IdentityServer4入门

宋望
2023-12-01

IdentifyServer项目

IdentityServer4是用于ASP.NET Core的OpenID Connect和OAuth 2.0框架。

官网:https://identityserver4.readthedocs.io/en/latest/

  1. 创建Asp.net Web Core 空 模板项目,可以将基命名为:IdentityServer(名称可以随意,一般都取这个),注意必须配置Https

  2. 引用IdentityServer4

  3. 配置Config,必须是static 类

    /// <summary>
    /// IdentityServer4配置类
    /// </summary>
    public static class Config
    {
        /// <summary>
        /// Api范围
        /// </summary>
        public static IEnumerable<ApiScope> ApiScopes => new[]
        {
            new ApiScope()
            {
                Name = "simple_api",
                DisplayName = "Simple_API"
            }
        };
    
        public static IEnumerable<Client> Clients => new[]
        {
            new Client()
            {
                ClientId = "simple_client",
                ClientSecrets = new List<Secret>()
                {
                    new Secret("simple_client_secret".Sha256())
                },
                AllowedGrantTypes = new List<string>(){GrantType.ClientCredentials},
                AllowedScopes = { "simple_api" }//允许访问的api,可以有多个
            },
            //资源拥有者客户端
            new Client()
            {
                ClientId = "simple_pass_client",
                ClientSecrets = new List<Secret>()
                {
                    new Secret("simple_client_secret".Sha256())
                },
                AllowedGrantTypes = new List<string>(){GrantType.ResourceOwnerPassword},
                AllowedScopes = { "simple_api" }//允许访问的api,可以有多个
            },
    
            //配置OICD 重定向
            new Client()
            {
                ClientId = "simple_mvc_client",
                ClientName = "Simple Mvc Client",
                ClientSecrets = new List<Secret>()
                {
                    new Secret("simple_client_secret".Sha256())
                },
                AllowedGrantTypes = new List<string>(){GrantType.AuthorizationCode}, //授权码许可协议
    
                //登录成功的跳转地址(坑点:必须使用Https!!!)
                RedirectUris = {"https://localhost:4001/signin-oidc"}, //mvc客户端的地址,signin-oidc:标准协议里的端点名称
                //登出后的跳转地址
                PostLogoutRedirectUris = {"https://localhost:4001/signout-callback-oidc"},
                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile, //IdentityResources中定义了这两项,在这里也需要声明
                    "simple_api"
                },//允许访问的api,可以有多个
                RequireConsent = true //是否需要用户点同意
            },
        };
        //资源拥有者(TestUser只是IdentifyServer4提供的一个测试用户)
        public static List<TestUser> Users = new List<TestUser>()
        {
            new TestUser()
            {
                SubjectId = "1",
                Username = "admin",
                Password = "123"
            }
        };
        //定义身份资源(标准的oidc(OpenId Connect))
        public static IEnumerable<IdentityResource> IdentityResources = new List<IdentityResource>()
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),//档案信息(昵称,头像。。。)
        };
    }
    
    1. StartUp.cs 中的ConfigureServices 方法中配置如下:
public void ConfigureServices(IServiceCollection services)
{
    services.AddControllersWithViews();

