// scopes define the resources in your system
private static IEnumerable <IdentityResource> GetIdentityResources()
{
var openId = new IdentityResources.OpenId();
openId.DisplayName = "用户标识";
var profile = new IdentityResources.Profile
{
DisplayName = "基本信息: 如姓名、角色等", Description = ""
};
profile.UserClaims.Add(JwtClaimTypes.Role);
var fullProfile = new IdentityResources.Profile
{
Name = "full_profile", DisplayName = "完整信息: 如姓名、角色、电话、邮件、公司信息等", Description = ""
};
fullProfile.UserClaims.Add(JwtClaimTypes.Role);
fullProfile.UserClaims.Add(JwtClaimTypes.PhoneNumber);
fullProfile.UserClaims.Add(JwtClaimTypes.Email);
fullProfile.UserClaims.Add("title");
fullProfile.UserClaims.Add("group");
fullProfile.UserClaims.Add("level");
fullProfile.UserClaims.Add("office_phone");
fullProfile.UserClaims.Add("full_name");
return(new List <IdentityResource>
{
openId,
profile,
fullProfile
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.Configure<CookiePolicyOptions>(options =>
//{
// // This lambda determines whether user consent for non-essential cookies is needed for a given request.
// options.CheckConsentNeeded = context => true;
// options.MinimumSameSitePolicy = SameSiteMode.None;
//});
services.AddApplicationService();
var profile = new IdentityResources.Profile();
profile.UserClaims.Add("role");
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddClientStore <ClientStore>()
.AddInMemoryIdentityResources(new List <IdentityResource>
{
new IdentityResources.OpenId(),
profile,
});
//JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication()
.AddCookie();
services.AddMvc()
.AddValidation()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public IActionResult AddGeneralScope()
{
var ir = new IdentityResources.OpenId();
var ir2 = new IdentityResources.Profile();
_confContext.IdentityResources.Add(ir.ToEntity());
_confContext.IdentityResources.Add(ir2.ToEntity());
_confContext.SaveChanges();
return(Ok());
}
private static IEnumerable <IdentityResource> GetIdentityResources()
{
var profile = new IdentityResources.Profile();
profile.Required = true;
return(new IdentityResource[]
{
new IdentityResources.OpenId(),
profile
});
}
public static IEnumerable <IdentityResource> GetIdentityResources()
{
var profile = new IdentityResources.Profile();
profile.UserClaims.Add("role");
return(new IdentityResource[]
{
profile,
new IdentityResources.OpenId(),
new IdentityResources.Address(),
new IdentityResources.Email(),
new IdentityResources.Phone(),
});
}
public async Task Discovery_response_should_contains_aid_if_requested()
{
_mockPipeline.AnonymousOptions.AlwaysIncludeAnonymousIdInProfile = false;
var profile = new IdentityResources.Profile();
profile.UserClaims.Add(JwtClaimTypes.AnonymousId);
_mockPipeline.IdentityScopes.Add(profile);
var result = await _mockPipeline.BackChannelClient.GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
{
Address = IdentityServerPipeline.BaseUrl
});
result.ClaimsSupported.Should().Contain(JwtClaimTypes.AnonymousId);
}
/// <summary>
/// 转换为Identity资源数组
/// </summary>
/// <param name="identityResources">Identity资源信息数组</param>
/// <returns>Identity资源数组</returns>
public static IdentityResource[] ToIdentityResources(this IdentityResourceInfo[] identityResources)
{
if (identityResources.IsNullOrLength0())
{
return(null);
}
var result = new IdentityResource[identityResources.Length];
for (var i = 0; i < result.Length; i++)
{
var source = identityResources[i];
var type = source.Type != null?source.Type.ToLower() : null;
if ("openid".Equals(type))
{
result[i] = new IdentityResources.OpenId();
}
else if ("profile".Equals(type))
{
result[i] = new IdentityResources.Profile();
}
else if ("address".Equals(type))
{
result[i] = new IdentityResources.Address();
}
else if ("email".Equals(type))
{
result[i] = new IdentityResources.Email();
}
else if ("phone".Equals(type))
{
result[i] = new IdentityResources.Phone();
}
else
{
result[i] = new IdentityResource(source.Name, source.DisplayName, source.UserClaims);
}
result[i].Description = source.Description;
result[i].Enabled = source.Enabled;
result[i].Emphasize = source.Emphasize;
result[i].Required = source.Required;
result[i].ShowInDiscoveryDocument = source.ShowInDiscoveryDocument;
