ASP.NET Core的Keycloak客户端
发布时间:2020-05-24 04:19:10 所属栏目:asp.Net 来源:互联网
导读:是否存在 Asp.net Core的Keycloak客户端? I have found a NuGet package for .net但它不适用于Core.您是否有任何想法如何轻松地与此安全服务器集成(或可能使用任何其他替代方案)? 我今天玩了一下这个.最简单的方法是使用OpenId标准. 在Startup.cs中,我使用
|
是否存在 Asp.net Core的Keycloak客户端? I have found a NuGet package for .net但它不适用于Core.您是否有任何想法如何轻松地与此安全服务器集成(或可能使用任何其他替代方案)? 解决方法我今天玩了一下这个.最简单的方法是使用OpenId标准.在Startup.cs中,我使用了OpenIdConnect身份验证: public void Configure(...)
{ (...)
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,AutomaticAuthenticate = true,CookieHttpOnly = true,CookieSecure = CookieSecurePolicy.SameAsRequest
});
app.USEOpenIdConnectAuthentication(CreateKeycloakOpenIdConnectOptions());`(...)
}`
OpenIdConnectOptions方法: private OpenIdConnectOptions CreateKeycloakOpenIdConnectOptions()
{
var options = new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,Authority = Configuration["Authentication:KeycloakAuthentication:ServerAddress"]+"/auth/realms/"+ Configuration["Authentication:KeycloakAuthentication:Realm"],RequireHttpsMetadata = false,//only in development
PostLogoutRedirectUri = Configuration["Authentication:KeycloakAuthentication:PostLogoutRedirectUri"],ClientId = Configuration["Authentication:KeycloakAuthentication:ClientId"],ClientSecret = Configuration["Authentication:KeycloakAuthentication:ClientSecret"],ResponseType = OpenIdConnectResponseType.Code,GetClaimsFromUserInfoEndpoint = true,SaveTokens = true
};
options.Scope.Add("openid");
return options;
}
在appsettings.json中添加Keycloak的配置: {
(...),"Authentication": {
"KeycloakAuthentication": {
"ServerAddress": "http://localhost:8180","Realm": "demo","PostLogoutRedirectUri": "http://localhost:57630/","ClientId": "KeycloakASPNETCore","ClientSecret": "secret-get-it-in-keycloakConsole-client-credentials"
}
}
}
Keycloak客户端配置如下: > Client settings, 如果我想按角色授权用户,我会这样做: 在ConfigureServices方法中添加authorization by claims: public void ConfigureServices(IServiceCollection services)
{
(...)
services.AddAuthorization(options =>
{
options.AddPolicy("Accounting",policy =>
policy.RequireClaim("member_of","[accounting]")); //this claim value is an array. Any suggestions how to extract just single role? This still works.
});
}
我在ValuesController(默认Web API模板)中编辑了get方法: [Authorize(Policy = "Accounting")]
[Route("api/[controller]")]
public class ValuesController : Controller
{
// GET api/values
[HttpGet]
public Dictionary<string,string> Get()
{
var userPrinciple = User as ClaimsPrincipal;
var claims = new Dictionary<string,string>();
foreach (var claim in userPrinciple.Claims)
{
var key = claim.Type;
var value = claim.Value;
claims.Add(key,value);
}
return claims;
}
如果我使用具有会计角色的用户登录或具有会计角色的组,则应在地址localhost:57630 / api / values上显示我的用户声明. 我希望这适合你. (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- asp.net-mvc – 将asp.net mvc beta部署到iis 6,导致404
- asp.net-mvc – 如何扩展html.textboxfor以删除name属性?
- 如何在ASP.NET MVC中保留/保护Edit中的某些字段
- asp.net-mvc – 如何将Model字段值传递给javascript变量?
- asp.net-mvc-3 – 剃刀语法动态命名HTML元素
- ASP.NET UpdatePanel和Javascript __dopostback
- asp.net – 从JavaScript读取web.config
- asp.net-mvc – 使用HtmlHelper类时,MVC单选按钮列表未分组
- asp.net-mvc-3 – 在MVC 3实体框架中添加多个到多个链接表的
- asp.net-mvc – ASP.NET MVC – 向ActionLinks添加querystr