- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我想为本地应用程序(客户端移动)在两个单独的 docker 中制作身份服务器和 API。
它在 NGINX 反向代理和 Let's Encrypt 上运行。
Dockers
---------------------------
| Reverse Proxy |
| ----------------------- |
-------- | | ---------------- | |
| Mobile | ---------|-> | IdendityServer | | |
-------- | | | Port: 5000 | | |
| | | ---------------- | |
| | | | | |
| | | ---------------- | |
---------------|-> | API | | |
| | | Port: 5001 | | |
| | ---------------- | |
| ----------------------- |
| |
| ---------------- |
| | PostgreSQL | |
| | Port: 5432 | |
| ---------------- |
---------------------------
FROM microsoft/dotnet:2.0-sdk
COPY is4/* /app/
WORKDIR /app
ENV ASPNETCORE_URLS http://*:5000
EXPOSE 5000
ENTRYPOINT ["dotnet", "IdentityServer.dll"]
FROM microsoft/dotnet:2.0-sdk
COPY api/* /app/
WORKDIR /app
ENV ASPNETCORE_URLS http://*:5001
EXPOSE 5001
ENTRYPOINT ["dotnet", "ApiServer.dll"]
version: '3'
services:
identityserver:
image: identityserver
build:
context: .
dockerfile: IdentityServer/Dockerfile
container_name: ids
restart: always
ports:
- 5000:5000
# expose:
# - "5000"
environment:
ASPNETCORE_ENVIRONMENT: Development
VIRTUAL_PORT: 5000
VIRTUAL_HOST: ids.mydomain.com
LETSENCRYPT_HOST: ids.mydomain.com
LETSENCRYPT_EMAIL: myuser@mydomain.com
IDENTITY_ISSUER: "https://ids.mydomain.com"
IDENTITY_REDIRECT: "com.mobiletest.nativeapp"
IDENTITY_CORS_ORIGINS: "https://ids.mydomain.com"
depends_on:
- db
apiserver:
image: apiserver
build:
context: .
dockerfile: ApiServer/Dockerfile
container_name: api
restart: always
ports:
- 5001:5001
# expose:
# - "5001"
environment:
ASPNETCORE_ENVIRONMENT: Development
VIRTUAL_PORT: 5001
VIRTUAL_HOST: api.mydomain.com
LETSENCRYPT_HOST: api.mydomain.com
LETSENCRYPT_EMAIL: myuser@mydomain.com
IDENTITY_AUTHORITY: "http://identityserver:5000"
CLIENT_CORS_ORIGINS: "com.mobiletest.nativeapp"
depends_on:
- identityserver
- db
links:
- identityserver
db:
image: postgresql:10
build:
context: .
dockerfile: PostgreSQL/Dockerfile
container_name: db
restart: always
ports:
- "5432:5432"
volumes:
- /www/database:/var/lib/postgresql/data
environment:
- PGDATA=/var/lib/postgresql/data/pgdata
networks:
default:
external:
name: nginx-proxy
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
// Configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer(opt =>
{
opt.IssuerUri = Configuration["IDENTITY_ISSUER"];
opt.PublicOrigin = Configuration["IDENTITY_ISSUER"];
})
.AddCorsPolicyService<InMemoryCorsPolicyService>() // Add the CORS service
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>();
services.AddAuthentication();
// preserve OIDC state in cache (solves problems with AAD and URL lenghts)
services.AddOidcStateDataFormatterCache("aad");
// add CORS policy for non-IdentityServer endpoints
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", policy =>
{
policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
});
});
} // ConfigureServices()
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseIdentityServer();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
} // Configure()
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
{
ApiSecrets = { new Secret("secret".Sha256()) }
}
};
}
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "native.hybrid",
ClientName = "Native Client (Hybrid with PKCE)",
AllowedGrantTypes = GrantTypes.Hybrid,
RequirePkce = true,
RequireConsent = false,
//RequireClientSecret = false,
ClientSecrets = { new Secret("secret".Sha256()) },
RedirectUris = { Configuration["IDENTITY_REDIRECT"] + "://signin-oidc" },
PostLogoutRedirectUris = { Configuration["IDENTITY_REDIRECT"] + "://signout-callback-oidc" },
AllowedScopes = { "openid", "profile" },
AllowedCorsOrigins = { Configuration["IDENTITY_CORS_ORIGINS"] },
AllowOfflineAccess = true,
//AllowAccessTokensViaBrowser = true
RefreshTokenUsage = TokenUsage.ReUse
}
};
} // GetClients()
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
if (Configuration["CLIENT_CORS_ORIGINS"] == "")
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyMethod()
.AllowAnyOrigin()
.AllowAnyHeader());
});
}
else
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.WithOrigins(Configuration["CLIENT_CORS_ORIGINS"]));
});
}
services.AddAuthentication("Bearer");
services.AddAuthentication(options => //adds the authentication services to DI
{
//We are using a cookie as the primary means to authenticate a user (via “Cookies” as the DefaultScheme). We set the DefaultChallengeScheme to “oidc” because when we need the user to login, we will be using the OpenID Connect scheme.
