Identity3
1. 開啟空的MVC專案
2. SSL --> true
3. NeGet
- Microsoft.Owin.Host.Systemweb (3.0.0)
- IdentityServer3 (2.0.0)
4. owin_startup
5. NeGet
- System.IdentityModel.Tokens (4.0.1)
- Microsoft.IdentityModel.Protocol.Extensions (1.0.1)
- Microsoft.Owin.Security (3.0.0)
- Microsoft.Owin.Security.Cookies (3.0.0)
- Microsoft.Owin.Security.Google (3.0.0)
- Microsoft.Owin.Security.OpenIdConnect (3.0.0)
6. 建立IdentityServer Folder
7.新增Cleints.cs, Users.cs, Scopes.cs
using IdentityServer3.Core.Models;
using System.Collections.Generic;
namespace Identity3.IdentityServer
{
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
ClientName = "MVC Client",
ClientId = "mvc",
Flow = Flows.Implicit,
RedirectUris = new List<string>
{
"https://localhost:44319/"
},
PostLogoutRedirectUris = new List<string>
{
"https://localhost:44319/"
},
AllowedScopes = new List<string>
{
"openid",
"profile",
"roles",
"sampleApi"
}
},
new Client
{
ClientName = "MVC Client (service communication)",
ClientId = "mvc_service",
Flow = Flows.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
AllowedScopes = new List<string>
{
"sampleApi"
}
}
};
}
}
}
using IdentityServer3.Core.Models;
using System.Collections.Generic;
namespace Identity3.IdentityServer
{
public static class Scopes
{
public static IEnumerable<Scope> Get()
{
var scopes = new List<Scope>
{
new Scope
{
Enabled = true,
Name = "roles",
Type = ScopeType.Identity,
Claims = new List<ScopeClaim>
{
new ScopeClaim("role")
}
},
new Scope
{
Enabled = true,
DisplayName = "Sample API",
Name = "sampleApi",
Description = "Access to a sample API",
Type = ScopeType.Resource,
Claims = new List<ScopeClaim>
{
new ScopeClaim("role")
}
}
};
scopes.AddRange(StandardScopes.All);
return scopes;
}
}
}
using IdentityServer3.Core.Services.InMemory;
using System.Security.Claims;
using IdentityServer3.Core;
using System.Collections.Generic;
namespace Identity3.IdentityServer
{
public static class Users
{
public static List<InMemoryUser> Get()
{
return new List<InMemoryUser>
{
new InMemoryUser
{
Username = "bob",
Password = "secret",
Subject = "1",
Claims = new[]
{
new Claim(Constants.ClaimTypes.GivenName, "Bob"),
new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
new Claim(Constants.ClaimTypes.Role, "Geek"),
new Claim(Constants.ClaimTypes.Role, "Foo")
}
}
};
}
}
}
8. NuGet
- IdentityModel (1.0.0)
- Thinktecture.IdentityModel.Owin.ResourceAuthorization (1.1.0)
- Thinktecture.IdentityModel.Owin.ResourceAuthorization.Mvc (2.0.0)
9.取Certificates -> Here
Verify that the OP that responded was the intended OP through a TLS server certificate check
10.HomeControl - > about
[Authorize]
public ActionResult About()
{
//ViewBag.Message = "Your application description page.";
return View((User as ClaimsPrincipal).Claims); //回傳
}
11.View -> about
@model IEnumerable<System.Security.Claims.Claim>
<dl>
@foreach (var claim in Model)
{
<dt>@claim.Type</dt>
<dd>@claim.Value</dd>
}
</dl>
12.NuGet
- Thinktecture.IdentityModel.Core 1.3.0
- Thinktecture.IdentityModel.Owin.ResourceAuthorization.Mvc 2.0.0
參考網址: Identity3