    services.AddIdentityServer()
        .AddDeveloperSigningCredential()  //默认的生成的密钥(运行后,会在项目根目录下生成文件 tempkey.jwk)
        .AddInMemoryClients(Config.Clients) //注册客户端
        .AddInMemoryApiScopes(Config.ApiScopes) //注册api访问范围
        .AddTestUsers(Config.Users) //注册资源拥有者
        .AddInMemoryIdentityResources(Config.IdentityResources); //用户的身份资源信息(例如:显示昵称,头像,等等信息)
}
  1. StartUp.cs 中的 Configure 配置如下代码
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseStaticFiles();
    app.UseRouting();
    app.UseIdentityServer();
    app.UseAuthorization();
    app.UseEndpoints(endpoint =>
                     {
                         endpoint.MapDefaultControllerRoute();
                     });
}
  1. 运行测试地址:https://localhost:5000/.well-known/openid-configuration
{
    "issuer": "https://localhost:5000",
    "jwks_uri": "https://localhost:5000/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "https://localhost:5000/connect/authorize",
    "token_endpoint": "https://localhost:5000/connect/token",
    "userinfo_endpoint": "https://localhost:5000/connect/userinfo",
    "end_session_endpoint": "https://localhost:5000/connect/endsession",
    "check_session_iframe": "https://localhost:5000/connect/checksession",
    "revocation_endpoint": "https://localhost:5000/connect/revocation",
    "introspection_endpoint": "https://localhost:5000/connect/introspect",
    "device_authorization_endpoint": "https://localhost:5000/connect/deviceauthorization",
    "frontchannel_logout_supported": true,
    "frontchannel_logout_session_supported": true,
    "backchannel_logout_supported": true,
    "backchannel_logout_session_supported": true,
    "scopes_supported": [
        "simple_api",
        "offline_access"
    ],
    "claims_supported": [],
    "grant_types_supported": [
        "authorization_code",
        "client_credentials",
        "refresh_token",
        "implicit",
        "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
    ],
    "response_modes_supported": [
        "form_post",
        "query",
        "fragment"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_basic",
        "client_secret_post"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "subject_types_supported": [
        "public"
    ],
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ],
    "request_parameter_supported": true
}

5.测试client : Post 请求 https://localhost:5000/connect/token,传递请求参数:

  • 测试 客户端1(simple_client)

    client_id:simple_client

    client_secret:simple_client_secret

    grant_type:client_credentials

{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjlBMjVFQUVFMjI4RDQyOUQ0QzFEMTc1NjNENzJEQTgzIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzE4ODg4MzYsImV4cCI6MTYzMTg5MjQzNiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiY2xpZW50X2lkIjoic2ltcGxlX2NsaWVudCIsImp0aSI6IjRBNjI4QUNDODg3OTIxN0YzNzk4QTAwNTUyQjk5OTc4IiwiaWF0IjoxNjMxODg4ODM2LCJzY29wZSI6WyJzaW1wbGVfYXBpIl19.dfWw0h1bpHJy-NAyfOQBEAqthFStndAMPq7nWFAxabKm9A2Wlw4FE9t1bci2DZtgZftb4Uj4GHmibtGyqnTmc4z_OBdZ7llIW3o_LcbiUjMrefohOFGSyRuGVlbzRZb1pbcru8JoNG9k4bFrCLVWvNRUUcUTdVan6ydMkYqNQUg_NJKhKGW9n0HbuoE5nE2yM2eqHHB6IOd6uMYvWzlISfgWNvHlBGtXTGvBkfYjikf6yEz7FuKwuijDeLGPkAbb407ZzFCw-Qo_GV1I9Nzp3IrRe9n9oSSq3_h2plLuL8gNgP8L3Bb82k_LKS-wjBEtm9eLgAh1Mdn6nEL1ezutpg",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "simple_api"
}

其中access_token ,这串字符串的结构就是jwt结构包装的令牌,我们可以将这个字符串放入https://jwt.ms 来进行解密看看这到底包装了啥。

{
  "alg": "RS256",
  "kid": "9A25EAEE228D429D4C1D17563D72DA83",
  "typ": "at+jwt"
}.{
  "nbf": 1631888836,
  "exp": 1631892436,
  "iss": "https://localhost:5000",
  "client_id": "simple_client",
  "jti": "4A628ACC8879217F3798A00552B99978",
  "iat": 1631888836,
  "scope": [
    "simple_api"
  ]
}.[Signature]
  • 测试客户端2(资源拥有者客户端:simple_pass_client )

client_id:simple_pass_client

client_secret:simple_client_secret

grant_type:password(其实就是GrantType.ResourceOwnerPassword)

username:admin(与Config类中资源拥有客户端一致)

password:123(与Config类中资源拥有客户端一致)

