüklə 11,82 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Authenticate with an OpenID Connect or OAuth 2.0 Identity provider
|
Authenticate with bearer tokens
Authenticating with ASP.NET Core Identity (or Identity plus external authentication providers) works well for many web application scenarios in which storing user information in a cookie is appropriate. In other scenarios, though, cookies are not a natural means of persisting and transmitting data. For example, in an ASP.NET Core Web API that exposes RESTful endpoints that might be accessed by Single Page Applications (SPAs), by native clients, or even by other Web APIs, you typically want to use bearer token authentication instead. These types of applications do not work with cookies, but can easily retrieve a bearer token and include it in the authorization header of subsequent requests. To enable token authentication, ASP.NET Core supports several options for using OAuth 2.0 and OpenID Connect . 325 CHAPTER 8 | Make secure .NET Microservices and Web Applications Authenticate with an OpenID Connect or OAuth 2.0 Identity provider If user information is stored in Azure Active Directory or another identity solution that supports OpenID Connect or OAuth 2.0, you can use the Microsoft.AspNetCore.Authentication.OpenIdConnect package to authenticate using the OpenID Connect workflow. For example, to authenticate to the Identity.Api microservice in eShopOnContainers, an ASP.NET Core web application can use middleware from that package as shown in the following simplified example in Program.cs : // Program.cs var identityUrl = builder. Configuration . GetValue < string >( "IdentityUrl" ); var callBackUrl = builder. Configuration . GetValue < string >( "CallBackUrl" ); var sessionCookieLifetime = builder. Configuration . GetValue ( "SessionCookieLifetimeMinutes" , 60 ); // Add Authentication services services. AddAuthentication (options => { options. DefaultScheme = CookieAuthenticationDefaults. AuthenticationScheme ; options. DefaultChallengeScheme = JwtBearerDefaults. AuthenticationScheme ; }) . AddCookie (setup => setup. ExpireTimeSpan = TimeSpan. FromMinutes (sessionCookieLifetime)) . AddOpenIdConnect (options => { options. SignInScheme = CookieAuthenticationDefaults. AuthenticationScheme ; options. Authority = identityUrl. ToString (); options. SignedOutRedirectUri = callBackUrl. ToString (); options. ClientId = useLoadTest ? "mvctest" : "mvc" ; options. ClientSecret = "secret" ; options. ResponseType = useLoadTest ? "code id_token token" : "code id_token" ; options. SaveTokens = Yüklə 11,82 Mb. Dostları ilə paylaş:
|