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies") //add the handler that can process cookies
.AddOpenIdConnect("oidc", options => //configure the handler that perform the OpenID Connect protocol
{
options.SignInScheme = "Cookies"; //is used to issue a cookie using the cookie handler once the OpenID Connect protocol is complete
options.Authority = Configuration["IDENTITY_AUTHORITY"]; //indicates that we are trusting IdentityServer
options.RequireHttpsMetadata = false;
options.ClientId = "native.hybrid";
options.SaveTokens = true;
options.ClientSecret = "secret"; //used to persist the tokens from IdentityServer in the cookie
options.ResponseType = "code id_token";
});
services.AddMvc();
} // ConfigureServices()
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseCors("CorsPolicy");
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseMvc();
} // Configure()
[Route("api/[controller]")]
[EnableCors("CorsPolicy")]
[Authorize]
public class ValuesController : Controller
{
// GET api/values
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "testvalue1", "testvalue2" };
}
}
var options = new OidcClientOptions
{
Authority = "https://ids4.syladebox.com",
ClientId = "native.hybrid",
ClientSecret = "secret",
//Scope = "openid profile api1 offline_access",
Scope = "openid profile offline_access",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
RedirectUri = "com.mobiletest.nativeapp://signin-oidc",
PostLogoutRedirectUri = "com.mobiletest.nativeapp://signout-callback-oidc",
//Flow = OidcClientOptions.AuthenticationFlow.Hybrid,
//Policy = policy,
//Browser = new SFAuthenticationSessionBrowser()
// new in iOS 12
Browser = new ASWebAuthenticationSessionBrowser()
//Browser = new PlatformWebView()
};
_client = new OidcClient(options);
var result = await _client.LoginAsync(new LoginRequest());
if (result.IsError)
{
OutputText.Text = result.Error;
return;
}
if (result.AccessToken != null)
{
var client = new HttpClient();
client.SetBearerToken(result.AccessToken);
var response = await client.GetAsync("https://api.mydomain.com/api/values");
if (!response.IsSuccessStatusCode)
{
OutputText.Text = response.ReasonPhrase;
return;
}
var content = await response.Content.ReadAsStringAsync();
OutputText.Text = JArray.Parse(content).ToString();
}
response = await client.GetAsync("https://api.mydomain.com/api/values");
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Authority = Configuration["IDENTITY_AUTHORITY"];
options.ApiName = "api";
//options.ApiSecret = "secret";
});
// Add CORS policy for non-IdentityServer endpoints
services.AddCors(options =>
{
options.AddPolicy("api", policy =>
{
policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
});
});
} // ConfigureServices()
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseCors("api");
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseMvc();
} // Configure()
[Route("api/[controller]")]
[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)]
public class ValuesController : Controller
{
// GET api/values
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "testvalue1", "testvalue2" };
}
}
apiserver:
...
ports:
- 5001:80
environment:
...
IDENTITY_AUTHORITY: "https://demo.identityserver.io"
#CLIENT_CORS_ORIGINS (omitted in the code)
var options = new OidcClientOptions
{
Authority = "https://demo.identityserver.io",
ClientId = "native.hybrid",
Scope = "openid profile email api offline_access",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
RedirectUri = "com.mobiletest.nativeapp://callback",
PostLogoutRedirectUri = "com.mobiletest.nativeapp://callback",
Browser = new ASWebAuthenticationSessionBrowser()
};
apiserver:
...
ports:
- 5001:80
environment:
...
IDENTITY_AUTHORITY: "https://dev-xxxxxx.okta.com"
#CLIENT_CORS_ORIGINS (omitted in the code)
var options = new OidcClientOptions
{
Authority = "https://dev-xxxx.okta.com",
ClientId = "xxxxxxxxxxxxxxxxxxx", // ClientId is hidden in this topic
Scope = "openid profile email offline_access",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
RedirectUri = "com.okta.dev-xxxxxx:/callback",
PostLogoutRedirectUri = "com.okta.dev-xxxxxx:/callback",
Browser = new ASWebAuthenticationSessionBrowser()
};
最佳答案
您是否尝试过使用 .AddJwtBearer()
在您的 API 中,而不仅仅是 .AddAuthentication("Bearer")
?