{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjZBQTAwQjMzQTExQzE1M0VGNTZDRkVCNzQ4RTZDQjQxIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzIxNDk5MDgsImV4cCI6MTYzMjE1MzUwOCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMCIsImNsaWVudF9pZCI6InNpbXBsZV9wYXNzX2NsaWVudCIsInN1YiI6IjEiLCJhdXRoX3RpbWUiOjE2MzIxNDk5MDgsImlkcCI6ImxvY2FsIiwianRpIjoiNjg1QzZDQjBFRjVBQjEzMDhGM0Y1OTlFMDEwMDI3MDciLCJpYXQiOjE2MzIxNDk5MDgsInNjb3BlIjpbInNpbXBsZV9hcGkiXSwiYW1yIjpbInB3ZCJdfQ.tWCsFWnlMinuHvb4UTVK-GxSRUyhSX7GGZPYE05KsZt67K-yriNl1FBI5ZThAWU7qscrCSEBWk1yLd3LR8G3xqEyPkpT4j_xoPTToY7zOAgVHw6wJPV3NxsfzdN07AuYCiPTP9WR9DrWLWy4Iac5GxZ30pcwXNLhPugPRZLG6dUXwry18Dl8jstBHvBQSKGIcrm5HKGeKUxs2aXRg-rl2BmHedRUZK6IjGoABeeSbAUSMfsTOVMdZSXwhdznI6wsjV9YLq3-CerfCIri0BtHVmSJz7hqrq-mg88NK2CZzLEvmKzf73-FprWxdma-6xUEv6E-X4dgOAXt-EZPCSnzWA",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "simple_api"
}

将access_token 放入https://jwt.ms 来进行解密查看结果,也可以与客户端1对比对比

{
  "alg": "RS256",
  "kid": "6AA00B33A11C153EF56CFEB748E6CB41",
  "typ": "at+jwt"
}.{
  "nbf": 1632149908,
  "exp": 1632153508,
  "iss": "https://localhost:5000",
  "client_id": "simple_pass_client",
  "sub": "1",
  "auth_time": 1632149908,
  "idp": "local",
  "jti": "685C6CB0EF5AB1308F3F599E01002707",
  "iat": 1632149908,
  "scope": [
    "simple_api"
  ],
  "amr": [
    "pwd"
  ]
}.[Signature]

Api 项目

  1. 创建一个空的asp.net core webapi

  2. 引用包Microsoft.AspNetCore.Authentication.Jwt 用于做认证

  3. 新建一个普通的Api控制器,在需要认证的方法或者类上面加上[Authorize]标签

    [Route("Identity")]
    [Authorize("MyApiScope")] //MyApiScope 这个字符串与Startup配置一致
    [ApiController]
    public class IdentityController : ControllerBase
    {
        [Authorize]
        public IActionResult Get()
        {
            //用户信息(此时只是为了模拟返回数据,正常开发时:换成访问数据库的代码就行)
            return new JsonResult(from c in User.Claims select new {c.Type, c.Value});
    
        }
    }
    
  4. 修改Startup.cs 类中ConfigureServices 方法代码

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllers();
        services.AddAuthentication("Bearer").AddJwtBearer("Bearer", p =>
        {
            //oidc的服务地址(一定要用https!!)
            p.Authority = "https://localhost:5000";//也就是IdentifyServer项目运行地址
            //设置jwt的验证参数(默认情况下是不需要此验证的)
            p.TokenValidationParameters = new TokenValidationParameters
            {
            	ValidateAudience = false
            };
        });
        //注册授权服务
        services.AddAuthorization(p =>
                                  {
                                      //添加授权策略
                                      p.AddPolicy("MyApiScope", opt =>
                                                  {
                                                      //配置鉴定用户的规则,也就是说必须通过身份认证
                                                      opt.RequireAuthenticatedUser();
                                                      //鉴定api范围的规则
                                                      opt.RequireClaim("scope", "simple_api");
                                                  });
    
