IdentityServer4 use OpenID Connect to add user authentication. How does openidconnect work?
Use IdentityServer4 to implement OpenID Connect server and add user authentication. Client call to implement authorization.
IdentityServer4 has been updated to version 1.0 and is described in previous articles. IdentityServer4 ASP. NET Core OpenID Connect OAuth 2.0 Framework learning protection API.
Environment: IdentityServer4 1.0. NET Core 1.0.1
The following is the official start.
Create an IdentityServer4 Server
The server provides services, such as QQ Weibo.
Create an ASP. NET Core Web Application project IdentityServer4OpenID. Select the template Web Application for no authentication.
Delete the Controllers File Created by the template and the Views folder.
Add IdentityServer4 reference:
Install-Package IdentityServer4
Then add the configuration class Config. cs:
Public class Config {// define the system resource public static IEnumerable <IdentityResource> GetIdentityResources () {return new List <IdentityResource> {new IdentityResources. openId (), new IdentityResources. profile (), };} public static IEnumerable <Client> GetClients () {// return new List of Client creden <Client> {// OpenID Connect implicit Client (MVC) new Client {ClientId = "mvc", ClientName = "MVC Client", AllowedGrantTypes = GrantTypes. implicit, RedirectUris = {" http://localhost:5002 /Signin-oidc "}, PostLogoutRedirectUris = {" http://localhost:5002 "}, // Run the accessed resource AllowedScopes = {IdentityServerConstants. standardScopes. openId, IdentityServerConstants. standardScopes. profile }};}// test the public static List of users <TestUser> GetUsers () {return new List <TestUser> {new TestUser {SubjectId = "1 ", username = "admin", Password = "123456", Claims = new List <Claim> {new Claim ("name", "admin"), new Claim ("website "," https://www.cnblogs.com/linezero ") }}, New TestUser {SubjectId =" 2 ", Username =" linezero ", Password =" 123456 ", claims = new List <Claim> {new Claim ("name", "linezero"), new Claim ("website "," https://github.com/linezero ")}}};}}
The above uses the IdentityServer4 test data class to add data, which directly exists in the memory. IdentityServer4 supports persistence.
Open Startup. cs and add the following:
public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddMvc(); services.AddIdentityServer() .AddTemporarySigningCredential() .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryClients(Config.GetClients()) .AddTestUsers(Config.GetUsers()); } public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { ... app.UseIdentityServer(); ...
Then install the UI. You can write the UI part by yourself, that is, login logout permission and error.
You can download it from the https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/tree/release and decompress it to the project directory.
You can also use a command prompt to quickly install:
powershell iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/IdentityServer/IdentityServer4.Quickstart.UI/release/get.ps1'))
Open a command prompt in the project directory and enter the preceding command.
For more information, see the official readme: https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/release/README.md
Create an MVC Client
Create an MVC client to understand your application and use the services provided by a third party.
Create an ASP. NET Core Web Application project MvcClient and select the template Web Application for no authentication.
Configure the Url to bind port 5002 UseUrls ("http: // localhost: 5002 ")
Then add reference:
Install-Package Microsoft.AspNetCore.Authentication.Cookies
Install-Package Microsoft.AspNetCore.Authentication.OpenIdConnect
The final reference in this article is 1.1.
Open the Startup class and add the following code in the Configure method:
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies" }); app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions { AuthenticationScheme = "oidc", SignInScheme = "Cookies", Authority = "http://localhost:5000", RequireHttpsMetadata = false, ClientId = "mvc", SaveTokens = true });
Then add the [Authorize] feature to HomeController. HomeController is created in the VS2015 template. If not, you can create it yourself.
Then, change the Index view in the Home folder as follows:
<dl> @foreach (var claim in User.Claims) { <dt>@claim.Type</dt> <dd>@claim.Value</dd> }</dl>
Run
Run the server first, locate dotnet run in the project directory, and access http: // localhost: 5000 after the server is started, and check whether access is normal.
Access the client normally and then run the same dotnet run, and then access http: // localhost: 5002. The default jump is http: // localhost: 5000.
The final result is as follows:
The UI part here is the official UI. We can also design and apply it to our own system. The login user is the test user of the Configuration. After authorization, you can see the configured Claims.
The Grant used in this article is Implicit, a more detailed OAuth 2.0 https://tools.ietf.org/html/rfc6749.
Example GitHub: https://github.com/linezero/Blog/tree/master/IdentityServer4OpenID
Reference official documents: https://identityserver4.readthedocs.io/en/release/quickstarts/3_interactive_login.html
If you think this article is helpful to you, click"Recommendation", Thank you.