Asp.net core IdentityServer4 w/AsNetIdentity和注册API方法
我已经设置了IdentityServer4、一个受保护的API(核心)项目和各种客户端。匿名访问的客户端页面使用资源所有者流访问API,用户凭据从需要登录的客户端页面使用。这一切都在起作用。我的问题是现在我想添加受保护的注册API方法 新的注册方法要求API项目使用AsNetIdentity。具体来说,他们使用Identity的UserManager对象,除非我将此代码添加到Startup.ConfigureServices中,否则无法实例化该对象Asp.net core IdentityServer4 w/AsNetIdentity和注册API方法,asp.net-core,asp.net-identity,identityserver4,Asp.net Core,Asp.net Identity,Identityserver4,我已经设置了IdentityServer4、一个受保护的API(核心)项目和各种客户端。匿名访问的客户端页面使用资源所有者流访问API,用户凭据从需要登录的客户端页面使用。这一切都在起作用。我的问题是现在我想添加受保护的注册API方法 新的注册方法要求API项目使用AsNetIdentity。具体来说,他们使用Identity的UserManager对象,除非我将此代码添加到Startup.ConfigureServices中,否则无法实例化该对象 services.AddIdentity<
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
以下是我的ConfigureServices方法:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
//// ADDING THIS CAUSES API requests to send back the login screen
//services.AddIdentity<ApplicationUser, IdentityRole>()
// .AddEntityFrameworkStores<ApplicationDbContext>()
// .AddDefaultTokenProviders();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
}
…这略有不同,因为它不再引用我的控制器
解决了强>
以下是有效的方法
IdentityBuilder builder = services.AddIdentityCore<ApplicationUser>(options => { });
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<ApplicationDbContext>();
IdentityBuilder builder=services.AddIdentityCore(选项=>{});
builder=newidentitybuilder(builder.UserType,typeof(IdentityRole),builder.Services);
builder.AddEntityFrameworkStores();
谢谢你,柯克,为我指明了正确的方向 为了让其他人受益,下面是我的API项目的整个ConfigureServices方法,它可以管理用户,但仍然可以根据IdentityServer进行身份验证:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(o => o.AddPolicy("MyPolicy", bld =>
{
bld.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
// *** The Fix ***
IdentityBuilder builder = services.AddIdentityCore<ApplicationUser>(options => { });
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<ApplicationDbContext>();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
}
public void配置服务(IServiceCollection服务)
{
services.Configure(Configuration.GetSection(“AppSettings”);
services.AddDbContext(选项=>
options.UseSqlServer(Configuration.GetConnectionString(“DefaultConnection”));
服务。添加身份验证(“承载人”)
.AddIdentityServerAuthentication(选项=>
{
选项。权限=”http://localhost:5000";
options.RequireHttpsMetadata=false;
options.ApiName=“api1”;
});
services.AddCors(o=>o.AddPolicy(“MyPolicy”,bld=>
{
bld.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
//***修复程序***
IdentityBuilder builder=services.AddIdentityCore(选项=>{});
builder=newidentitybuilder(builder.UserType,typeof(IdentityRole),builder.Services);
builder.AddEntityFrameworkStores();
//添加应用程序服务。
services.AddTransient();
services.AddMvc();
}
请稍候,您是否正在尝试将ASP.NET Identity Core添加到资源应用程序(WebApi项目)中?如果您希望IdSrv4使用ASP.NET Core Identity infrastructure进行身份验证,则应将ASP.NET Identity放在同样承载Identity Server 4的应用程序上。文档说明了如何将Identity Core实现到IdSrv4@Tseng:我们不希望API与IdentityServer位于同一项目中,不需要。我们希望它们放在单独的API站点中,但受IdentityServer保护。@Tseng:我们的IdentityServer在AsNetIdentity上已经可以正常工作了。谢谢您的回复。但是为什么要在api项目中注册services.AddIdentity()
??Asp.NET核心身份就是全部(每个应用程序用户)。也许你只是在寻找cookie身份验证?
IdentityBuilder builder = services.AddIdentityCore<ApplicationUser>(options => { });
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<ApplicationDbContext>();
public void ConfigureServices(IServiceCollection services)
{
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(o => o.AddPolicy("MyPolicy", bld =>
{
bld.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
// *** The Fix ***
IdentityBuilder builder = services.AddIdentityCore<ApplicationUser>(options => { });
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<ApplicationDbContext>();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
}