AspNet.Security.OpenIdConnect.Server, owin/katana和 ASP.NET 内核的OpenID连接/oauth2服务器框架

分享于 

7分钟阅读

GitHub

  繁體 雙語
OpenIdConnect-Server-Implementation reviewed by the team of Microsoft.Owin ("Katana")
  • 源代码名称:AspNet.Security.OpenIdConnect.Server
  • 源代码网址:http://www.github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server
  • AspNet.Security.OpenIdConnect.Server源代码文档
  • AspNet.Security.OpenIdConnect.Server源代码下载
  • Git URL:
    git://www.github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server.git
    Git Clone代码到本地:
    git clone http://www.github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server
    Subversion代码到本地:
    $ svn co --depth empty http://www.github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server
    Checked out revision 1.
    $ cd repo
    $ svn up trunk
    
    AspNet.Security.OpenIdConnect.Server

    为 ASP.NET 内核 1.x/2.x/katana。x/katana。x 提供了/openid连接服务器框架,设计了较低级别的协议首次处理。

    上可以找到最新的官方版本,并且可以在 MyGet 上找到 nightly。

    Build statusBuild status

    开始

    基于 Katana,公开类似的基元,并可以使用 UseOpenIdConnectServer 扩展方法直接在 Startup.cs 中注册

    publicvoidConfigureServices(IServiceCollectionservices)
    {
     services.AddAuthentication().AddOpenIdConnectServer(options =>
     {
     //Enable the token endpoint. options.TokenEndpointPath = "/connect/token";
     //Implement OnValidateTokenRequest to support flows using the token endpoint. options.Provider.OnValidateTokenRequest = context =>
     {
     //Reject token requests that don't use grant_type=password or grant_type=refresh_token.if (!context.Request.IsPasswordGrantType() &&!context.Request.IsRefreshTokenGrantType())
     {
     context.Reject(
     error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
     description: "Only grant_type=password and refresh_token " +
     "requests are accepted by this server.");
     return Task.CompletedTask;
     }
     //Note: you can skip the request validation when the client_id//parameter is missing to support unauthenticated token requests.//if (string.IsNullOrEmpty(context.ClientId))//{//context.Skip();////return Task.CompletedTask;//}//Note: to mitigate brute force attacks, you SHOULD strongly consider applying//a key derivation function like PBKDF2 to slow down the secret validation process.//You SHOULD also consider using a time-constant comparer to prevent timing attacks.if (string.Equals(context.ClientId, "client_id", StringComparison.Ordinal) &&
     string.Equals(context.ClientSecret, "client_secret", StringComparison.Ordinal))
     {
     context.Validate();
     }
     //Note: if Validate() is not explicitly called,//the request is automatically rejected.return Task.CompletedTask;
     };
     //Implement OnHandleTokenRequest to support token requests. options.Provider.OnHandleTokenRequest = context =>
     {
     //Only handle grant_type=password token requests and let//the OpenID Connect server handle the other grant types.if (context.Request.IsPasswordGrantType())
     {
     //Implement context.Request.Username/context.Request.Password validation here.//Note: you can call context Reject() to indicate that authentication failed.//Using password derivation and time-constant comparer is STRONGLY recommended.if (!string.Equals(context.Request.Username, "Bob", StringComparison.Ordinal) ||
    !string.Equals(context.Request.Password, "P@ssw0rd", StringComparison.Ordinal))
     {
     context.Reject(
     error: OpenIdConnectConstants.Errors.InvalidGrant,
     description: "Invalid user credentials.");
     return Task.CompletedTask;
     }
     varidentity = newClaimsIdentity(context.Scheme.Name,
     OpenIdConnectConstants.Claims.Name,
     OpenIdConnectConstants.Claims.Role);
     //Add the mandatory subject/user identifier claim. identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "[unique id]");
     //By default, claims are not serialized in the access/identity tokens.//Use the overload taking a"destinations" parameter to make sure//your claims are correctly inserted in the appropriate tokens. identity.AddClaim("urn:customclaim", "value",
     OpenIdConnectConstants.Destinations.AccessToken,
     OpenIdConnectConstants.Destinations.IdentityToken);
     varticket = newAuthenticationTicket(
     newClaimsPrincipal(identity),
     newAuthenticationProperties(),
     context.Scheme.Name);
     //Call SetScopes with the list of scopes you want to grant//(specify offline_access to issue a refresh token). ticket.SetScopes(
     OpenIdConnectConstants.Scopes.Profile,
     OpenIdConnectConstants.Scopes.OfflineAccess);
     context.Validate(ticket);
     }
     return Task.CompletedTask;
     };
     });
    }

    注意:为了使OpenID连接服务器正常工作,必须在 ASP.NET 核心 2.0管道中注册身份验证中间件的:

    publicvoidConfigure(IApplicationBuilderapp)
    {
     app.UseAuthentication();
    }

    注:AspNet.Security.OpenIdConnect.Server 2.x 软件包仅与 ASP.NET Core 2.x 兼容。 如果你的应用程序目标是 ASP.NET 内核 1. x, 使用 AspNet.Security.OpenIdConnect.Server 1.x 包。

    资源

    寻找额外的资源以帮助你开始工作? 不要错过这些有趣的博客帖子:

    • 创建你自己的OpenID连接服务器,用 ASOS

    示例

    这些示例在当前项目目录中找到总是针对最新的ASP.NET 内核版本,主要是为了简化测试。

    在 aspnet contrib/aspnet。openidconnect。samples 上可以找到 Core的官方示例。

    找一些简单的东西? 不要错过 OpenIddict ASP.NET 为核心 1.x 和基于 AspNet.Security.OpenIdConnect.Server的2.0的简单和easy-to-use的OpenID连接服务器。

    支持

    需要帮助或者想分享你的想法? 请不要犹豫加入或者问你StackOverflow的问题:

    贡献者

    AspNet.Security.OpenIdConnect.Server actively的Kévin Chalet 积极维护。 欢迎捐赠,并且可以使用请求请求提交。

    许可证

    这个项目是在的Apache许可下授权的。 这意味着你可以自由地使用。修改和分发。 有关详细信息,请参阅 http://www.apache.org/licenses/LICENSE-2.0.html


    Server    framework  asp  asp-net  CORE  
    相关文章