public SwaggerUIOptionsConfigure(
IOptions <SwaggerOAuth2Options> swaggerOAuth2Options,
IOptions <OAuth2Options> oauth2Options)
{
this.swaggerOAuth2Options = swaggerOAuth2Options.Value;
this.oauth2Options = oauth2Options.Value;
}
///// <summary>
///// 重写以实现<see cref="IdentityServerOptions"/>的配置
///// </summary>
///// <returns></returns>
//protected override Action<IdentityServerOptions> IdentityServerOptionsAction()
//{
// return options =>
// {
// //Authentication
// ////设置用于交互用户的主机所混杂的cookie创作方案。如果未设置,则该方案将从主机的默认身份验证方案中推断。当主机中使用AddPolicyScheme作为默认方案时,通常使用此设置。
// //options.Authentication.CookieAuthenticationScheme = IdentityServerConstants.DefaultCheckSessionCookieName;
// //用于检查会话终结点的cookie的名称。默认为idsrv.session
// //options.Authentication.CheckSessionCookieName = "";
// //身份验证cookie生存期(只有在使用IdghtyServer提供的cookie处理程序时才有效)。
// options.Authentication.CookieLifetime = TimeSpan.FromMinutes(720);
// //指定Cookie是否应该是滑动的(只有在使用IdghtyServer提供的Cookie处理程序时才有效)。
// options.Authentication.CookieSlidingExpiration = true;
// //指示用户是否必须通过身份验证才能接受结束会话终结点的参数。默认为false。
// //options.Authentication.RequireAuthenticatedUserForSignOutMessage = false;
// //如果设置,将需要在结束会话回调端点上发出帧-src csp报头,该端点将iframes呈现给客户端以进行前端通道签名通知。默认为true。
// //options.Authentication.RequireCspFrameSrcForSignout = true;
// options.Events.RaiseErrorEvents = true;
// options.Events.RaiseFailureEvents = true;
// options.Events.RaiseInformationEvents = true;
// options.Events.RaiseSuccessEvents = true;
// options.UserInteraction = new UserInteractionOptions
// {
// LoginUrl = "/Account/Login",//【必备】登录地址
// LogoutUrl = "/Account/Logout",//【必备】退出地址
// ConsentUrl = "/Consent/Index",//【必备】允许授权同意页面地址
// ErrorUrl = "/Home/Error", //【必备】错误页面地址
// LoginReturnUrlParameter = "ReturnUrl",//【必备】设置传递给登录页面的返回URL参数的名称。默认为returnUrl
// LogoutIdParameter = "logoutId", //【必备】设置传递给注销页面的注销消息ID参数的名称。缺省为logoutId
// ConsentReturnUrlParameter = "ReturnUrl", //【必备】设置传递给同意页面的返回URL参数的名称。默认为returnUrl
// ErrorIdParameter = "errorId", //【必备】设置传递给错误页面的错误消息ID参数的名称。缺省为errorId
// CustomRedirectReturnUrlParameter = "ReturnUrl", //【必备】设置从授权端点传递给自定义重定向的返回URL参数的名称。默认为returnUrl
// CookieMessageThreshold = 5 //【必备】由于浏览器对Cookie的大小有限制,设置Cookies数量的限制,有效的保证了浏览器打开多个选项卡,一旦超出了Cookies限制就会清除以前的Cookies值
// };
// };
//}
/// <summary>
/// 添加Authentication服务
/// </summary>
/// <param name="services"></param>
/// <param name="idsOptions"></param>
/// <param name="configuration"></param>
protected override void AddAuthentication(IServiceCollection services, IdentityServerConfiguration idsOptions, IConfiguration configuration)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
AuthenticationBuilder authenticationBuilder = services.AddAuthentication();
//AuthenticationBuilder authenticationBuilder = services.AddAuthentication(options =>
//{
// //options.DefaultScheme = "cookie";
// options.DefaultChallengeScheme = "oidc";
//});
//authenticationBuilder.AddCookie(options =>
//{
// options.Cookie.Name = "HybridCookie";
// //options.Events.OnSigningOut = async e => { await e.HttpContext.RevokeUserRefreshTokenAsync(); };
//});
//authenticationBuilder.AddOpenIdConnect("oidc", options =>
// {
// options.Authority = idsOptions.Authority;
// options.ClientId = "";
// options.ClientSecret = "secret";
// // code flow + PKCE (PKCE is turned on by default)
// options.ResponseType = "code";
// options.UsePkce = true;
// options.Scope.Clear();
// options.Scope.Add("openid");
// options.Scope.Add("profile");
// options.Scope.Add("email");
// options.Scope.Add("offline_access");
// options.Scope.Add(idsOptions.Audience);
// // not mapped by default
// options.ClaimActions.MapJsonKey("website", "website");
// // keeps id_token smaller
// options.GetClaimsFromUserInfoEndpoint = true;
// options.SaveTokens = true;
// options.TokenValidationParameters = new TokenValidationParameters
