Ejemplo n.º 1
0
        private void AddAuth(IServiceCollection services)
        {
            services.AddIdentityServer(options =>
            {
                options.UserInteraction.LoginUrl  = "/Identity/Account/Login";
                options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
            })
            .AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
            .AddInMemoryApiResources(IdentityConfig.GetApiResources())
            .AddInMemoryApiScopes(IdentityConfig.GetApiScopes())
            .AddInMemoryClients(IdentityConfig.GetClients(Configuration))
            .AddInMemoryPersistedGrants()
            .AddAspNetIdentity <User>()
            .AddDeveloperSigningCredential();

            services
            .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
            .AddJwtBearer(IdentityServerAuthenticationDefaults.AuthenticationScheme, options =>
            {
                options.Authority            = Configuration.GetSection("IdentityServer").GetValue <string>("AuthorityUrl");
                options.RequireHttpsMetadata = true;
                options.Audience             = "pzph.api";
                options.SaveToken            = true;
            });

            services.AddAuthorization(settings =>
            {
                settings.AddPolicy(
                    "user",
                    policy => policy.RequireAuthenticatedUser().RequireClaim("scope", "pzph.api"));
            });
        }