我很难建立一个项目,其中所有这些东西都很好地发挥作用。
- 水疗
- StaticFiles
Web API (MVC) - 大摇大摆(虚张声势)
- IdentityServer4
- IdentityServer4。AspNetIdentity
- IdentityServer4。EntityFramework 社会登录
我从IdentityServer4开始。示例Quickstart6_AspNetIdentity代码集成nuget后的nuget.
// spa
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseCors("any");
// api
app.Map(new PathString("/api"), map =>
{
map.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = PublicHostUri,
ScopeName = ScopeName,
ScopeSecret = "secret",
RequireHttpsMetadata = PublicHostUri.ToLower().StartsWith("https"),
SaveToken = true,
EnableCaching = true
});
map.UseMvc();
});
// sts
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentity();
app.UseIdentityServer();
// Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
AutomaticAuthenticate = false,
AutomaticChallenge = false
});
app.UseTwitterAuthentication(new TwitterOptions
{
ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI"
});
app.UseGoogleAuthentication(new GoogleOptions
{
AuthenticationScheme = "Google",
DisplayName = "Google",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ClientId = "434483408261-55tc8n0cs4ff1fe21ea8df2o443v2iuc.apps.googleusercontent.com",
ClientSecret = "3gcoTrEDPPJ0ukn_aYYT6PWo"
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
app.UseSwagger();
app.UseSwaggerUi();
我正在努力以这样一种方式隔离Web API部分,即承载AuthenticationScheme是/API管道中唯一活跃的身份验证。
现在所有添加的认证方案,如cookie, Google, Twitter, OIDC, Bearer都用于/api路由。
我错过了什么?为什么/api不仅使用UseIdentityServerAuthentication又名承载令牌方案?
更新:我已经在这里分享了概念代码的工作证明https://github.com/ChrisRichner/CoreWebApp.Quickstart
您不能使用Map
来分支应用程序,它只能用于指定的路径。尝试使用MapWhen
:
// api
app.MapWhen(context => context.Request.Path.Value.StartsWith("/api"), builder=>
{
builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = PublicHostUri,
ScopeName = ScopeName,
ScopeSecret = "secret",
RequireHttpsMetadata = PublicHostUri.ToLower().StartsWith("https"),
SaveToken = true,
EnableCaching = true
});
builder.UseMvc();
});