/// <summary>
/// 验证用户
/// </summary>
/// <param name="loginName"></param>
/// <param name="password"></param>
/// <returns></returns>
private async Task <List <Claim> > ValidateUserAsync(string loginName, string password)
{
//TODO 这里可以通过用户名和密码到数据库中去验证是否存在,
// 以及角色相关信息,我这里还是使用内存中已经存在的用户和密码
var user = OAuthMemoryData.GetTestUsers();
if (user == null)
{
throw new Exception("登录失败,用户名和密码不正确");
}
return(new List <Claim>()
{
new Claim(ClaimTypes.Name, $"{loginName}"),
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
#region 内存方式
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(OAuthMemoryData.GetApiResources())
.AddInMemoryClients(OAuthMemoryData.GetClients())
.AddTestUsers(OAuthMemoryData.GetTestUsers());
#endregion
services.AddAuthorization();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000"; //配置Identityserver的授权地址
options.RequireHttpsMetadata = false; //不需要https
options.ApiName = OAuthConfig.UserApi.ApiName; //api的name,需要和config的名称相同
});
}
/// <summary>
/// 验证用户
/// </summary>
/// <param name="loginName"></param>
/// <param name="password"></param>
/// <returns></returns>
private async Task <List <Claim> > ValidateUserAsync(string loginName, string password)
{
//TODO 这里可以通过用户名和密码到数据库中去验证是否存在,
// 以及角色相关信息,我这里还是使用内存中已经存在的用户和密码
var user = OAuthMemoryData.GetTestUsers();
if (user == null)
{
throw new Exception("登录失败,用户名和密码不正确");
}
//下面的Claim 声明我为了演示,硬编码了,
//实际生产环境需要通过读取数据库的信息并且来声明
return(new List <Claim>()
{
new Claim(ClaimTypes.Name, $"{loginName}"),
new Claim(EnumUserClaim.DisplayName.ToString(), "测试用户"),
new Claim(EnumUserClaim.UserId.ToString(), "10001"),
new Claim(EnumUserClaim.MerchantId.ToString(), "000100001"),
new Claim(JwtClaimTypes.Role.ToString(), nameof(EnumUserRole.Normal))
});
}
