Edition 0 Updated to asp. Net core 0

Authenticate with bearer tokens

Yüklə 11,82 Mb.

Pdf görüntüsü

səhifə	276/288
tarix	12.07.2023
ölçüsü	11,82 Mb.
	#136458

1 ... 272 273 274 275 276 277 278 279 ... 288

NET-Microservices-Architecture-for-Containerized-NET-Applications

Authenticate with an OpenID Connect or OAuth 2.0 Identity provider

Authenticate with bearer tokens
Authenticating with ASP.NET Core Identity (or Identity plus external authentication providers) works
well for many web application scenarios in which storing user information in a cookie is appropriate.
In other scenarios, though, cookies are not a natural means of persisting and transmitting data.
For example, in an ASP.NET Core Web API that exposes RESTful endpoints that might be accessed by
Single Page Applications (SPAs), by native clients, or even by other Web APIs, you typically want to
use bearer token authentication instead. These types of applications do not work with cookies, but
can easily retrieve a bearer token and include it in the authorization header of subsequent requests.
To enable token authentication, ASP.NET Core supports several options for using
OAuth 2.0
and
OpenID Connect
.

325
CHAPTER 8 | Make secure .NET Microservices and Web Applications
Authenticate with an OpenID Connect or OAuth 2.0 Identity provider
If user information is stored in Azure Active Directory or another identity solution that supports
OpenID Connect or OAuth 2.0, you can use the
Microsoft.AspNetCore.Authentication.OpenIdConnect
package to authenticate using the OpenID
Connect workflow. For example, to authenticate to the Identity.Api microservice in
eShopOnContainers, an ASP.NET Core web application can use middleware from that package as
shown in the following simplified example in
Program.cs
:
// Program.cs
var
identityUrl = builder.
Configuration
.
GetValue
<
string
>(
"IdentityUrl"
);
var
callBackUrl = builder.
Configuration
.
GetValue
<
string
>(
"CallBackUrl"
);
var
sessionCookieLifetime = builder.
Configuration
.
GetValue
(
"SessionCookieLifetimeMinutes"
,
60
);
// Add Authentication services
services.
AddAuthentication
(options =>
{
options.
DefaultScheme
= CookieAuthenticationDefaults.
AuthenticationScheme
;
options.
DefaultChallengeScheme
= JwtBearerDefaults.
AuthenticationScheme
;
})
.
AddCookie
(setup => setup.
ExpireTimeSpan
= TimeSpan.
FromMinutes
(sessionCookieLifetime))
.
AddOpenIdConnect
(options =>
{
options.
SignInScheme
= CookieAuthenticationDefaults.
AuthenticationScheme
;
options.
Authority
= identityUrl.
ToString
();
options.
SignedOutRedirectUri
= callBackUrl.
ToString
();
options.
ClientId
= useLoadTest ?
"mvctest"
:
"mvc"
;
options.
ClientSecret
=
"secret"
;
options.
ResponseType
= useLoadTest ?
"code id_token token"
:
"code id_token"
;
options.
SaveTokens
=

Yüklə 11,82 Mb.

Dostları ilə paylaş:

1 ... 272 273 274 275 276 277 278 279 ... 288