1

我刚刚将我的 dotnet core webapi 应用程序从netcoreapp1.0更新为netcoreapp2.0。我正在使用 openiddict 基于此示例进行身份验证和授权。

配置服务方法:

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();
            services.AddMvc().AddJsonOptions(options =>
               {
                   options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
               });

            services.AddDbContext<ApplicationDbContext>(options =>
            {                
                options.UseSqlServer(@"Server=SERVER1;Database=DB1;User Id=BLAHBLAH;Password=BLAHBLAHBLAH;");                
                options.UseOpenIddict();
            });

            services.AddIdentity<ApplicationUser, IdentityRole>()
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

            services.Configure<IdentityOptions>(options =>
            {
                options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
                options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
                options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;                
            });

            services.AddOpenIddict(options =>
            {                
                options.AddEntityFrameworkCoreStores<ApplicationDbContext>();                
                options.AddMvcBinders();
                options.EnableTokenEndpoint("/connect/token");
                options.AllowPasswordFlow();
                options.DisableHttpsRequirement();
                options.SetAccessTokenLifetime(TimeSpan.FromMinutes(5));
            });

            services.AddAuthentication()
                .AddOAuthValidation();

        }

配置方法:

        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            app.UseCors(b => b.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());    

            app.UseOpenIdConnectServer(configuration => {                
                configuration.AllowInsecureHttp = true;                                    
                configuration.Provider = new AuthorizationProvider();
            });               
            app.UseAuthentication();                
            app.UseMvc();
        }

AuthorizationProvider类:

    public sealed class AuthorizationProvider : OpenIdConnectServerProvider
    {            
        public AuthorizationProvider()
        {

        }

        public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
        {        
            if (string.IsNullOrEmpty(context.Error))
            {
                var role = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Role).Value;
                var userName = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Name).Value;
                context.Response["role"] = role;
                context.Response["userName"] = userName;
                context.Response[".issued"] = DateTime.Now.ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
                context.Response[".expires"] = DateTime.Now.AddHours(8).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");    
            }

            return;
        }
    }

以下代码不起作用:

app.UseOpenIdConnectServer(configuration => {                
    configuration.AllowInsecureHttp = true;                
    configuration.Provider = new AuthorizationProvider();
});

它说“IApplicationBuilder”不包含“UseOpenIdConnectServer”的定义,并且找不到接受“IApplicationBuilder”类型的第一个参数的扩展方法“UseOpenIdConnectServer”(您是否缺少 using 指令或程序集引用?)

我该如何解决?添加自定义提供程序的替代方法是什么?

4

3 回答 3

2

根据带有示例的github页面

这样做的正确方法Startup.cs如下。(pasting my sample code for your reference. You can re-factor based on your need) 它应该在ConfigureServices方法内部

services.AddAuthentication(options =>
    {
        options.DefaultScheme = "ServerCookie";
    })
    .AddCookie("ServerCookie", options =>
    {
        options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
        options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
        options.LoginPath = new PathString("/login");
        options.LogoutPath = new PathString("/logout");
    })
    .AddOAuthValidation()
    .AddOpenIdConnectServer(options =>
    {
        options.ProviderType = typeof(AuthorizationProvider);

        // Enable the authorization, logout, token and userinfo endpoints.
        options.AuthorizationEndpointPath = "/connect/authorize";
        options.LogoutEndpointPath = "/connect/logout";
        options.TokenEndpointPath = new PathString("/Login");//"/connect/token";
        options.UserinfoEndpointPath = "/connect/userinfo";

        // Note: see AuthorizationController.cs for more
        // information concerning ApplicationCanDisplayErrors.
        options.ApplicationCanDisplayErrors = true;
        options.AllowInsecureHttp = true;

