gpt4 book ai didi

identityserver4 - 如何在 IdentityServer4 上的 TestController 上启用 [Authorize] 以声明 CRUD Controller

转载 作者:行者123 更新时间:2023-12-05 01:27:42 25 4
gpt4 key购买 nike

使用 here 的 OIDC 客户端.
以及来自 here 的演示服务器和 here .

我在 IdentityServer 本身上有以下 Controller :

[Route("api/Test")]
//[Authorize]
[Authorize(ActiveAuthenticationSchemes = "Bearer")]
public class TestController : ControllerBase
{
public IActionResult Get()
{
var claims = User.Claims.Select(c => new { c.Type, c.Value });
return new JsonResult(claims);
}
}

如果我注释掉这两个 [Authorize]属性,我到达了TestController。

如果我只使用 [Authorize] ,我收到以下错误:

GET http://localhost:5000/api/Test dashboard:1 XMLHttpRequest cannot load http://localhost:5000/api/Test. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.



如果我只使用 [Authorize(ActiveAuthenticationSchemes = "Bearer")]我得到:

GET http://localhost:5000/api/Test dashboard:1 XMLHttpRequest cannot load http://localhost:5000/api/Test. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500. dashboard:1 XMLHttpRequest cannot load http://localhost:5000/api/Test. Redirect from 'http://localhost:5000/api/Test' to 'http://localhost:5000/Account/Login?ReturnUrl=%2Fapi%2FTest' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.



我用来从 OIDC 客户端调用端点的代码是:
  test() {
this.authService.mgr.getUser()
.then(user => {
// this.http.get('https://api.identityserver.io/identity',
this.http.get('http://localhost:5000/api/Test',
{ headers: new Headers({ 'Authorization': `${user.token_type} ${user.access_token}`}) })
.subscribe(res => {
console.log(res.json());
});
});
}

我可以成功调用 https://api.identityserver.io/identity有了这个。

这是我的 CorsPolicyHelper:
public class DemoCorsPolicy : ICorsPolicyService
{
public Task<bool> IsOriginAllowedAsync(string origin)
{
return Task.FromResult(true);
}
}

这就是它所谓的启动形式:
 public void ConfigureServices(IServiceCollection services)
{
...
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<AuthDbContext>()
.AddDefaultTokenProviders();

services.AddMvc();
...
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Resources.GetIdentityResources())
.AddInMemoryApiResources(Resources.GetApiResources())
.AddInMemoryClients(Clients.GetClients())
.AddAspNetIdentity<ApplicationUser>();

services.AddTransient<ICorsPolicyService, DemoCorsPolicy>();
}

最终目标是对权限/声明执行 CRUD 操作。我目前被困在这个看似微不足道的任务上,即拥有一个受授权保护的 Controller :/

最佳答案

最终因为我能够使用 [Authorize]在 IdentityServer4 之外成功,我决定将授权与身份验证分开,并创建一个提供关注点分离的授权服务器。

关于identityserver4 - 如何在 IdentityServer4 上的 TestController 上启用 [Authorize] 以声明 CRUD Controller ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42318837/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com