Shulou(Shulou.com)06/01 Report--

This article is about how to use IdentityServer4 for OAuth2.0 services, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Below, this project that uses IdentityServer4's OAuth3.0 service is called the Passport project.

Component description (Nuget)

Components required for the Passport project

The project is initialized with Asp.net Core Identity project template and integrated with IdentityServer4 middleware

Integrating IdentityServer4.AspNetIdentity to manage User system

Integrated IdentityServer4.EntityFramework is used to persist OAuth3.0 related role data

Integrated NLog.Web.AspNetCore for output logs

Integrate System.Security.Cryptography.Csp and use RSA for Token signature

Components required by ApiResource (providing Api services and registering with Passport)

If it is an Asp.Net Core WebApi project: integrate IdentityServer4.AccessTokenValidation (use Authorize Policy mechanism)

If it is an Asp.Net WebApi project: integrate IdentityServer3.AccessTokenValidation (middleware) + Thinktecture.IdentityModel.WebApi.ScopeAuthorization (provide ScopeAuthorize)

Client required component IdentityModel (provides TokenClient)

Note:

First, ApiResource does not need to configure ApiSecret (middleware will request http://{passport-project-domain}/.well-known/openid-configuration/jwks to obtain RSA public key verification signature)

Second, the client (caller) must set the password (clientId,clientSecret, request the required scopes)

Third, when configuring RSA, don't forget to set KeyId, otherwise IdentityServer3.AccessTokenValidation will throw an exception if kid is null when it gets jwks. It is recommended that KeyId and the Base64 string of Rsa save the configuration file together. Reference issue

Build a route

IdentityServer4 official document: using-asp-net-core-identity

IdentityServer4 official document: using-entityframework-core-for-configuration-data

(optional) temporary use of quickstart-ui for UI

(optional) if it is IdentityServer3, there are also IdentityServer3.Admin and IdentityServer3.Admin.EntityFramework

Token signature and signature verification mechanism: RSA. Reference to the configuration method. Again, don't forget to set KeyId.

The configuration of ApiResource and Client refer to IdentityServer3 and 4 component compatibility test projects.

Asp.Net WebApi (non. Net Core project) fine-grained verification of Scope (implemented to a specific Api), use ScopeAuthorize, install Nuget component source code reference

Install-Package Thinktecture.IdentityModel.WebApi.ScopeAuthorization

Asp.Net Core project deployment notes

Server installs DotNetCore.1.0.4_1.1.1-WindowsHosting.exe

Server administrator cmd executes net stop was / y & & net start w3svc

Create a new site

The site application pool is set to unmanaged code (IIS is only published as a reverse proxy and convenient site)

Enable web deployment

Manual vs publish, select iis,webdeploy, execute connection string, specify migration connection string

If IIS Aspnet Core Module fails to start the dotnet process, web.config enables stdoutLogEnabled and creates a logs directory to view the error message

The above is how to use IdentityServer4 for OAuth2.0 services. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.