        // Note: to override the default access token format and use JWT, assign AccessTokenHandler:
        //
        // options.AccessTokenHandler = new JwtSecurityTokenHandler
        // {
        //     InboundClaimTypeMap = new Dictionary<string, string>(),
        //     OutboundClaimTypeMap = new Dictionary<string, string>()
        // };
        //
        // Note: when using JWT as the access token format, you have to register a signing key.
        //
        // You can register a new ephemeral key, that is discarded when the application shuts down.
        // Tokens signed using this key are automatically invalidated and thus this method
        // should only be used during development:
        //
        // options.SigningCredentials.AddEphemeralKey();
        //
        // On production, using a X.509 certificate stored in the machine store is recommended.
        // You can generate a self-signed certificate using Pluralsight's self-cert utility:
        // https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
        //
        // options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
        //
        // Alternatively, you can also store the certificate as an embedded .pfx resource
        // directly in this assembly or in a file published alongside this project:
        //
        // options.SigningCredentials.AddCertificate(
        //     assembly: typeof(Startup).GetTypeInfo().Assembly,
        //     resource: "Mvc.Server.Certificate.pfx",
        //     password: "Owin.Security.OpenIdConnect.Server");
    });
    services.AddScoped<AuthorizationProvider>();

然后在您的配置方法中

app.UseAuthentication();

应用在哪里IApplicationBuilder

于 2017-08-28T07:39:59.280 回答
0

ASP.NET Core 2.0 有一个新的身份验证和身份模型,它通过使用服务来简化配置,下面是迁移指南

将身份验证和身份迁移到 ASP.NET Core 2.0

在配置方法中改变这个

app.UseOpenIdConnectServer(configuration => {                
    configuration.AllowInsecureHttp = true;                
    configuration.Provider = new AuthorizationProvider();
});

对此

app.UseAuthentication();

并在 ConfigureServices 添加以下代码

services.AddAuthentication(options => {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
    options.Authority = Configuration["auth:oidc:authority"];
    options.ClientId = Configuration["auth:oidc:clientid"];
});
于 2017-08-28T07:17:31.013 回答
0

看这里

 public void ConfigureServices(IServiceCollection services)
    {
        services.AddEntityFrameworkInMemoryDatabase()
            .AddDbContext<ApplicationContext>(options =>
            {
                options.UseInMemoryDatabase(nameof(ApplicationContext));
            });

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "ServerCookie";
        })

        .AddCookie("ServerCookie", options =>
        {
            options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
            options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
            options.LoginPath = new PathString("/signin");
            options.LogoutPath = new PathString("/signout");
        })

        .AddGoogle(options =>
        {
            options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
            options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
        })

        .AddTwitter(options =>
        {
            options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
            options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
        })

        .AddOAuthValidation()

        .AddOpenIdConnectServer(options =>
        {
            options.ProviderType = typeof(AuthorizationProvider);

            // Enable the authorization, logout, token and userinfo endpoints.
            options.AuthorizationEndpointPath = "/connect/authorize";
            options.LogoutEndpointPath = "/connect/logout";
            options.TokenEndpointPath = "/connect/token";
            options.UserinfoEndpointPath = "/connect/userinfo";

            // Note: see AuthorizationController.cs for more
            // information concerning ApplicationCanDisplayErrors.
            options.ApplicationCanDisplayErrors = true;
            options.AllowInsecureHttp = true;

            // Note: to override the default access token format and use JWT, assign AccessTokenHandler:
            //
            // options.AccessTokenHandler = new JwtSecurityTokenHandler
            // {
            //     InboundClaimTypeMap = new Dictionary<string, string>(),
            //     OutboundClaimTypeMap = new Dictionary<string, string>()
            // };
            //
            // Note: when using JWT as the access token format, you have to register a signing key.
            //
            // You can register a new ephemeral key, that is discarded when the application shuts down.
            // Tokens signed using this key are automatically invalidated and thus this method
            // should only be used during development:
            //
            // options.SigningCredentials.AddEphemeralKey();
            //
            // On production, using a X.509 certificate stored in the machine store is recommended.
            // You can generate a self-signed certificate using Pluralsight's self-cert utility:
            // https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
            //
            // options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
            //
            // Alternatively, you can also store the certificate as an embedded .pfx resource
            // directly in this assembly or in a file published alongside this project:
            //
            // options.SigningCredentials.AddCertificate(
            //     assembly: typeof(Startup).GetTypeInfo().Assembly,
            //     resource: "Mvc.Server.Certificate.pfx",
            //     password: "Owin.Security.OpenIdConnect.Server");
        });

        services.AddScoped<AuthorizationProvider>();

        services.AddMvc();

        services.AddDistributedMemoryCache();
    }

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs#L29

于 2017-10-02T19:08:18.797 回答