当前位置: 代码迷 >> 综合 >> ASP.NET Core分布式项目实战(oauth2 + oidc 实现 server部分)--学习笔记
  详细解决方案

ASP.NET Core分布式项目实战(oauth2 + oidc 实现 server部分)--学习笔记

热度:79   发布时间:2024-01-12 09:10:46.0

任务15:oauth2 + oidc 实现 server部分

基于之前快速入门的项目(MvcCookieAuthSample):

ASP.NET Core快速入门(第5章:认证与授权)--学习笔记

ASP.NET Core快速入门(第6章:ASP.NET Core MVC)--学习笔记

mvcCookieAuthSample2下载地址:
http://video.jessetalk.cn/course/5/material/217/download

把这个 MVC 注册登录的网站变成一个单点登录,现在它是自己登录自己使用,我们需要把它的登录信息返回给第三方

添加 identityserver4 引用

在 startup 中

using IdentityServer4;
按照之前的文章添加 Config.cs
using System.Collections;
using System.Collections.Generic;
using IdentityServer4.Models;
using IdentityServer4.Test;namespace mvcCookieAuthSample
{public class Config{public static IEnumerable<Client> GetClients(){return new List<Client>{new Client(){ClientId = "client",AllowedGrantTypes = GrantTypes.Implicit,// 隐式模式ClientSecrets ={new Secret("secret".Sha256())},AllowedScopes = {"api"},}};}public static IEnumerable<ApiResource> GetApiResource(){return new List<ApiResource>{new ApiResource("api", "My Api")};}public static IEnumerable<IdentityResource> GetIdentityResources(){return new List<IdentityResource>{new IdentityResources.OpenId(),new IdentityResources.Profile(),new IdentityResources.Email(),};}public static List<TestUser> GetTestUsers(){return new List<TestUser>{new TestUser{SubjectId = "1",Username = "mingsonzheng",Password = "123456"}};}}
}
startup 的 ConfigureServices
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{services.AddIdentityServer().AddDeveloperSigningCredential().AddInMemoryClients(Config.GetClients()).AddInMemoryApiResources(Config.GetApiResource()).AddInMemoryIdentityResources(Config.GetIdentityResources()).AddTestUsers(Config.GetTestUsers());//services.AddDbContext<ApplicationDbContext>(options =>//{//    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));//});//services.AddIdentity<ApplicationUser, ApplicationUserRole>()//    .AddEntityFrameworkStores<ApplicationDbContext>()//    .AddDefaultTokenProviders();//services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)//    .AddCookie(options => {//        options.LoginPath = "/Account/Login";//    });//services.Configure<IdentityOptions>(options =>//{//    options.Password.RequireLowercase = true;//    options.Password.RequireNonAlphanumeric = true;//    options.Password.RequireUppercase = true;//    options.Password.RequiredLength = 12;//});services.AddMvc();
}
startup 的 Configure 中 UseIdentityServer
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{if (env.IsDevelopment()){app.UseDeveloperExceptionPage();}else{app.UseExceptionHandler("/Home/Error");}app.UseStaticFiles();//app.UseAuthentication();app.UseIdentityServer();app.UseMvc(routes =>{routes.MapRoute(name: "default",template: "{controller=Home}/{action=Index}/{id?}");});
}

我们已经把 IdentityServer4 添加到 MVC 程序中,接着需要在 Controller 中实现这个逻辑

首先注释 AccountController 原先的登录逻辑

//private UserManager<ApplicationUser> _userManager;
//private SignInManager<ApplicationUser> _signInManager;

Logout 中使用 HttpContext.SignOutAsync 替换

public async Task<IActionResult> Logout()
{//await _signInManager.SignOutAsync();await HttpContext.SignOutAsync();return RedirectToAction("Index", "Home");
}

接着改造登录的逻辑,我们需要验证用户名和密码,前面我们在 Config 中添加了 TestUser,它被放在 TestUserStore 中,可以通过依赖注入引用进来,有了它之后就可以在登录的时候拿到用户名和密码

private readonly TestUserStore _users;public AccountController(TestUserStore users)
{_users = users;
}

因为 TestUser 本身不提供 Email 登录,所以我们需要修改 LoginViewModel 以及 Login.cshtml

LoginViewModel

[Required]
//[DataType(DataType.EmailAddress)]
//public string Email { get; set; }
public string UserName { get; set; }

Login.cshtml

<div class="form-group"><label asp-for="UserName"></label><input asp-for="UserName" class="form-control" /><span asp-validation-for="UserName" class="text-danger"></span>
</div>

改造登录的逻辑

public async Task<IActionResult> Login(LoginViewModel loginViewModel,string returnUrl)
{if (ModelState.IsValid){//ViewData["ReturnUrl"] = returnUrl;//var user = await _userManager.FindByEmailAsync(loginViewModel.Email);//if (user == null)//{//    ModelState.AddModelError(nameof(loginViewModel.Email), "Email not exists");//}//else//{//    await _signInManager.SignInAsync(user, new AuthenticationProperties { IsPersistent = true });//    return RedirectToLoacl(returnUrl);//}ViewData["ReturnUrl"] = returnUrl;var user = _users.FindByUsername(loginViewModel.UserName);if (user == null){ModelState.AddModelError(nameof(loginViewModel.UserName), "UserName not exists");}else{if (_users.ValidateCredentials(loginViewModel.UserName, loginViewModel.Password)){var props = new AuthenticationProperties{IsPersistent = true,ExpiresUtc = DateTimeOffset.UtcNow.Add(TimeSpan.FromMinutes(30)),};await Microsoft.AspNetCore.Http.AuthenticationManagerExtensions.SignInAsync(HttpContext,user.SubjectId,user.Username,props);return RedirectToLoacl(returnUrl);}ModelState.AddModelError(nameof(loginViewModel.Password), "Wrong Password");}}return View();
}

这样,我们就实现了一个通过 IdentityServer4 下的方法来实现了一个登录逻辑,然后做了一个跳转,下一节再把客户端加进来

课程链接

http://video.jessetalk.cn/course/explore

相关文章

ASP.NET Core分布式项目实战(oauth2与open id connect 对比)--学习笔记

ASP.NET Core分布式项目实战(详解oauth2授权码流程)--学习笔记

ASP.NET Core分布式项目实战(oauth密码模式identity server4实现)--学习笔记

ASP.NET&nbsp;Core分布式项目实战(第三方ClientCredential模式调用)--学习笔记

ASP.NET Core分布式项目实战(客户端集成IdentityServer)--学习笔记

ASP.NET Core分布式项目实战(业务介绍,架构设计,oAuth2,IdentityServer4)--学习笔记

ASP.NET Core分布式项目实战(课程介绍,MVP,瀑布与敏捷)--学习笔记

ASP.NET Core快速入门 -- 学习笔记汇总


  相关解决方案