使用 ASP.NET5 实现 OAuth 2.0 + openID 令牌
Implementing OAuth 2.0 + openID token with ASP.NET5
我有以下代码,当我 运行 项目时似乎没有做任何事情。
我希望浏览器重定向到 http://localhost:5000 请求“代码”授权流程。
相反,我只看到“Hello World”。
这是我的 startup.cs 文件:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace OAuthService
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "cookie";
options.DefaultSignInScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false; // dev only
options.ClientId = "pkce_client";
options.ClientSecret = "acf2ec6fb01a4b698ba240c2b10a0243";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ResponseMode = "form_post";
options.CallbackPath = "/OAuthService/GetResponse";
options.UsePkce = true;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World!");
});
});
}
}
}
需要有人告诉认证模块用户必须登录。您要么使用
触发
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/login", async context =>
{
var claims = new Claim[]
{
//Standard claims
new Claim(ClaimTypes.Name, "Joe Svensson"),
new Claim(ClaimTypes.Country, "Sweden"),
new Claim(ClaimTypes.Email, "joe@edument.se"),
//Custom claims
new Claim("JobTitle", "Developer"),
new Claim("JobLevel", "Senior"),
};
ClaimsIdentity identity = new ClaimsIdentity(claims: claims,
authenticationType: CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal user = new ClaimsPrincipal(identity: identity);
var authProperties = new AuthenticationProperties
{
IsPersistent = true
};
//Sign-in the user
await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authProperties);
await context.Response.WriteAsync("<!DOCTYPE html><body>");
await context.Response.WriteAsync("<h1>Logged in!</h1>");
});
....
或者您使用
添加授权处理程序中间件
app.UseAuthorization();
并正确配置它:
.AddAuthorization(options =>
{
...
})
我有以下代码,当我 运行 项目时似乎没有做任何事情。 我希望浏览器重定向到 http://localhost:5000 请求“代码”授权流程。 相反,我只看到“Hello World”。
这是我的 startup.cs 文件:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace OAuthService
{
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "cookie";
options.DefaultSignInScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false; // dev only
options.ClientId = "pkce_client";
options.ClientSecret = "acf2ec6fb01a4b698ba240c2b10a0243";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ResponseMode = "form_post";
options.CallbackPath = "/OAuthService/GetResponse";
options.UsePkce = true;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/", async context =>
{
await context.Response.WriteAsync("Hello World!");
});
});
}
}
}
需要有人告诉认证模块用户必须登录。您要么使用
触发 app.UseEndpoints(endpoints =>
{
endpoints.MapGet("/login", async context =>
{
var claims = new Claim[]
{
//Standard claims
new Claim(ClaimTypes.Name, "Joe Svensson"),
new Claim(ClaimTypes.Country, "Sweden"),
new Claim(ClaimTypes.Email, "joe@edument.se"),
//Custom claims
new Claim("JobTitle", "Developer"),
new Claim("JobLevel", "Senior"),
};
ClaimsIdentity identity = new ClaimsIdentity(claims: claims,
authenticationType: CookieAuthenticationDefaults.AuthenticationScheme);
ClaimsPrincipal user = new ClaimsPrincipal(identity: identity);
var authProperties = new AuthenticationProperties
{
IsPersistent = true
};
//Sign-in the user
await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authProperties);
await context.Response.WriteAsync("<!DOCTYPE html><body>");
await context.Response.WriteAsync("<h1>Logged in!</h1>");
});
....
或者您使用
添加授权处理程序中间件 app.UseAuthorization();
并正确配置它:
.AddAuthorization(options =>
{
...
})