我需要使用Identity Server 4和Asp.net Core实现以下功能 .
-
我在同一个应用程序中使用ASP.Net Core MVC的网页和Web API
-
我需要使用Identity Server 4对所有控制器进行身份验证
-
对于返回网页的控制器,未经身份验证的用户应将响应重定向到登录页面,而API控制器应返回401未经授权的错误
-
我有oidc用于网页身份验证,而身份服务器承载身份验证用于API
我能够实现上述功能,但我无法刷新令牌(即滑动到期) . 此外,我的oidc身份验证和承载身份验证不同步,即我可以注销oidc而不是承载身份验证(这是预期的),但我如何同步这两种身份验证方案?总而言之,我需要在下面实现
-
如何在我的场景中启用滑动到期?
-
如何同步两种身份验证方案?
以下是我的代码的样子,在身份服务器上,客户端设置
new Client
{
ClientId = "myClientId",
ClientName = "myClientName",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = true,
ClientSecrets =
{
new Secret(“Secret Key”)
},
RedirectUris = { "http://localhost/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"ClientScopeName",
},
AllowOfflineAccess = true,
}
List<Scope> icollection = new List<Scope>();
icollection.Add(new Scope()
{
Description = "Test",
DisplayName = "Display name",
Name = " ClientScopeName ",
ShowInDiscoveryDocument = true
});
return new List<ApiResource>
{
//new ApiResource("api1", "My API")
new ApiResource
{
DisplayName = "Display name",
Name = " ClientScopeName ",
Enabled = true,
Description = "Test",
Scopes = icollection
}
};
在startup.cs中的客户端应用程序上
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "http://localhost";
options.RequireHttpsMetadata = false;
options.ClientId = "myClientId";
options.ClientSecret = "clientSecret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("ClientScopeName");
options.UseTokenLifetime = true;
})
.AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Authority = "http://localhost/";//"base_address_of_identityserver";
options.ApiName = " ClientApiScopeName ";// "name_of_api";
options.RequireHttpsMetadata = false;
options.SaveToken = false;
});