Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to implement IdentityServer4 password mode in Ocelot gateway". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Overview

IdentityServer4 is for ASP.NET Core 2. Series of tailor-made certification framework based on OpenID Connect and OAuth 2.0. Deploying identityserver in your application has the following features to do centralized login logic and workflow control for your application (such as website, local application, mobile, service). IdentityServer fully implements the OpenID Connect protocol standard. Achieve single sign-on and logout on various types of applications. Issue access token tokens for a variety of clients, such as service-to-service communications, website applications, SPAS and local or mobile applications.

OAuth 2.0 defaults to four authorization modes (GrantType):

Authorization Code Mode (authorization_code)

Simplified Mode (implicit)

Password mode (password)

Client mode (client_credentials)

In general, when we visit api, most of the access interfaces are based on the account password. For example, the user on the app side.

Let's take a look at how to implement cryptographic mode (password).

The main ways of realization

1. In the certification project, create a ProfileService

Public class ProfileService: IProfileService {public async Task GetProfileDataAsync (ProfileDataRequestContext context) {var claims = context.Subject.Claims.ToList (); context.IssuedClaims = claims.ToList ();} public async Task IsActiveAsync (IsActiveContext context) {context.IsActive = true;}}

2. Create a ResourceOwnerPasswordValidator to verify the account password

Public class ResourceOwnerPasswordValidator: IResourceOwnerPasswordValidator {public async Task ValidateAsync (ResourceOwnerPasswordValidationContext context) {/ / check against the data of context.UserName and context.Password and the database Judge whether if is legal (context.UserName = = "conan" & & context.Password = = "123") {context.Result = new GrantValidationResult (subject: context.UserName, authenticationMethod:" custom ", claims: new Claim [] {new Claim (" Name ", context.UserName), new Claim (" UserId "," 111"), new Claim ("RealName") "conan"), new Claim ("Email", "373197550@qq.com")} } else {/ / Verification failed context.Result = new GrantValidationResult (TokenRequestErrors.InvalidGrant, "invalid custom credential");}

3. Adjust AllowedGrantTypes and AllowedScopes

Client.AllowedGrantTypes = GrantTypes.ResourceOwnerPassword; List aas = new List (); aas.AddRange (config.AllowedScopes); aas.Add (IdentityServerConstants.StandardScopes.OpenId); aas.Add (IdentityServerConstants.StandardScopes.Profile); client.AllowedScopes = aas.ToArray ()

4. ConfigureServices adds AddInMemoryIdentityResources, AddResourceOwnerValidator, AddProfileService

/ / Registration service var idResources = new List {new IdentityResources.OpenId (), / / must be added, otherwise invalid scope error new IdentityResources.Profile ()}; var section = Configuration.GetSection ("SSOConfig") Services.AddIdentityServer () .AddDeveloperSigningCredential () .AddInMemoryIdentityResources (idResources) .AddInMemoryApiResources (SSOConfig.GetApiResources (section)) .AddInMemoryClients (SSOConfig.GetClients (section)) .AddResourceOwnerValidator () .AddProfileService (); services.AddControllers (). SetCompatibilityVersion (CompatibilityVersion.Latest)

5. Verify in the certification project, and the test is successful

6. Modify the address and authenticate the gateway project. The test is successful.

Code address:

Https://gitee.com/conanOpenSource_admin/Example

This is the end of the content of "how to implement IdentityServer4 password mode in Ocelot gateway". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.