/// <summary>
/// 添加IdentityServer Api
/// </summary>
/// <param name="services">服务收藏</param>
/// <param name="appConfig">应用配置</param>
/// <param name="options">IdentityServer Api配置信息回调</param>
/// <returns>服务收藏</returns>
public static IServiceCollection AddIdentityServerApi(this IServiceCollection services, IConfiguration appConfig, Action <IdentityServerApiInfo> options)
{
if (options == null)
{
throw new ArgumentException("IdentityServer Api配置信息回调不能为空");
}
var config = new IdentityServerApiInfo();
if (options != null)
{
options(config);
}
services.AddIdentityServerApi(appConfig, config);
return(services);
}
/// <summary>
/// 添加IdentityServer Api
/// </summary>
/// <param name="services">服务收藏</param>
/// <param name="appConfig">应用配置</param>
/// <param name="config">IdentityServer Api配置信息</param>
/// <returns>服务收藏</returns>
private static IServiceCollection AddIdentityServerApi(this IServiceCollection services, IConfiguration appConfig, IdentityServerApiInfo config)
{
if (config == null)
{
throw new ArgumentNullException("IdentityServer Api配置信息不能为null");
}
if (appConfig == null)
{
throw new ArgumentNullException("应用配置不能为null");
}
if (string.IsNullOrWhiteSpace(config.IdentityServerUrl))
{
throw new ArgumentNullException("IdentityServer Url地址不能为空");
}
if (string.IsNullOrWhiteSpace(config.Service.ServiceName))
{
config.Service.ServiceName = appConfig["ServiceName"];
}
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer(config.AuthSchemeKey, options =>
{
options.Authority = config.IdentityServerUrl;
options.RequireHttpsMetadata = config.RequireHttpsMetadata;
options.SaveToken = config.SaveToken;
options.Audience = config.Service.ServiceName;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
services.AddAuthorization(options =>
{
options.AddPolicy(config.Service.PolicyName, policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", config.Service.ServiceName);
});
});
return(services);
}