// {
// NameClaimType = "name",
// RoleClaimType = "role"
// };
// });
if (idsOptions.IsLocalApi)
{
// 1.如果在本项目中使用webapi则添加,并且在UseModule中不能使用app.UseAuthentication
// 2.在webapi上添加[Authorize(AuthenticationSchemes = IdentityServerConstants.LocalApi.AuthenticationScheme)]标记
// 3.在本框架中使用HybridConsts.LocalApi.AuthenticationScheme
authenticationBuilder.AddLocalApi(HybridConstants.LocalApi.AuthenticationScheme,
options =>
{
options.ExpectedScope = HybridConstants.LocalApi.ScopeName;
options.SaveToken = true;
});
// OAuth2
IConfigurationSection section = configuration.GetSection("Hybrid:OAuth2");
IDictionary <string, OAuth2Options> dict = section.Get <Dictionary <string, OAuth2Options> >();
if (dict == null)
{
return;
}
foreach (KeyValuePair <string, OAuth2Options> pair in dict)
{
OAuth2Options value = pair.Value;
//https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
switch (pair.Key)
{
case "QQ":
authenticationBuilder.AddQQ(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
//case "Microsoft":
// authenticationBuilder.AddMicrosoftAccount(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
//case "GitHub":
// authenticationBuilder.AddGitHub(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
default:
break;
}
}
}
else
{
// TODO: IdentityServer
//// IdentityServer
//services.AddAuthentication(Configuration["IdentityService:DefaultScheme"])
// //.AddIdentityServerAuthentication(options =>
// //{
// // options.Authority = Configuration["IdentityService:Uri"];
// // options.RequireHttpsMetadata = Convert.ToBoolean(Configuration["IdentityService:UseHttps"]);
// // options.ApiName = serviceName;
// //})
// .AddJwtBearer(Configuration["IdentityService:DefaultScheme"], options =>
// {
// options.Authority = Configuration["IdentityService:Uri"];
// options.RequireHttpsMetadata = Convert.ToBoolean(Configuration["IdentityService:UseHttps"]);
// options.Audience = serviceName;
// options.TokenValidationParameters.ClockSkew = TimeSpan.FromMinutes(1);//验证token超时时间频率
// options.TokenValidationParameters.RequireExpirationTime = true;
// });
}
//// adds user and client access token management
//services.AddAccessTokenManagement(options =>
//{
// // client config is inferred from OpenID Connect settings
// // if you want to specify scopes explicitly, do it here, otherwise the scope parameter will not be sent
// options.Client.Scope = HybridConsts.LocalApi.ScopeName;
//})
// .ConfigureBackchannelHttpClient()
// .AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(new[]
// {
// TimeSpan.FromSeconds(1),
// TimeSpan.FromSeconds(2),
// TimeSpan.FromSeconds(3)
// }));
}
/// <summary>
/// 添加Authentication服务
/// </summary>
/// <param name="services">服务集合</param>
protected override void AddAuthentication(IServiceCollection services)
{
IConfiguration configuration = services.GetConfiguration();
AuthenticationBuilder authenticationBuilder = services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(jwt =>
{
string secret = configuration["OSharp:Jwt:Secret"];
if (secret.IsNullOrEmpty())
{
throw new OsharpException("配置文件中Jwt节点的Secret不能为空");
}
jwt.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = configuration["OSharp:Jwt:Issuer"],
ValidAudience = configuration["OSharp:Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)),
LifetimeValidator = (before, expires, token, param) => expires > DateTime.Now,
ValidateLifetime = true
};
jwt.SecurityTokenValidators.Clear();
jwt.SecurityTokenValidators.Add(new OnlineUserJwtSecurityTokenHandler());
jwt.Events = new JwtBearerEvents()
{
// 生成SignalR的用户信息
OnMessageReceived = context =>
{
string token = context.Request.Query["access_token"];
string path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(token) && path.Contains("hub"))
{
context.Token = token;
}
return(Task.CompletedTask);
