ttu*_*tes 4 asp.net-identity identityserver4 asp.net-core-2.0
使用带有隐式流/授权类型的Identity Server 4,.NetCore2.0和MS Identity;
我不清楚以下的责任,因为每个具体涉及验证/授权持票人令牌.
我有以下启动:
public void ConfigureServices(IServiceCollection services) {
...
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = GetAuthentication().ApiURL;
options.RequireHttpsMetadata = false;
options.ApiName = "afapps";
});
// Below needed to inject UserManager<ApplicationUser> userManager
// elsewhere in app as this happens to be the authORization server
// as opposed to authENtication server.
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();
}
public void Configure(IApplicationBuilder app) {
app.UseAuthentication();
app.UseMvc();
}
如果我services.AddIdentity<ApplicationUser, IdentityRole>()...在启动时省略.在控制器我可以成功地使用[授权]和我的其他自定义ActionFilters显示HttpContext.User.Identity.IsAuthenticated的== true.
但是,添加后services.AddIdentity<ApplicationUser, IdentityRole>()...才能启用Identity的使用UserManager<ApplicationUser>; 我现在必须另外添加[Authorize(AuthenticationSchemes = "Bearer")]到每个控制器..
有没有办法结合或安排services.AddAuthentication(),services.AddIdentity()所以我没有必须指定[Authorize(AuthenticationSchemes = "Bearer")]?
使用后面的AddAuthentication(Action<AuthenticationOptions> configureOptions)覆盖来手动设置选项,如下所示: AddIdentity()
services.AddAuthentication(options =>
{
options.DefaultScheme = "Bearer";
options.DefaultAuthenticateScheme = "Bearer";
options.DefaultChallengeScheme = "Bearer";
options.DefaultSignInScheme = "Bearer";
});
您必须这样做,因为字符串覆盖仅设置DefaultScheme,而AddIdentity() 设置更具体的选项.DefaultScheme根据文档,它仅用作所有其他的后备.
| 归档时间: |
|
| 查看次数: |
872 次 |
| 最近记录: |