Asp .net core authentication via IdentityServer4
There will not be anything unusual, one framework "IdentityServer4" will perform authentication by login and password on a certain Api, plus still process refresh_token.
It will work with the existing IdentityDbContext, IdentityUser.
The result will be a scenario in which, for each authentication, one refresh_token will be issued and saved in the PersistedGrants table. This is one of the four types of OAuth 2.0 permissions:
')
Resource Owner Password Credentials: Used by trusted applications, such as applications that are part of the service itself.
All work on the maintenance of tokens takes on the framework.
So, let's begin.
To specify the resolution method, the “clients” are set, I will have one:
DataLayer.Config
Next, we sit this client in the database when it is created:
TestIdentityServer.Program
In the Initialize method, code has been added to create the necessary databases and data inserts, including the client. But before that you need to perform migrations, because you will have to create a database of 3 contexts, where the first context is IdentityDbContext ApplicationUser, and the rest are for IdentityServer4:
DataLayer.DbInitializer
Migrations:
The link to the code will be at the end.
Go ahead. After setting the client and creating the database, the server can already process requests "/ connect / token" by login with a password and issue access_token with refresh_token.
According to it, with the indication of the refresh_token, refresh them.
Login: Password:
refresh_token
/ connect / userinfo
Now let's add an api which will be authorized by IdentityServer4. His relationship with him will be as follows:
DataApi.Startup
The api itself will be deployed on another port.
Authorization will now be checked as usual with the attribute "[Authorize]".
/ api / Default
That's all, write who thinks or what is missing.
Link to code .
UPD: Signed jwt tokens
Added signature methods: RSA which is generated at startup and a * .pfx certificate file. The corresponding method can be switched to “appsettings.json”, the “SigningCredentialConfig” property.
It will work with the existing IdentityDbContext, IdentityUser.
The result will be a scenario in which, for each authentication, one refresh_token will be issued and saved in the PersistedGrants table. This is one of the four types of OAuth 2.0 permissions:
')
Resource Owner Password Credentials: Used by trusted applications, such as applications that are part of the service itself.
All work on the maintenance of tokens takes on the framework.
So, let's begin.
To specify the resolution method, the “clients” are set, I will have one:
DataLayer.Config
new Client { ClientId = _configurationManager.Value.ClientId, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, // RequireClientSecret = false, //Client Secret , AllowedScopes = { _configurationManager.Value.ApiName, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile},// /connect/userinfo AllowOfflineAccess = true // - } Next, we sit this client in the database when it is created:
TestIdentityServer.Program
services.GetRequiredService<DbInitializer>().Initialize(); In the Initialize method, code has been added to create the necessary databases and data inserts, including the client. But before that you need to perform migrations, because you will have to create a database of 3 contexts, where the first context is IdentityDbContext ApplicationUser, and the rest are for IdentityServer4:
DataLayer.DbInitializer
_context.Database.Migrate(); _configurationDbContext.Database.Migrate(); _persistedGrantDbContext.Database.Migrate(); if (!_configurationDbContext.Clients.Any()) { foreach (var client in _config.GetClients().ToList()) { _configurationDbContext.Clients.Add(client.ToEntity()); } _configurationDbContext.SaveChanges(); } Migrations:
dotnet ef migrations add InitialIdentityServerPersistedGrantDbMigration -c PersistedGrantDbContext -o Data/Migrations/IdentityServer/PersistedGrantDb dotnet ef migrations add InitialIdentityServerConfigurationDbMigration -c ConfigurationDbContext -o Data/Migrations/IdentityServer/ConfigurationDb dotnet ef migrations add InitialAuthMigration -c AuthContext -o Data/Migrations/IdentityServer/Auth The link to the code will be at the end.
Go ahead. After setting the client and creating the database, the server can already process requests "/ connect / token" by login with a password and issue access_token with refresh_token.
According to it, with the indication of the refresh_token, refresh them.
Login: Password:
refresh_token
/ connect / userinfo
Now let's add an api which will be authorized by IdentityServer4. His relationship with him will be as follows:
DataApi.Startup
services.AddAuthentication("Bearer") .AddIdentityServerAuthentication(options => { options.Authority = settings.Authority; // http://localhost:5000 options.RequireHttpsMetadata = false; options.ApiName = settings.ApiName;//api1 }); The api itself will be deployed on another port.
Authorization will now be checked as usual with the attribute "[Authorize]".
/ api / Default
That's all, write who thinks or what is missing.
Link to code .
UPD: Signed jwt tokens
Added signature methods: RSA which is generated at startup and a * .pfx certificate file. The corresponding method can be switched to “appsettings.json”, the “SigningCredentialConfig” property.
Source: https://habr.com/ru/post/426289/
All Articles