.Net6集成IdentityServer4 +AspNetCore Identity读取数据表用户且鉴权授权管理API_实用技巧_

using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using MyIDP; using MyIDP.Models; using MyIDP.Permission; var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); //由此重要 builder.Services.AddDbContext(opt => { opt.UseMySql("server=127.0.0.1;Port=3306;database=AccountDb;uid=root;pwd=123456;", new MySqlServerVersion(new Version(8,0,29))); }); builder.Services.AddIdentity() .AddUserManager() .AddEntityFrameworkStores() .AddDefaultTokenProviders(); builder.Services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryIdentityResources(MyIDP.IdpConfig.GetIdentityResources()) .AddInMemoryClients(MyIDP.IdpConfig.GetClients()) .AddInMemoryApiScopes( MyIDP.IdpConfig.GetScope()) .AddInMemoryApiResources( MyIDP.IdpConfig.GetApiResources()) //.AddResourceOwnerValidator() //这句可以打开自主验证登录用户 //.AddProfileService() .AddAspNetIdentity() //.AddTestUsers(new List //{ // new IdentityServer4.Test.TestUser // { // SubjectId="123", // Username = "alice", // Password = "alice", // Claims = new List() { // new Claim(JwtClaimTypes.Role, "superadmin"), // new Claim(JwtClaimTypes.Role, "admin") // } // } //}) ; var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseIdentityServer(); app.UseAuthorization(); app.MapControllers(); app.Run();

using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using MyIDP; using MyIDP.Models; using MyIDP.Permission; var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); //由此重要 builder.Services.AddDbContext(opt => { opt.UseMySql("server=127.0.0.1;Port=3306;database=AccountDb;uid=root;pwd=123456;", new MySqlServerVersion(new Version(8,0,29))); }); builder.Services.AddIdentity() .AddUserManager() .AddEntityFrameworkStores() .AddDefaultTokenProviders(); builder.Services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryIdentityResources(MyIDP.IdpConfig.GetIdentityResources()) .AddInMemoryClients(MyIDP.IdpConfig.GetClients()) .AddInMemoryApiScopes( MyIDP.IdpConfig.GetScope()) .AddInMemoryApiResources( MyIDP.IdpConfig.GetApiResources()) //.AddResourceOwnerValidator() //这句可以打开自主验证登录用户 //.AddProfileService() .AddAspNetIdentity() //.AddTestUsers(new List //{ // new IdentityServer4.Test.TestUser // { // SubjectId="123", // Username = "alice", // Password = "alice", // Claims = new List() { // new Claim(JwtClaimTypes.Role, "superadmin"), // new Claim(JwtClaimTypes.Role, "admin") // } // } //}) ; var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseIdentityServer(); app.UseAuthorization(); app.MapControllers(); app.Run();

public static class IdpConfig { public static IEnumerable GetIdentityResources() { return new IdentityResource[] { new IdentityResources.OpenId(), new IdentityResources.Profile(), new IdentityResources.Address(), new IdentityResources.Phone(), new IdentityResources.Email() }; } public static IEnumerable GetApiResources() { //return new ApiResource[] //{ // new ApiResource("api1", "My API #1",new List(){JwtClaimTypes.Role}) //}; //新写法 return new[] { new ApiResource("api1", "My API #1") { Scopes = { "scope1"} } }; } public static IEnumerable GetClients() { return new[] { #region MyRegion //// client credentials flow client //new Client //{ // ClientId = "console client", // ClientName = "Client Credentials Client", // AllowedGrantTypes = GrantTypes.ClientCredentials, // ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) }, // AllowedScopes = { "api1" } //}, #endregion // wpf client, password grant new Client { ClientId = "client", AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, ClientSecrets = { new Secret("secret".Sha256()) }, AllowedScopes = //允许当访问的资源 { "scope1", //"api1", IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Email, IdentityServerConstants.StandardScopes.Address, IdentityServerConstants.StandardScopes.Phone, IdentityServerConstants.StandardScopes.Profile } } }; } public static IEnumerable GetScope() { return new ApiScope[] { new ApiScope("scope1"), new ApiScope("scope2"), }; } }

public class MyUserManager : UserManager { public MyUserManager(IUserStore store, IOptions optionsAccessor, IPasswordHasher passwordHasher, IEnumerable> userValidators, IEnumerable> passwordValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider services, ILogger> logger) : base(store, optionsAccessor, new MyPasswordHasher(), userValidators, passwordValidators, keyNormalizer, errors, services, logger) { optionsAccessor.Value.Password.RequireDigit = false; optionsAccessor.Value.Password.RequiredLength = 4; optionsAccessor.Value.Password.RequireLowercase = false; optionsAccessor.Value.Password.RequireUppercase = false; optionsAccessor.Value.Password.RequireNonAlphanumeric = false; } }

public class MyResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator { public readonly SignInManager signInManager; private readonly MyUserManager userManager; //public readonly IEventService service; public MyResourceOwnerPasswordValidator(MyUserManager userService, SignInManager signInManager)//, IEventService service) { userManager = userService; this.signInManager = signInManager; //this.service = service; } public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context) { if (string.IsNullOrEmpty(context.UserName) || string.IsNullOrEmpty(context.Password)) { context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "验证被拒绝，用户名或者密码为空。"); return; } var user = await userManager.FindByNameAsync(context.UserName); if (user == null) { context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "验证失败，不存在当前用户。"); return; } //检验用户密码（虽然我也不知道他的密码是采用什么加密方式得到的，但是我也不需要知道） var passwordPass = await userManager.CheckPasswordAsync(user, context.Password); if (!passwordPass) { context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "验证失败，用户凭证错误"); return; } else { try { await userManager.AddLoginAsync(user, new UserLoginInfo(user.Id, "", user.UserName)); } catch (Exception ex) { ; } finally { context.Result = new GrantValidationResult(user.Id, GrantType.ResourceOwnerPassword, new List() { new Claim("account", user.UserName) }); } } return; } }

public class MyPasswordHasher : PasswordHasher { public override string HashPassword(ApplicationUser user, string password) { //PasswordHasher ph = new PasswordHasher(); //var pstr = ph.HashPassword(new ApplicationUser(), password); //return pstr; return password.MD5(); } public override PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword) { if (providedPassword.MD5().Equals(hashedPassword)) { return PasswordVerificationResult.Success; } else { return PasswordVerificationResult.Failed; } } }