Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to get started in IdentityServer4 and how to add client credentials to API. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

The following will show how to use IdentityServer4 to authorize API protection and how to carry Token to access protected API, which we can achieve through HttpClient or body in Http requests. So don't talk much nonsense, let's get started.

First of all, we must know that our access to a security restricted API lock is on a dedicated IdentityServer4 authentication server. So, we need to create an authentication server. First, let's create an API project.

After the creation is complete, we create another Config.cs, which is whatever you want, but you need to correspond to it when you inject DI. Our API, the protected lock, is defined in GetSoluction, and the first parameter is name, which is the name of Api, followed by the displayed name, DisplayName. In GetClients, we define the trusted client, including the client's ID, authorization method, client encryption method, and the API that the client can access through AllowedScopes.

Now that we have written the configuration file for the IdentityServer4 server, we also need to inject dependencies into the .NET Core pipeline, so let's take a look at the definition.

That's it-if you run the server and browse the browser http://localhost: your port /. Well-known/openid-configuration, you should see the so-called discovery document. The client and API will use it to download the necessary configuration data.

When you start for the first time, IdentityServer will create a developer signing key for you, which is a file named tempkey.rsa. You do not have to check the file into source control, and if it does not exist, it will be recreated.

The following is a test with PostMan, the request is made in HttpPost, and the request body context is edited in Http Body. The test results are as follows. Token is returned if there is no problem with the three parameters, and an error:invalid_client is returned if one of the three parameters is misspelled.

Let's add a controller to the API project:

You will use this controller later to test authorization requirements and to visually declare identity through API's eyes. Now let's add the authentication service to the DI and the authentication intermediate price to the pipeline to validate the incoming token to ensure that it comes from a trusted issuer.

Update Startup to look like this:

AddAuthentication is used to use the IdentityServer4 access token authentication handler to provide authentication services in DI. UseAuthentication adds authentication middleware to the pipeline to automatically perform authentication each time the host is called. If you transfer to http://localhost:prot/identity now,

If the error is 401, the API has been protected. The configuration is successful! Now we are going to create our client To access a protected API, you need to carry a key, so the key term is called a token, which is a token to the gate! Now immediately create a console program to access API using tokens.

First we need to install IdentityModel because it can find metadata for us.

IdentityModel includes client libraries for discovering endpoints. So you only need to know the base address of the IdentityServer-you can read the actual endpoint address from the metadata:

Next, you can use the information in the discovery document to request a token:

To send an access token to API, you usually use the HTTP Authorization header. This is done using the SetBearerToken extension method:

In this way, our startup results are as follows: in the startup order, you should start the authentication platform first, then start API, and debug the tool in the startup console.

Such a simple IdentityServer4 authentication platform is OK. Do you want to try it urgently now? Haha, about the source code, I put it in my Coding, the address is: https://coding.net/u/zaranet/p/IdentitySERVER, of course, don't look simple, just tap it yourself, if you haven't touched IdentityServer at all. Let's take a look back.

We define the Config file in IdentityServerSoluction, which is used for the configuration of Id4, the main function is to authenticate the model, and the parameters such as ClientId in the Client request text are also set. Then IdentItyAPI is our project service, in which the API controllers marked by Authorize are all secure, so we need to get the verification in our IdentityServerSoluction so that we can access it, so we use the .NET Core console program to simulate this process, which involves HttpClient related knowledge. Finally, we return our relevant token, so that we can get the API service we want according to token!

After reading the above, do you have any further understanding of how to get started in IdentityServer4 and how to add client credentials to API? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.