                                  });
    }
    
  5. 在Startup.cs 类中的Configure方法添加认证方法,一定要放在app.UseAuthorization() 前面:

     app.UseAuthentication();
    
  6. 测试运行:http://localhost:6000/identity(注意,IdentifyServer 那个项目要最先运行),记得使用Bearer形式调用,也就是在请求头中加上Authorazition:Bearer access_token(注意Bearer后面有个空格),access_token 在上面已经获取到了

[
     {
         "type": "nbf",
         "value": "1632061080"
     },
     {
         "type": "exp",
         "value": "1632064680"
     },
     {
         "type": "iss",
         "value": "https://localhost:5000"
     },
     {
         "type": "client_id",
         "value": "simple_client"
     },
     {
         "type": "jti",
         "value": "BE2D6DCEE4235509666475A049E58DDC"
     },
     {
         "type": "iat",
         "value": "1632061080"
     },
     {
         "type": "scope",
         "value": "simple_api"
     }
 ]
     # 控制台测试客户端(可选)

     1. 新建一个控制台应用(实际开发时,使用WebMvc)

     2. 引用`IdentityModel`,里面封装了

     3. 在Main中编写代码:
//请求客户端(需要先安装IdentityModel)
//由于IdentityModel中大部分都是异步方法,为了方便,我们将Main方法也改成异步方法
//请求客户端(需要先安装IdentityModel)
//由于IdentityModel中大部分都是异步方法,为了方便,我们将Main方法也改成异步方法
static async Task Main(string[] args)
{

    var client = new HttpClient();
    //获取发现文件,也就是https://localhost:5000/.well-known/openid-configuration 这个地址的结果就是发现文档
    var discoveryDocumentAsync = await client.GetDiscoveryDocumentAsync("https://localhost:5000");
    if (discoveryDocumentAsync.IsError)
    {
        Console.WriteLine(discoveryDocumentAsync.Error);
    }

    //与请求https://localhost:5000/connect/token 这个是一个意思
    var tokenResponse = await client.RequestClientCredentialsTokenAsync(
        new ClientCredentialsTokenRequest()
        {
            Address = discoveryDocumentAsync.TokenEndpoint,//获取Token的方法地址(token_endpoint的值)
            ClientId = "simple_client", //与Config类中一致
            GrantType = OidcConstants.GrantTypes.ClientCredentials,
            ClientSecret = "simple_client_secret" //与Config类中一致
        }
    );
    if (tokenResponse.IsError)
    {
        Console.WriteLine(tokenResponse.Error);
    }
    // Console.WriteLine(tokenResponse.Json);


    //此时已经拿到了accessToken,这时,就可以访问api了
    var apiClient = new HttpClient { BaseAddress = new Uri("http://localhost:6000") };
    apiClient.SetBearerToken(tokenResponse.AccessToken);//设置访问令牌
    var httpResponseMessage = await apiClient.GetAsync("Identity");
    var content = await httpResponseMessage.Content.ReadAsStringAsync();
    Console.WriteLine(content);



    //测试资源拥有者客户端
    var resourceTokenResp = await client.RequestPasswordTokenAsync(
        new PasswordTokenRequest()
        {
            Address = discoveryDocumentAsync.TokenEndpoint,//获取Token的方法地址(token_endpoint的值)
            ClientId = "simple_pass_client", //与Config类中一致
            GrantType = OidcConstants.GrantTypes.Password,
            ClientSecret = "simple_client_secret", //与Config类中一致
            UserName = "admin",
            Password = "123"
        }
    );


    var apiPassClient = new HttpClient { BaseAddress = new Uri("http://localhost:6000") };
    apiPassClient.SetBearerToken(resourceTokenResp.AccessToken);//设置访问令牌
    var httpPassResponseMessage = await apiPassClient.GetAsync("Identity");
    var contentPass = await httpPassResponseMessage.Content.ReadAsStringAsync();
    Console.WriteLine(contentPass);