}
return(result);
}
public List <IdentityResource> GetIdentityResources()
{
var openIdResource = new IdentityResources.OpenId();
openIdResource.UserClaims.Add("role");
var profileResource = new IdentityResources.Profile();
profileResource.UserClaims.Add("role");
return(new List <IdentityResource>
{
openIdResource,
profileResource
});
}
public ResourceStore()
{
apiResources["https://example.com/api"] =
new ApiResource("https://example.com/api")
{
UserClaims = { JwtClaimTypes.Email },
Scopes =
{
new Scope {
Name = "read:product", DisplayName = "Read access to product data"
}
}
};
identityResources["openid"] = new IdentityResources.OpenId();
identityResources["email"] = new IdentityResources.Email();
identityResources["address"] = new IdentityResources.Address();
identityResources["phone"] = new IdentityResources.Phone();
identityResources["profile"] = new IdentityResources.Profile();
}
public static void IdentityResources(ConfigurationDbContext context)
{
IdentityResources.OpenId openId = new IdentityResources.OpenId();
if (!context.IdentityResources.Any(resource => resource.Name == openId.Name))
{
context.IdentityResources.Add(openId.ToEntity());
context.SaveChanges();
}
IdentityResources.Profile profile = new IdentityResources.Profile();
if (!context.IdentityResources.Any(resource => resource.Name == profile.Name))
{
context.IdentityResources.Add(profile.ToEntity());
context.SaveChanges();
}
}
public static IEnumerable <IdentityResource> GetIdentityResources()
{
var profileResource = new IdentityResources.Profile();
profileResource.Required = true;
// add the standard name claim type to the profile scope resource so it
// populates User.Identity.Name within the client MVC app
profileResource.UserClaims.Add(ClaimTypes.Name);
return(new List <IdentityResource> {
new IdentityResources.OpenId(),
profileResource,
new IdentityResources.Email(),
new IdentityResource {
Name = "roles",
DisplayName = "Your access roles",
Required = true,
Description = "Your permissions on the system",
UserClaims = new List <string> {
//"role",
ClaimTypes.Role
},
},
});
}
public static void PopulateDatabase(IApplicationBuilder app)
{
using var serviceScope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope();
using var configurationContext = serviceScope.ServiceProvider.GetRequiredService <ConfigurationDbContext>();
//Seed clients
bool frontEndClientExists =
configurationContext.Clients.Any(x => x.ClientId == "7ceea8f0-9ef6-4a41-b0d7-d4ebe99430bb");
if (!frontEndClientExists)
{
Client frontEndClient = new Client
{
ClientName = "Microservices.WebUI",
ClientId = "7ceea8f0-9ef6-4a41-b0d7-d4ebe99430bb",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true,
PostLogoutRedirectUris = new List <string>()
{
"http://localhost:4200"
},
RedirectUris = new List <string>()
{
"http://localhost:4200/authentication/signin-oidc",
"http://localhost:4200/authentication/redirect-silent"
},
AllowedScopes = new List <string>()
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"roles", "portal-gateway", "product-service-api"
},
ClientSecrets = new List <Secret>()
{
new Secret("2af62f010fab4e558324b841d8006be1".Sha256())
},
Claims = new List <ClientClaim>()
{
new ClientClaim(string.Empty, "openid"),
new ClientClaim(string.Empty, "profile"),
new ClientClaim(string.Empty, "roles")
}
};
configurationContext.Clients.Add(frontEndClient.ToEntity());
}
//Seed identity resources
IdentityResources.OpenId openId = new IdentityResources.OpenId();
if (!configurationContext.IdentityResources.Any(x => x.Name == openId.Name))
{
configurationContext.IdentityResources.Add(openId.ToEntity());
}
IdentityResources.Profile profile = new IdentityResources.Profile();
if (!configurationContext.IdentityResources.Any(x => x.Name == profile.Name))
{
configurationContext.IdentityResources.Add(profile.ToEntity());
}
IdentityResource role = new IdentityResource("roles", "Your role(s)", new[] { "role" });
if (!configurationContext.IdentityResources.Any(x => x.Name == role.Name))
{
configurationContext.IdentityResources.Add(role.ToEntity());
}
//Seed api resources
ApiResource portalGateway = new ApiResource("portal-gateway", "Portal.Gateway", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == portalGateway.Name))