}
};
//}).AddQQ(qq =>
//{
// qq.AppId = configuration["Authentication:QQ:AppId"];
// qq.AppKey = configuration["Authentication:QQ:AppKey"];
// qq.CallbackPath = new PathString("/api/identity/OAuth2Callback");
});
// OAuth2
IConfigurationSection section = configuration.GetSection("OSharp:OAuth2");
IDictionary <string, OAuth2Options> dict = section.Get <Dictionary <string, OAuth2Options> >();
if (dict == null)
{
return;
}
foreach (KeyValuePair <string, OAuth2Options> pair in dict)
{
OAuth2Options value = pair.Value;
if (!value.Enabled)
{
continue;
}
if (string.IsNullOrEmpty(value.ClientId))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientId不能为空");
}
if (string.IsNullOrEmpty(value.ClientSecret))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientSecret不能为空");
}
switch (pair.Key)
{
case "QQ":
authenticationBuilder.AddQQ(opts =>
{
opts.AppId = value.ClientId;
opts.AppKey = value.ClientSecret;
});
break;
case "Microsoft":
authenticationBuilder.AddMicrosoftAccount(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
case "GitHub":
authenticationBuilder.AddGitHub(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
}
}
}
/// <summary>
/// 添加Authentication服务
/// </summary>
/// <param name="services">服务集合</param>
protected override void AddAuthentication(IServiceCollection services)
{
IConfiguration configuration = services.GetConfiguration();
AuthenticationBuilder authenticationBuilder = services.AddAuthentication("Bearer")
.AddLocalApi(options =>
{
options.ExpectedScope = "api1";
});
//services.AddAuthentication("Bearer")
// .AddJwtBearer("Bearer", options =>
// {
// options.Authority = "http://localhost:50020";
// options.RequireHttpsMetadata = false;
// options.Audience = "api1";
// });
// OAuth2
// https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
IConfigurationSection section = configuration.GetSection("OSharp:OAuth2");
IDictionary <string, OAuth2Options> dict = section.Get <Dictionary <string, OAuth2Options> >();
if (dict == null)
{
return;
}
foreach (KeyValuePair <string, OAuth2Options> pair in dict)
{
OAuth2Options value = pair.Value;
if (!value.Enabled)
{
continue;
}
if (string.IsNullOrEmpty(value.ClientId))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientId不能为空");
}
if (string.IsNullOrEmpty(value.ClientSecret))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientSecret不能为空");
}
switch (pair.Key)
{
//case "QQ":
// authenticationBuilder.AddQQ(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
case "Microsoft":
authenticationBuilder.AddMicrosoftAccount(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
//case "GitHub":
// authenticationBuilder.AddGitHub(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
case "Google":
authenticationBuilder.AddGoogle(opts =>
{
opts.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
// register your IdentityServer with Google at https://console.developers.google.com
// enable the Google+ API
// set the redirect URI to http://localhost:5000/signin-google
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
}
}
}
/// <summary>
/// 添加Authentication服务
/// </summary>
/// <param name="services">服务集合</param>
protected override void AddAuthentication(IServiceCollection services)
{
IConfiguration configuration = services.GetConfiguration();
// JwtBearer
AuthenticationBuilder authenticationBuilder = services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme);
// 1.如果在本项目中使用webapi则添加,并且在UseModule中不能使用app.UseAuthentication
// 2.在webapi上添加[Authorize(AuthenticationSchemes = IdentityServerConstants.LocalApi.AuthenticationScheme)]标记
// 3.在本框架中使用ESoftorConstants.LocalApi.AuthenticationScheme
authenticationBuilder.AddLocalApi(ESoftorConstants.LocalApi.AuthenticationScheme, options => { options.ExpectedScope = IdentityServerConstants.LocalApi.ScopeName; });
