gpt4 book ai didi

c# - 如何在 ASP.NET Core 应用程序启动后更改 OAuth 提供程序配置

转载 作者:行者123 更新时间:2023-12-03 08:11:29 24 4
gpt4 key购买 nike

启动我的 ASP.NET Core Web 应用程序(使用 IdentityServer 4)时,在 ConfigureServices 方法中,我注册了希望通过 OAuth2 和 OIDC 启用 SSO 的外部身份提供程序。

services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = authenticationScheme;
options.DefaultScheme = authenticationScheme;
})
.AddOAuthSsoIdentityProviders(ssoIdentityProviders);

internal static AuthenticationBuilder AddOAuthSsoIdentityProviders(this AuthenticationBuilder authenticationBuilder, List<IdentityProvider> ssoIdentityProviders)
{
var oAuthSsoIdentityProviders = ssoIdentityProviders
.Where(idp => idp.SsoFlowType == SsoFlowType.Oidc || idp.SsoFlowType == SsoFlowType.OAuth2)
.ToList();
foreach (var ssoIdentityProvider in oAuthSsoIdentityProviders)
{
switch (ssoIdentityProvider.SsoFlowType)
{
case SsoFlowType.Oidc:
authenticationBuilder.AddOpenIdConnect(ssoIdentityProvider.SsoCode, options => SetOidcOptions(ssoIdentityProvider, options));
break;
case SsoFlowType.OAuth2:
authenticationBuilder.AddOAuth(ssoIdentityProvider.SsoCode, options => SetOAuth2Options(ssoIdentityProvider, options));
break;
}
}
return authenticationBuilder;
}

这非常有效,但是我们的网站管理员需要能够更新这些外部身份提供商的配置。例如,他们可能想要添加新合作伙伴或更改现有合作伙伴的身份验证请求 URL。目前,我们必须回收 ASP.NET Core 网站的应用程序池,以使其重新运行启动代码并更新设置。这显然不是一个好的解决方案,所以我想知道我们如何在启动后添加或修改这些配置?

最佳答案

我终于明白了...

在Startup.cs中,注册DI的相关服务:

services
.AddSingleton<OpenIdConnectPostConfigureOptions>()
.AddSingleton<OAuthPostConfigureOptions<OAuthOptions, OAuthHandler<OAuthOptions>>>();

在 SsoController.cs 中,我有一个端点用于刷新给定身份提供程序的配置:

private readonly OpenIdConnectPostConfigureOptions _oidcPostConfigureOptions;
private readonly IOptionsMonitorCache<OpenIdConnectOptions> _oidcOptionsCache;
private readonly OAuthPostConfigureOptions<OAuthOptions, OAuthHandler<OAuthOptions>> _oauthPostConfigureOptions;
private readonly IOptionsMonitorCache<OAuthOptions> _oauthOptionsCache;

public SsoController(
OpenIdConnectPostConfigureOptions oidcPostConfigureOptions,
IOptionsMonitorCache<OpenIdConnectOptions> oidcOptionsCache,
OAuthPostConfigureOptions<OAuthOptions, OAuthHandler<OAuthOptions>> oauthPostConfigureOptions,
IOptionsMonitorCache<OAuthOptions> oauthOptionsCache)
{
_oidcPostConfigureOptions = oidcPostConfigureOptions;
_oidcOptionsCache = oidcOptionsCache;
_oauthPostConfigureOptions = oauthPostConfigureOptions;
_oauthOptionsCache = oauthOptionsCache;
}

[HttpPost("refresh-config/{ssoIdentityProviderId:int}")]
public IActionResult RefreshConfig(int ssoIdentityProviderId)
{
var ssoIdentityProvider = SingleSignOnStore.Model.Instance.GetIdentityProvider(ssoIdentityProviderId);
if (ssoIdentityProvider == null)
return NotFound();

switch (ssoIdentityProvider.SsoFlowType)
{
case SsoFlowType.Oidc:
var oidcOptions = new OpenIdConnectOptions();
StartupSsoExtensions.SetOidcOptions(ssoIdentityProvider, oidcOptions);
_oidcPostConfigureOptions.PostConfigure(ssoIdentityProvider.SsoCode, oidcOptions);
_oidcOptionsCache.TryRemove(ssoIdentityProvider.SsoCode);
_oidcOptionsCache.TryAdd(ssoIdentityProvider.SsoCode, oidcOptions);
break;
case SsoFlowType.OAuth2:
var oauth2Options = new OAuthOptions();
StartupSsoExtensions.SetOAuth2Options(ssoIdentityProvider, oauth2Options);
_oauthPostConfigureOptions.PostConfigure(ssoIdentityProvider.SsoCode, oauth2Options);
_oauthOptionsCache.TryRemove(ssoIdentityProvider.SsoCode);
_oauthOptionsCache.TryAdd(ssoIdentityProvider.SsoCode, oauth2Options);
break;
/*case SsoFlowType.SamlNew:
var samlOptions = new OAuthOptions();
StartupSsoExtensions.SetSamlOptions(ssoIdentityProvider, samlOptions);
_samlPostConfigureOptions.PostConfigure(ssoIdentityProvider.SsoCode, samlOptions);
break;*/
}
}

关于c# - 如何在 ASP.NET Core 应用程序启动后更改 OAuth 提供程序配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70699704/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com