我正在尝试使用 asp.net 核心 3.1 应用程序中的客户端凭据流访问受保护的 API。
对于令牌管理,我正在使用IdentityModel.AspNetCore -1.0.0-rc.4.1.
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpClient<ApiService>(client =>
{
client.BaseAddress = new Uri("http://localhost:10811/");
})
.AddClientAccessTokenHandler();
services.AddAccessTokenManagement(options =>
{
options.Client.Clients.Add("auth", new ClientCredentialsTokenRequest
{
Address = "http://localhost:10811/token",
ClientId = "client1",
ClientSecret = "Supersecret"
});
});
}
在尝试访问受保护的 API 服务时,我总是收到 401。
API服务代码,
public class ApiService
{
public HttpClient HttpClient;
public ApiService(HttpClient client)
{
HttpClient = client;
}
public async Task<string> GetContactsAsync()
{
var response = await HttpClient.GetAsync("http://localhost:10811/test");
response.EnsureSuccessStatusCode();
return "Done";
}
}
我在这里打电话
public class MyCallService
{
private readonly IHttpClientFactory _clientFactory;
public MyCallService(IHttpClientFactory clientFactory)
{
if (clientFactory != null)
_clientFactory = clientFactory;
}
public void Call()
{
var client = _clientFactory.CreateClient();
var apiService= new ApiService(client);
await apiService.GetContactsAsync();
}
}
上面的代码设置是否有任何令牌,我在这里缺少什么?
在授权标头中放置持有者令牌的位置。
为了发送令牌与来自 httpclient 的任何请求,您需要在之前注入它,为此您需要在AddAccessTokenManagement下使用AddClientAccessTokenClient方法
services.AddClientAccessTokenClient("client", configureClient: client =>
{
client.BaseAddress = new Uri("http://localhost:10811/");
});
并且您需要指定要使用的配置名称以创建httpclient
_client = factory.CreateClient("client");
现在您可以简单地致电
var response = await HttpClient.GetAsync("test"); //no need to specify the full URL