/// <summary> /// 添加IdentityServer Api /// </summary> /// <param name="services">服务收藏</param> /// <param name="appConfig">应用配置</param> /// <param name="options">IdentityServer Api配置信息回调</param> /// <returns>服务收藏</returns> public static IServiceCollection AddIdentityServerApi(this IServiceCollection services, IConfiguration appConfig, Action <IdentityServerApiInfo> options) { if (options == null) { throw new ArgumentException("IdentityServer Api配置信息回调不能为空"); } var config = new IdentityServerApiInfo(); if (options != null) { options(config); } services.AddIdentityServerApi(appConfig, config); return(services); }
/// <summary> /// 添加IdentityServer Api /// </summary> /// <param name="services">服务收藏</param> /// <param name="appConfig">应用配置</param> /// <param name="config">IdentityServer Api配置信息</param> /// <returns>服务收藏</returns> private static IServiceCollection AddIdentityServerApi(this IServiceCollection services, IConfiguration appConfig, IdentityServerApiInfo config) { if (config == null) { throw new ArgumentNullException("IdentityServer Api配置信息不能为null"); } if (appConfig == null) { throw new ArgumentNullException("应用配置不能为null"); } if (string.IsNullOrWhiteSpace(config.IdentityServerUrl)) { throw new ArgumentNullException("IdentityServer Url地址不能为空"); } if (string.IsNullOrWhiteSpace(config.Service.ServiceName)) { config.Service.ServiceName = appConfig["ServiceName"]; } services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddJwtBearer(config.AuthSchemeKey, options => { options.Authority = config.IdentityServerUrl; options.RequireHttpsMetadata = config.RequireHttpsMetadata; options.SaveToken = config.SaveToken; options.Audience = config.Service.ServiceName; options.TokenValidationParameters = new TokenValidationParameters { ValidateAudience = false }; }); services.AddAuthorization(options => { options.AddPolicy(config.Service.PolicyName, policy => { policy.RequireAuthenticatedUser(); policy.RequireClaim("scope", config.Service.ServiceName); }); }); return(services); }