.net 3.1使用IdentityServer4,token获取成功,访问接口一直401错误
0
[已关闭问题]
关闭于 2021-12-03 15:57
IdentityServer4
Config
public static class Config
{
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public static IEnumerable<ApiResource> GetApis()
{
List<ApiResource> apiResources = new List<ApiResource>();
string name = "test";
string displayname = "test";
ApiResource apiResource = new ApiResource(name, displayname);
//List<Secret> secrets = new List<Secret>();
//Secret secret1 = new Secret(EncryptionHelper.Decode("").Sha256());
//secrets.Add(secret1);
//apiResource.ApiSecrets = secrets;
apiResources.Add(apiResource);
return apiResources;
}
public static IEnumerable<Client> GetClients()
{
List<Client> clients = new List<Client>();
//string clientid = JsonHelper.GetParameter(ParameterPath.AuthCorpID);
//string secret = JsonHelper.GetParameter(ParameterPath.AuthCorpSecret);
//string clientname = JsonHelper.GetParameter(ParameterPath.AuthCorpName);
//string name = JsonHelper.GetParameter(ParameterPath.AuthApiReSource);
string clientid = "test";
string secret = "test";
string clientname = "test";
string name = "test";
Client client = new Client
{
ClientId = clientid,//客户端唯一标识
ClientName = clientname,//描述
AccessTokenLifetime = 7200,//设置AccessToken过期时间
};
List<string> scopes = new List<string>();
scopes.Add(name);//可访问资源名称
client.SlidingRefreshTokenLifetime = 7200;
client.AbsoluteRefreshTokenLifetime = 2592000;
client.RefreshTokenExpiration = TokenExpiration.Sliding;
client.UpdateAccessTokenClaimsOnRefresh = true;
client.AllowOfflineAccess = true;
client.RefreshTokenUsage = TokenUsage.ReUse;
client.AllowedGrantTypes = GrantTypes.ResourceOwnerPassword;
scopes.Add(StandardScopes.OfflineAccess);
scopes.Add(StandardScopes.OpenId);
scopes.Add(StandardScopes.Profile);
List<Secret> secrets = new List<Secret>();
Secret secret1 = new Secret(secret.Sha256());//客户端机密—仅与需要机密的流相关
secrets.Add(secret1);
client.ClientSecrets = secrets;
client.AllowedScopes = scopes;
clients.Add(client);
return clients;
}
}
Startup
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews().SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_3_0);
// 配置cookie策略
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
});
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddResourceOwnerValidator<LoginValidator>()//用户校验
.AddProfileService<ProfileService>();//获取用户信息
//.AddTestUsers(TestUsers.Users);
builder.Services.AddTransient<IProfileService, ProfileService>();
builder.AddDeveloperSigningCredential();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCookiePolicy();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
//使用IdentityServer中间件,必须放到 UseRouting 与 UseEndpoints 之间。
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
}
API
Startup
/// <summary>
///
/// </summary>
public class Startup
{
/// <summary>
///
/// </summary>
/// <param name="configuration"></param>
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
/// <summary>
///
/// </summary>
public IConfiguration Configuration { get; }
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers().AddNewtonsoftJson();
//注入同步
//services.AddHostedService<SyncService>();
//用户校验
//services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
// .AddIdentityServerAuthentication(options =>
// {
// options.Authority = JsonHelper.GetParameter(ParameterPath.AuthApiUrl); // IdentityServer服务器地址
// options.ApiName = JsonHelper.GetParameter(ParameterPath.AuthApiReSource); // 用于针对进行身份验证的API资源的名称
// //options.ApiSecret = ""; //对应ApiResources中的密钥
// options.RequireHttpsMetadata = false; // 指定是否为HTTPS
// });
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://127.0.0.1:5001"; // IdentityServer服务器地址
options.ApiName = "test"; // 用于针对进行身份验证的API资源的名称
options.RequireHttpsMetadata = false; // 指定是否为HTTPS
});
// services.AddAuthentication("Bearer")
//.AddJwtBearer("Bearer", options =>
//{
// options.Authority = "http://127.0.0.1:5001";
// options.RequireHttpsMetadata = false;
// options.Audience = "space";
//});
#region 配置Swagger
services.AddSwaggerGen(c =>
{
#region 顶部基础信息
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "WebAPI"
});
#endregion
#region 添加读取注释服务
//添加对控制器的标签(描述)通过对SwaggerDocTag添加备注
//c.DocumentFilter<SwaggerDocTag>();
//var basePath = AppDomain.CurrentDomain.BaseDirectory;
var basePath = AppContext.BaseDirectory;
var apiXmlPath = Path.Combine(basePath, "Tencent.Api.xml");
if (System.IO.File.Exists(apiXmlPath))
c.IncludeXmlComments(apiXmlPath, true);//控制器层注释(true表示显示控制器注释)
var entityXmlPath = Path.Combine(basePath, "Tencent.Model.xml");
if (System.IO.File.Exists(entityXmlPath))
c.IncludeXmlComments(entityXmlPath);//实体类注释
#endregion
});
#endregion
services.AddMvc(option =>
{
option.Filters.Add(new APIResultFilter());
}).SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
#region 跨域
services.AddCors(options =>
{
options.AddPolicy("AllowSameDomain", builder =>
{
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
//builder.WithMethods("GET", "POST", "HEAD", "PUT", "DELETE", "OPTIONS")
////.AllowCredentials()//指定处理cookie
//.AllowAnyOrigin(); //允许任何来源的主机访问
});
});
#endregion
}
/// <summary>
/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseRouting();
//跨域
app.UseCors("AllowSameDomain");
//使用静态文件
app.UseStaticFiles();
app.UseHttpsRedirection();
//请求错误提示配置
app.UseErrorHandling();
//认证
app.UseAuthentication();
//授权
app.UseAuthorization();
#region 解决Ubuntu Nginx 代理不能获取IP问题
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
#endregion
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireCors("AllowSameDomain");
});
#region Swagger
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "ApiHelp V1");
});
#endregion
}
}
SpaceController
/// <summary>
/// 空间
/// </summary>
[Route("api/space/[action]")]
[EnableCors("AllowSameDomain")]
[ApiController]
[Authorize]
public class SpaceController : ControllerBase
{
/// <summary>
///
/// </summary>
/// <returns></returns>
[HttpGet]
public IActionResult judge()
{
return Ok("123");
}
}