像这样的东西:
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.Audience = "api1";
});
关于c# - 无法使用我的身份服务器从 native 应用程序调用 API,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54293098/
谁能解释一下 Server.MapPath(".")、Server.MapPath("~")、Server.MapPath(@"之间的区别\") 和 Server.MapPath("/")? 最佳答案
我不知道,为什么我们要使用 Server.UrlEncode() & Server.UrlDecode()?!在 QueryString 中我们看到 URL 中的任何内容,那么为什么我们要对它们进行编
我已经通过 WHM 在我的一个域上安装了 ssl 证书。网站正在使用 https://xyz.com . 但是它不适用于 https://www.xyz.com .我已经检查了证书,它也适用于 www
我已经使用 WMI 检测操作系统上是否存在防病毒软件,itz 正常工作并通过使用命名空间向我显示防病毒信息,例如 win xp 和 window7 上的名称和实例 ID:\root\SecurityC
我们有 hive 0.10 版本,我们想知道是否应该使用 Hive Server 1 或 Hive Server2。另一个问题是连接到在端口 10000 上运行的 Hive 服务器,使用 3rd 方工
我想在 C++ 中使用 Windows Server API 设置一个 HTTPS 服务器,我使用了示例代码,它在 HTTP 上工作正常,但我就是不能让它在 HTTPS 上工作。 (我不想要客户端 S
我写了一个非常基本的类来发送电子邮件。我用 smtp 服务器对其进行了测试,它工作正常,但是当我尝试使用我公司的交换服务器时,它给出了这个异常: SMTP 服务器需要安全连接或客户端未通过身份验证。服
我的应用程序包含一个“网关”DataSnap REST 服务器,它是所有客户端的第一个访问点。根据客户端在请求中传递的用户名(基本身份验证),请求需要重定向到另一个 DataSnap 服务器。我的问题
我有一个 Tomcat 服务器和一个 Glassfish4 服务器。我的 Servlet 在 Tomcat 服务器上启动得很好,但在 Glassfish4 服务器上给我一个“HTTP Status 4
我在 vmware 上创建了一个 ubuntu 服务器。我用它作为文件服务器。如果我通过托管虚拟机的计算机进行连接,则可以访问它。我无法从同一网络上的其他计算机执行此操作。提前致谢! 最佳答案 首先确
如何重启 Rails 服务器?我从 开始 rails server -d 所以服务器是分离的 我知道的唯一方法就是去做ps 辅助 | grep rails 并 kill -9关于过程#但是像这样杀死进
我实际上正在尝试找到编写一个简单的 XMPP 服务器的最佳方法,或者找到一个占用空间非常小的服务器。我只关心XMPP的核心功能(状态、消息传递、群组消息传递)。目前还在学习 XMPP 协议(proto
我实际上正在尝试找到编写简单 XMPP 服务器的最佳方法,或者找到一个占用空间非常小的方法。我只关心 XMPP 的核心功能(统计、消息、组消息)。目前也在学习 XMPP 协议(protocol),所以
我们正在尝试从 Java JAX-RS 适配器访问 SOAP 1.1 Web 服务。 我们正在使用从 WSDL 生成的 SOAP 客户端。 但是当解码 SOAP 故障时,我们得到以下异常: ... C
目前,我和许多其他人正在多个平台(Windows、OS X 和可能的 Linux)上使用 Python HTTP 服务器。我们正在使用 Python HTTP 服务器来测试 JavaScript 游戏
我有一个连续运行的服务器程序(C#/.NET 2.0 on Linux with mono),我想从 PHP 脚本连接到它以在网站上显示状态信息。 目的是创建一个(某种)实时浏览器游戏(无 Flash
所以我有一个单页客户端应用程序。 正常流程: 应用程序 -> OAuth2 服务器 -> 应用程序 我们有自己的 OAuth2 服务器,因此人们可以登录应用程序并获取与用户实体关联的 access_t
我们刚刚将测试 Web 服务器从 Server 2008 升级到 Server 2012 R2。我们有一个部署我们网站的批处理脚本。当它将站点推送到服务器时,它现在失败了。奇怪的是,我可以使用相同的发
建议一些加载SpagoBI服务器的方法,我尝试了所有方法来解析spagobi服务器。在 Catalina 中,错误是 - * SEVERE: Unable to process Jar entry [
当我们点击应用程序服务器(apache tomcat)时,它会创建一个线程来处理我们的请求并与 tomcat 连接,建立连接,tomcat 创建另一个线程来处理请求并将其传递给连接,连接线程将其传递给
我是一名优秀的程序员,十分优秀!