(This article also published in my public number "dotnet daily Essence article", Welcome to the right QR code to pay attention to. )
Preface: The previously introduced IdentityServer3, although developed based on Katana, can also be hosted in ASP. NET 5. This article, recommended today, describes how to implement OAuth2 implicit flow validation in ASP. NET 5 and angular.
Identityserver introduced before, is a fully functional. NET open source OpenID Connect/oauth 2.0 framework. IdentityServer3 is based on the ASP. NET Katana technology stack, although Identityserver is currently developing IDENTITYSERVER4 based on the ASP. NET 5 technology stack, but it is not mature enough. Fortunately, we can still host IdentityServer3 to ASP. NET 5 (the official example).
Previously, Damienbod wrote an article OAuth2 implicit Flow with Angular and ASP. 5 Identityserver (http://damienbod.com/2015/11/08/ oauth2-implicit-flow-with-angular-and-asp-net-5-identity-server/) specifically describes how to host configuration IdentityServer3 in ASP. NET 5, It also introduces how to implement OAuth2 's implicit flow authentication mode to support angular client login.
This article begins with a code snippet that configures the resource server (the API that provides the data), and then demonstrates how to write a Requiredscopesmiddleware middleware class to validate each user's authorization range (Scopes).
There's not much special about configuring Identityserver, just follow the official example.
When implementing the angular client, the key is to pass the bearer token to the resource server for access authorization. It writes a authorizationinterceptor to intercept all HTTP requests to the server, thereby automatically attaching the bearer token. If there is no token, then use Authorizedcontroller to direct the user to the login interface to request a token from the identityserver.
This article is a rare reference to a detailed code explanation of the entire process of angular using implicit flow mode login verification. The details of the thing, everyone read the article in the original.
OAuth2 implicit Flow with IdentityServer3 in ASP. NET 5 and angular