{
configurationContext.ApiResources.Add(portalGateway.ToEntity());
}
ApiResource productService = new ApiResource("product-service-api", "ProductService.API", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == productService.Name))
{
configurationContext.ApiResources.Add(productService.ToEntity());
}
ApiResource pricingService = new ApiResource("pricing-service-api", "PricingService.API", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == pricingService.Name))
{
configurationContext.ApiResources.Add(pricingService.ToEntity());
}
ApiResource policyService = new ApiResource("policy-service-api", "PolicyService.API", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == policyService.Name))
{
configurationContext.ApiResources.Add(policyService.ToEntity());
}
ApiResource policySearchService = new ApiResource("policy-search-service-api", "PolicySearchService.API", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == policySearchService.Name))
{
configurationContext.ApiResources.Add(policySearchService.ToEntity());
}
ApiResource paymentService = new ApiResource("payment-service-api", "PaymentService.API", new[] { "role" });
if (!configurationContext.ApiResources.Any(x => x.Name == paymentService.Name))
{
configurationContext.ApiResources.Add(paymentService.ToEntity());
}
//.AddInMemoryApiScopes(new IdentityServer4.Models.ApiScope[] { new IdentityServer4.Models.ApiScope("portal-gateway", "Portal.Gateway", new[] { "role" })})
ApiScope portalGatewayScope = new ApiScope("portal-gateway", "Portal.Gateway", new[] { "role" });
if (!configurationContext.ApiScopes.Any(x => x.Name == portalGatewayScope.Name))
{
configurationContext.ApiScopes.Add(portalGatewayScope.ToEntity());
}
configurationContext.SaveChanges();
}
public static void ConfigurationDbContextSeed(this ModelBuilder modelBuilder)
{
var clientGrantTypeEntity = new ClientGrantType
{
Id = -1,
GrantType = GrantType.ResourceOwnerPassword,
ClientId = -1,
};
var clientScopes = new[]
{
new ClientScope
{
ClientId = -1,
Id = -1,
Scope = "record-keep-api"
},
new ClientScope
{
ClientId = -1,
Id = -2,
Scope = IdentityServerConstants.StandardScopes.OpenId
},
new ClientScope
{
ClientId = -1,
Id = -3,
Scope = IdentityServerConstants.StandardScopes.Profile
}
};
var client = new Client
{
ClientId = "record-keep",
AccessTokenType = AccessTokenType.Jwt,
RequireClientSecret = false,
AllowOfflineAccess = false,
AllowAccessTokensViaBrowser = true
};
var clientEntity = client.ToEntity();
clientEntity.Id = -1;
var apiResourceClaimEntity = new ApiResourceClaim
{
Id = -1,
ApiResourceId = -1,
Type = JwtClaimTypes.Name
};
var apiResourceScopesEntity = new ApiScope
{
Name = "record-keep-api",
Id = -1,
DisplayName = "Record Keep API",
ApiResourceId = -1,
};
var apiResource = new ApiResource
{
Name = "record-keep-api",
DisplayName = "Record Keep API"
};
var apiResourceEntity = apiResource.ToEntity();
apiResourceEntity.Id = -1;
var openIdIdentity = new IdentityResources.OpenId().ToEntity();
var profileIdentity = new IdentityResources.Profile().ToEntity();
openIdIdentity.Id = -1;
profileIdentity.Id = -2;
var identityClaimOpenId = new IdentityClaim
{
Id = -1,
Type = JwtClaimTypes.Subject,
IdentityResourceId = -1
};
var identityClaims = new List <IdentityClaim>
{
identityClaimOpenId
};
var index = -2;
foreach (var claims in profileIdentity.UserClaims)
{
identityClaims.Add(new IdentityClaim
{
Id = index,
Type = claims.Type,
IdentityResourceId = -2,
});
index--;
}
openIdIdentity.UserClaims = new List <IdentityClaim>();
profileIdentity.UserClaims = new List <IdentityClaim>();
modelBuilder.Entity <ClientGrantType>().HasData(clientGrantTypeEntity);
modelBuilder.Entity <ClientScope>().HasData(clientScopes);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.Client>().HasData(clientEntity);
modelBuilder.Entity <ApiResourceClaim>().HasData(apiResourceClaimEntity);
modelBuilder.Entity <ApiScope>().HasData(apiResourceScopesEntity);
modelBuilder.Entity <IdentityServer4.EntityFramework.Entities.ApiResource>().HasData(apiResourceEntity);
modelBuilder.Entity <IdentityResource>().HasData(openIdIdentity, profileIdentity);
modelBuilder.Entity <IdentityClaim>().HasData(identityClaims);
}