Identity3

Identity3

1.    開啟空的MVC專案


2.     SSL --> true

3.    NeGet

  • Microsoft.Owin.Host.Systemweb    (3.0.0)
  • IdentityServer3  (2.0.0)

 4.    owin_startup 5.  NeGet

  • System.IdentityModel.Tokens (4.0.1)
  • Microsoft.IdentityModel.Protocol.Extensions  (1.0.1)
  • Microsoft.Owin.Security (3.0.0)
  • Microsoft.Owin.Security.Cookies (3.0.0)
  • Microsoft.Owin.Security.Google  (3.0.0)
  • Microsoft.Owin.Security.OpenIdConnect (3.0.0)

6. 建立IdentityServer Folder

7.新增Cleints.cs, Users.cs, Scopes.cs

using IdentityServer3.Core.Models;
using System.Collections.Generic;

namespace Identity3.IdentityServer
{
    public static class Clients
    {
        public static IEnumerable<Client> Get()
        {
            return new[]
            {
                new Client
                {
                    ClientName = "MVC Client",
                    ClientId = "mvc",
                    Flow = Flows.Implicit,

                    RedirectUris = new List<string>
                    {
                        "https://localhost:44319/"
                    },
                    PostLogoutRedirectUris = new List<string>
                    {
                        "https://localhost:44319/"
                    },
                    AllowedScopes = new List<string>
                    {
                        "openid",
                        "profile",
                        "roles",
                        "sampleApi"
                    }
                },
                new Client
                {
                    ClientName = "MVC Client (service communication)",
                    ClientId = "mvc_service",
                    Flow = Flows.ClientCredentials,

                    ClientSecrets = new List<Secret>
                    {
                        new Secret("secret".Sha256())
                    },
                    AllowedScopes = new List<string>
                    {
                        "sampleApi"
                    }
                }
            };
        }
    }
}
using IdentityServer3.Core.Models;
using System.Collections.Generic;


namespace Identity3.IdentityServer
{
    public static class Scopes
    {
        public static IEnumerable<Scope> Get()
        {
            var scopes = new List<Scope>
            {
                new Scope
                {
                    Enabled = true,
                    Name = "roles",
                    Type = ScopeType.Identity,
                    Claims = new List<ScopeClaim>
                    {
                        new ScopeClaim("role")
                    }
                },
                new Scope
                {
                    Enabled = true,
                    DisplayName = "Sample API",
                    Name = "sampleApi",
                    Description = "Access to a sample API",
                    Type = ScopeType.Resource,

                    Claims = new List<ScopeClaim>
                    {
                        new ScopeClaim("role")
                    }
                }
            };

            scopes.AddRange(StandardScopes.All);

            return scopes;
        }
    }
}
using IdentityServer3.Core.Services.InMemory;
using System.Security.Claims;
using IdentityServer3.Core;
using System.Collections.Generic;


namespace Identity3.IdentityServer
{
    public static class Users
    {
        public static List<InMemoryUser> Get()
        {
            return new List<InMemoryUser>
            {
                new InMemoryUser
                {
                    Username = "bob",
                    Password = "secret",
                    Subject = "1",

                    Claims = new[]
                    {
                        new Claim(Constants.ClaimTypes.GivenName, "Bob"),
                        new Claim(Constants.ClaimTypes.FamilyName, "Smith"),
                        new Claim(Constants.ClaimTypes.Role, "Geek"),
                        new Claim(Constants.ClaimTypes.Role, "Foo")
                    }
                }
            };
        }
    }
}

8. NuGet

  • IdentityModel  (1.0.0)
  • Thinktecture.IdentityModel.Owin.ResourceAuthorization   (1.1.0)
  • Thinktecture.IdentityModel.Owin.ResourceAuthorization.Mvc  (2.0.0)

9.取Certificates   -> Here

   Verify that the OP that responded was the intended OP through a TLS server certificate check

10.HomeControl - > about 

    [Authorize]   
        public ActionResult About()
        {
            //ViewBag.Message = "Your application description page.";

            return View((User as ClaimsPrincipal).Claims);   //回傳
        }

11.View  -> about

@model IEnumerable<System.Security.Claims.Claim>
<dl>
    @foreach (var claim in Model)
    {
        <dt>@claim.Type</dt>
        <dd>@claim.Value</dd>
    }
</dl>

12.NuGet

  • Thinktecture.IdentityModel.Core  1.3.0
  • Thinktecture.IdentityModel.Owin.ResourceAuthorization.Mvc  2.0.0

參考網址: Identity3 

                 Documentation

                 Repository

                 Samples

                 Johan