/// <summary> /// 验证用户 /// </summary> /// <param name="loginName"></param> /// <param name="password"></param> /// <returns></returns> private async Task <List <Claim> > ValidateUserAsync(string loginName, string password) { //TODO 这里可以通过用户名和密码到数据库中去验证是否存在, // 以及角色相关信息,我这里还是使用内存中已经存在的用户和密码 var user = OAuthMemoryData.GetTestUsers(); if (user == null) { throw new Exception("登录失败,用户名和密码不正确"); } return(new List <Claim>() { new Claim(ClaimTypes.Name, $"{loginName}"), }); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers(); #region 内存方式 services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryApiResources(OAuthMemoryData.GetApiResources()) .AddInMemoryClients(OAuthMemoryData.GetClients()) .AddTestUsers(OAuthMemoryData.GetTestUsers()); #endregion services.AddAuthorization(); services.AddAuthentication("Bearer") .AddIdentityServerAuthentication(options => { options.Authority = "http://localhost:5000"; //配置Identityserver的授权地址 options.RequireHttpsMetadata = false; //不需要https options.ApiName = OAuthConfig.UserApi.ApiName; //api的name,需要和config的名称相同 }); }
/// <summary> /// 验证用户 /// </summary> /// <param name="loginName"></param> /// <param name="password"></param> /// <returns></returns> private async Task <List <Claim> > ValidateUserAsync(string loginName, string password) { //TODO 这里可以通过用户名和密码到数据库中去验证是否存在, // 以及角色相关信息,我这里还是使用内存中已经存在的用户和密码 var user = OAuthMemoryData.GetTestUsers(); if (user == null) { throw new Exception("登录失败,用户名和密码不正确"); } //下面的Claim 声明我为了演示,硬编码了, //实际生产环境需要通过读取数据库的信息并且来声明 return(new List <Claim>() { new Claim(ClaimTypes.Name, $"{loginName}"), new Claim(EnumUserClaim.DisplayName.ToString(), "测试用户"), new Claim(EnumUserClaim.UserId.ToString(), "10001"), new Claim(EnumUserClaim.MerchantId.ToString(), "000100001"), new Claim(JwtClaimTypes.Role.ToString(), nameof(EnumUserRole.Normal)) }); }