有做网站动态效果软件,wordpress qq登录微信登录,宿迁怎样建设网站,关于做网站的总结一、鉴权和授权#xff08;grpc专栏结束后会开启鉴权授权专栏欢迎大家关注#xff09;
权限认证这里使用IdentityServer4配合JWT进行认证通过AddAuthentication和AddAuthorization方法进行鉴权授权注入#xff1b;通过UseAuthentication和UseAuthorization启用鉴权授权增加…一、鉴权和授权grpc专栏结束后会开启鉴权授权专栏欢迎大家关注
权限认证这里使用IdentityServer4配合JWT进行认证通过AddAuthentication和AddAuthorization方法进行鉴权授权注入通过UseAuthentication和UseAuthorization启用鉴权授权增加授权策略处理使用密码模式及简易内存处理生成token带入grpc的metadata进行传递服务端对应的方法标记特性[Authorize]进行验证代码中会有对应的注释说明如果对您有用可静下心来细致的浏览
二、实战案例
需要一个授权中心服务需要一个gRPC后端服务需要一个客户端调用对应的授权中心和gRPC后端服务
第一步授权中心 1引入IdentityServer4包 2添加IdentityServer注入及启用IdentityServer
// 添加IdentityServer4注入// 注入id4服务 配置开发证书 配置内存客户端client
builder.Services.AddIdentityServer().AddDeveloperSigningCredential().AddInMemoryClients(PasswordInfoConfig.GetClients()).AddInMemoryApiResources(PasswordInfoConfig.GetApiResources()).AddInMemoryApiScopes(PasswordInfoConfig.GetApiScopes()).AddTestUsers(PasswordInfoConfig.GetUsers());// 启用IdentityServer 同时启用认证和授权app.UseIdentityServer();
app.UseAuthentication();app.UseAuthorization();3密码 在程序中进行了初始化因为是模拟这里就没有放到数据库 public class PasswordInfoConfig{/// summary/// 获取设定客户端/// /summary/// returns/returnspublic static IEnumerableClient GetClients(){return new[] {new Client{ClientIdlaoliu,ClientSecrets new []{ new Secret(laoliu123456.Sha256()) },AllowedGrantTypes GrantTypes.ResourceOwnerPassword,AllowedScopes new[] {TestApi,UserApi},Claims new ListClientClaim(){new ClientClaim(JwtClaimTypes.Role,Admin),new ClientClaim(JwtClaimTypes.NickName,王先生),new ClientClaim(JwtClaimTypes.Email,88163.com)}}};}/// summary/// 获取Api对应的作用域/// /summary/// returns/returnspublic static IEnumerableApiScope GetApiScopes(){return new[] { new ApiScope(UserApi, 用户作用域), new ApiScope(TestApi, 测试作用域) };}/// summary/// 获取Api资源/// /summary/// returns/returnspublic static IEnumerableApiResource GetApiResources(){return new[]{new ApiResource(TestApi,测试的API,new Liststring{ IdentityModel.JwtClaimTypes.Role,email}){Scopes new Liststring { TestApi }},new ApiResource(UserApi,用户的API,new Liststring{ JwtClaimTypes.NickName,email}){Scopes new Liststring { UserApi }}};}public static ListTestUser GetUsers(){return new ListTestUser{new TestUser(){Usernameadmin,Passwordpassword,SubjectId0,Claims new ListClaim(){new Claim(JwtClaimTypes.Role,Admin),new Claim(JwtClaimTypes.NickName,陈先生),new Claim(JwtClaimTypes.Email,77.com)}}};}}
第二步gRPC后端服务 1引入IdentityServer4、IdentityServer4.AccessTokenValidation、Microsoft.AspNetCore.Authentication.JwtBearer包 2添加IdentityServer权限解析认证 3启用鉴权和授权 4对应的类或方法中标记 [Authorize] 4GRPC的服务及Proto文件这里不贴上来了 有需要可以直接百度云盘下载源码查看
// 注入
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddIdentityServerAuthentication(options {// 权限中心 服务地址options.Authority http://localhost:5172;options.ApiName TestApi;options.RequireHttpsMetadata false;});builder.Services.AddAuthorization();
builder.Services.AddGrpc();// 启用app.UseAuthentication();
app.UseAuthorization();// 字段
app.MapGrpcServiceProtoFieldService();// 基础配置
[Authorize]
public override async TaskEmpty BaseConfigService(BaseConfig request, ServerCallContext context)
{await Console.Out.WriteLineAsync(\r\n--------------------------基础配置--------------------------\r\n);// 打印字段信息var properties request.GetType().GetProperties();foreach (var property in properties){var value property.GetValue(request);await Console.Out.WriteLineAsync(${property.Name}{value});}return new Empty();
}第三步WPF客户端 1调用鉴权中心获取token 2gRPC工厂中配置token传递 或者在调用对应的客户端函数中对metadata传参 3调用 public class WpfAuthClient{private static string _token null;public static async Taskstring GetToken(){if (_token ! null){return _token;}var client new HttpClient();PasswordTokenRequest tokenRequest new PasswordTokenRequest();tokenRequest.Address http://localhost:5172/connect/token;tokenRequest.GrantType GrantType.ResourceOwnerPassword;tokenRequest.ClientId laoliu;tokenRequest.ClientSecret laoliu123456;tokenRequest.Scope TestApi;tokenRequest.UserName admin;tokenRequest.Password password;var tokenResponse await client.RequestPasswordTokenAsync(tokenRequest);var token tokenResponse.AccessToken;var tokenType tokenResponse.TokenType;_token ${tokenType} {token};return _token;}} public static class GrpcClient{/// summary/// rpc 工厂注入/// /summary/// param nameservices/param/// returns/returnspublic static IServiceCollection AddWPFGrpc(this IServiceCollection services){if (services null){throw new ArgumentNullException(nameof(services));}services.AddGrpcClientFieldRpc.FieldRpcClient(options {options.Address new Uri(https://localhost:7188);}).AddCallCredentials(async (context, metadata) {var token await WpfAuthClient.GetToken();metadata.Add(Authorization, token);});return services;}}
三、执行效果展示 1启动鉴权中心 2) 启动gRPC后端服务 3先看下不传token的结果 4加入token获取传递展示
授权中心返回 gRPC服务展示 客户端返回成功 四、源码地址
链接https://pan.baidu.com/s/1viu-REcR-ySdR0FE05sohg 提取码y0m4