// OAuth2
IConfigurationSection section = configuration.GetSection("ESoftor:OAuth2");
IDictionary <string, OAuth2Options> dict = section.Get <Dictionary <string, OAuth2Options> >();
if (dict == null)
{
return;
}
foreach (KeyValuePair <string, OAuth2Options> pair in dict)
{
OAuth2Options value = pair.Value;
if (!value.Enabled)
{
continue;
}
if (string.IsNullOrEmpty(value.ClientId))
{
throw new ESoftorException($"配置文件中ESoftor:OAuth2配置的{pair.Key}节点的ClientId不能为空");
}
if (string.IsNullOrEmpty(value.ClientSecret))
{
throw new ESoftorException($"配置文件中ESoftor:OAuth2配置的{pair.Key}节点的ClientSecret不能为空");
}
//https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
switch (pair.Key)
{
case "QQ":
authenticationBuilder.AddQQ(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
//case "Microsoft":
// authenticationBuilder.AddMicrosoftAccount(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
//case "GitHub":
// authenticationBuilder.AddGitHub(opts =>
// {
// opts.ClientId = value.ClientId;
// opts.ClientSecret = value.ClientSecret;
// });
// break;
}
}
}
/// <summary>
/// 添加Authentication服务
/// </summary>
/// <param name="services">服务集合</param>
protected override void AddAuthentication(IServiceCollection services)
{
IConfiguration configuration = services.GetConfiguration();
// JwtBearer
AuthenticationBuilder authenticationBuilder = services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});
services.TryAddScoped <IJwtBearerService, JwtBearerService <User, int> >();
services.TryAddScoped <IAccessClaimsProvider, AccessClaimsProvider <User, int> >();
authenticationBuilder.AddJwtBearer(jwt =>
{
string secret = configuration["OSharp:Jwt:Secret"];
if (secret.IsNullOrEmpty())
{
throw new OsharpException("配置文件中OSharp配置的Jwt节点的Secret不能为空");
}
jwt.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = configuration["OSharp:Jwt:Issuer"] ?? "osharp identity",
ValidAudience = configuration["OSharp:Jwt:Audience"] ?? "osharp client",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)),
LifetimeValidator = (nbf, exp, token, param) => exp > DateTime.UtcNow
};
jwt.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
// 生成SignalR的用户信息
string token = context.Request.Query["access_token"];
string path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(token) && path.Contains("hub"))
{
context.Token = token;
}
return(Task.CompletedTask);
},
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return(Task.CompletedTask);
}
};
});
// OAuth2
IConfigurationSection section = configuration.GetSection("OSharp:OAuth2");
IDictionary <string, OAuth2Options> dict = section.Get <Dictionary <string, OAuth2Options> >();
if (dict == null)
{
return;
}
foreach (KeyValuePair <string, OAuth2Options> pair in dict)
{
OAuth2Options value = pair.Value;
if (!value.Enabled)
{
continue;
}
if (string.IsNullOrEmpty(value.ClientId))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientId不能为空");
}
if (string.IsNullOrEmpty(value.ClientSecret))
{
throw new OsharpException($"配置文件中OSharp:OAuth2配置的{pair.Key}节点的ClientSecret不能为空");
}
switch (pair.Key)
{
case "QQ":
authenticationBuilder.AddQQ(opts =>
{
opts.AppId = value.ClientId;
opts.AppKey = value.ClientSecret;
});
break;
case "Microsoft":
authenticationBuilder.AddMicrosoftAccount(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
case "GitHub":
authenticationBuilder.AddGitHub(opts =>
{
opts.ClientId = value.ClientId;
opts.ClientSecret = value.ClientSecret;
});
break;
}
}
}
public SwaggerGenOptionsConfigure(IOptions<OAuth2Options> oauth2Options, IOptions<ApiAuthorizationOptions> apiAuthorizationOptions)
{
this.oauth2Options = oauth2Options.Value;
this.apiAuthorizationOptions = apiAuthorizationOptions.Value;
}
public SwaggerGenOptionsConfigure(IOptions <OAuth2Options> oauth2Options)
{
this.oauth2Options = oauth2Options.Value;
}
