Implementation of the OAuth 2.0 Licensing Service "password mode (Resource Owner Password Credentials) based on IdentityServer3

Source: Internet
Author: User
Tags oauth

In the password mode (Resource Owner Password Credentials Grant), the user provides their user name and password to the client. The client uses this information to request authorization from the provider provider. The OAuth 2.0 Authorization Service "Client Credentials grant" modification is implemented based on the previous IdentityServer3.

Client

 Public classClients { Public StaticList<client>Get () {return NewList<client>                    {                        //no human involved                        NewClient {ClientName="App Interface Services", ClientId="app_test_id", Enabled=true, Accesstokentype=accesstokentype.reference, Flow=flows.clientcredentials, Clientsecrets=NewList<secret>                            {                                NewSecret ("F621f470-9731-4a25-80ef-67a6f7c5f4b8". SHA256 ())}, Allowedscopes=Newlist<string>                            {                                "User",                                "Order"                            }                        },                        //Human is involved                        NewClient {ClientName="Username Client", ClientId="Irving", Enabled=true, Accesstokentype=accesstokentype.reference, Flow=Flows.resourceowner, Clientsecrets=NewList<secret>                            {                                NewSecret ("21b5f798-be55-42bc-8aa8-0025b903dc3b". SHA256 ())}, Allowedscopes=Newlist<string>                            {                                "User",                                "Order"                            }                        }                    }; }    }

User

 Public classUsers { Public StaticList<inmemoryuser>Get () {return NewList<inmemoryuser>            {                NewInmemoryuser {Username="Irving", Password="123456", Subject="1", Claims=New[]                    {                        NewClaim (Constants.ClaimTypes.GivenName,"Bob"),                        NewClaim (Constants.ClaimTypes.FamilyName,"Smith")                    }                },                NewInmemoryuser {Username="Bob", Password="Secret", Subject="2"                },                NewInmemoryuser {Username="Alice", Password="Secret", Subject="3"                }            }; }    }

server-side configuration

 Public classStartup {/// <summary>        ///Configuring the IDSV Licensing service/// </summary>        /// <param name= "app" ></param>         Public voidConfiguration (Iappbuilder app) {varopts =Newidentityserveroptions {SiteName="Embedded Homeinns PMS 2.0 OAuth2 Service", Enablewelcomepage=true, Factory=Newidentityserverservicefactory (). Useinmemoryclients (Clients.get ()). Useinmemoryscopes (Scopes.get ())//. Useinmemoryusers (New list<inmemoryuser> ()),                              . Useinmemoryusers (Users.get ()), requireSSL=false,                //signingcertificate = new X509Certificate2 (string. Format (@ "{0}\bin\identityserver\idsrv3test.pfx", AppDomain.CurrentDomain.BaseDirectory), "Idsrv3test")            }; App.            Useidentityserver (opts); /*//Custom routing app.                Map ("/identity", Idsrvapp = {idsrvapp.useidentityserver (opts);            }); */        }

Controller

[Route ("api/v1/values")]     Public classValuescontroller:apicontroller { PublicIhttpactionresult Get () {varCaller = User asClaimsPrincipal; varSubjectclaim = caller. FindFirst ("Sub"); if(Subjectclaim! =NULL)            {                returnJson (New{message="OK User", Client= caller. FindFirst ("client_id"). Value, Subject=Subjectclaim.value}); }            Else            {                returnJson (New{message="OK Computer", Client= caller. FindFirst ("client_id").            Value}); }        }    }

Control Desk

classProgram {Static voidMain (string[] args) {            /*POSTHttp://192.168.210.165/connect/tokenhttp/1.1 Accept:application/json Authorization:basic Yxbwx3rlc3rfawq6rjyymuy0nzatotcz Ms00qti1ltgwruytnjdbnky3qzvgnei4 content-type:application/x-www-form-urlencoded host:192.1                68.210.165 content-length:40 expect:100-continue connection:keep-alive Grant_type=client_credentials&scope=user*/            /*GEThttp://192.168.210.165: 88/api/v1/values http/1.1 authorization:bearer 9f82476751e1f8b93f1ea6df7de83b51 Host: 192.168.210.165:88*/            varLog =Newloggerconfiguration (). WriteTo. Literateconsole (outputtemplate:"{Timestamp:HH:mm} [{level}] ({name:l}) {NewLine} {message}{newline}{exception}")                          .            Createlogger (); //ClientCredentials            vartoken =NewTokenclient ("Http://192.168.210.165/connect/token",                         "app_test_id",                         "F621f470-9731-4a25-80ef-67a6f7c5f4b8"); varResponse = token. Requestclientcredentialsasync ("User").            Result; varClient =NewHttpClient (); Client. Setbearertoken (response.            Accesstoken); Log.information (client. Getstringasync ("http://192.168.210.165:88/api/v1/values").            Result); //Resourceowner            varResourceownerclient =NewTokenclient ("Http://192.168.210.165/connect/token",                            "Irving",                            "21b5f798-be55-42bc-8aa8-0025b903dc3b"); vardata = Resourceownerclient.requestresourceownerpasswordasync ("Irving","123456","Order").            Result; Client. Setbearertoken (data.            Accesstoken); Log.information (client. Getstringasync ("http://192.168.210.165:88/api/v1/values").            Result);        Console.readkey (); }    }}

Implementation of the OAuth 2.0 Licensing Service "password mode (Resource Owner Password Credentials) based on IdentityServer3

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.