Edition 0 Updated to asp. Net core 0
true ; options. GetClaimsFromUserInfoEndpoint = true
Yüklə 11,82 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Issue security tokens from an ASP.NET Core service
|
true
; options. GetClaimsFromUserInfoEndpoint = true ; options. RequireHttpsMetadata = false ; options. Scope . Add ( "openid" ); options. Scope . Add ( "profile" ); options. Scope . Add ( "orders" ); options. Scope . Add ( "basket" ); options. Scope . Add ( "marketing" ); options. Scope . Add ( "locations" ); options. Scope . Add ( "webshoppingagg" ); options. Scope . Add ( "orders.signalrhub" ); }); // Build the app //… app. UseAuthentication (); //… app. UseEndpoints (endpoints => { //... }); When you use this workflow, the ASP.NET Core Identity middleware is not needed, because all user information storage and authentication is handled by the Identity service. 326 CHAPTER 8 | Make secure .NET Microservices and Web Applications Issue security tokens from an ASP.NET Core service If you prefer to issue security tokens for local ASP.NET Core Identity users rather than using an external identity provider, you can take advantage of some good third-party libraries. IdentityServer4 and OpenIddict are OpenID Connect providers that integrate easily with ASP.NET Core Identity to let you issue security tokens from an ASP.NET Core service. The IdentityServer4 documentation has in-depth instructions for using the library. However, the basic steps to using IdentityServer4 to issue tokens are as follows. 1. You configure IdentityServer4 in Program.cs by making a call to builder.Services.AddIdentityServer. 2. You call app.UseIdentityServer in Program.cs to add IdentityServer4 to the application’s HTTP request processing pipeline. This lets the library serve requests to OpenID Connect and OAuth2 endpoints like /connect/token. 3. You configure identity server by setting the following data: – The credentials to use for signing. – The Identity and API resources that users might request access to: • API resources represent protected data or functionality that a user can access with an access token. An example of an API resource would be a web API (or set of APIs) that requires authorization. • Identity resources represent information (claims) that are given to a client to identify a user. The claims might include the user name, email address, and so on. – The clients that will be connecting in order to request tokens. – The storage mechanism for user information, such as ASP.NET Core Identity or an alternative. When you specify clients and resources for IdentityServer4 to use, you can pass an IEnumerable collection of the appropriate type to methods that take in-memory client or resource stores. Or for more complex scenarios, you can provide client or resource provider types via Dependency Injection. A sample configuration for IdentityServer4 to use in-memory resources and clients provided by a custom IClientStore type might look like the following example: // Program.cs builder. Services . AddSingleton builder. Services . AddIdentityServer () . AddSigningCredential ( "CN=sts" ) . AddInMemoryApiResources (MyApiResourceProvider. GetAllResources ()) . AddAspNetIdentity //... 327 CHAPTER 8 | Make secure .NET Microservices and Web Applications Yüklə 11,82 Mb. Dostları ilə paylaş:
|