    Console.ReadKey();
}

添加IdentifyServer项目UI

  1. 在IdentifyServer下添加(github项目地址:)IdentityServer4.Quickstart.UI

  2. 安装方式:

    在IdentityServer4项目下,打开cmd,执行如下命令

    • 第一步: dotnet new -i IdentityServer4.Templates::4.0.1 ,4.0.1是版本号,如果不写则使用默认,这个取决于你安装的IdentifyServer4的版本
    • 第二步: dotnet new is4ui
    • 执行结果如下:
   
   F:\workspace\code\练习\IdentifyServer4\Web.Client\IdentityServer>dotnet new -i IdentityServer4.Templates::4.0.1
     正在确定要还原的项目…
     已还原 C:\Users\Administrator\.templateengine\dotnetcli\v5.0.201\scratch\restore.csproj (用时 9.67 sec)。
   
   Templates                                             Short Name           Language    Tags
   ----------------------------------------------------  -------------------  ----------  ----------------------
   Console Application                                   console              [C#],F#,VB  Common/Console
   Class library                                         classlib             [C#],F#,VB  Common/Library
   WPF Application                                       wpf                  [C#],VB     Common/WPF
   WPF Class library                                     wpflib               [C#],VB     Common/WPF
   WPF Custom Control Library                            wpfcustomcontrollib  [C#],VB     Common/WPF
   WPF User Control Library                              wpfusercontrollib    [C#],VB     Common/WPF
   Windows Forms App                                     winforms             [C#],VB     Common/WinForms
   Windows Forms Control Library                         winformscontrollib   [C#],VB     Common/WinForms
   Windows Forms Class Library                           winformslib          [C#],VB     Common/WinForms
   Worker Service                                        worker               [C#],F#     Common/Worker/Web
   Unit Test Project                                     mstest               [C#],F#,VB  Test/MSTest
   NUnit 3 Test Project                                  nunit                [C#],F#,VB  Test/NUnit
   NUnit 3 Test Item                                     nunit-test           [C#],F#,VB  Test/NUnit
   xUnit Test Project                                    xunit                [C#],F#,VB  Test/xUnit
   Razor Component                                       razorcomponent       [C#]        Web/ASP.NET
   Razor Page                                            page                 [C#]        Web/ASP.NET
   MVC ViewImports                                       viewimports          [C#]        Web/ASP.NET
   MVC ViewStart                                         viewstart            [C#]        Web/ASP.NET
   Blazor Server App                                     blazorserver         [C#]        Web/Blazor
   Blazor WebAssembly App                                blazorwasm           [C#]        Web/Blazor/WebAssembly
   ASP.NET Core Empty                                    web                  [C#],F#     Web/Empty
   IdentityServer4 with AdminUI                          is4admin             [C#]        Web/IdentityServer4
   IdentityServer4 with ASP.NET Core Identity            is4aspid             [C#]        Web/IdentityServer4
   IdentityServer4 Empty                                 is4empty             [C#]        Web/IdentityServer4
   IdentityServer4 with Entity Framework Stores          is4ef                [C#]        Web/IdentityServer4
   IdentityServer4 with In-Memory Stores and Test Users  is4inmem             [C#]        Web/IdentityServer4
   IdentityServer4 Quickstart UI (UI assets only)        is4ui                [C#]        Web/IdentityServer4
   ASP.NET Core Web App (Model-View-Controller)          mvc                  [C#],F#     Web/MVC
   ASP.NET Core Web App                                  webapp               [C#]        Web/MVC/Razor Pages
   ASP.NET Core with Angular                             angular              [C#]        Web/MVC/SPA
   ASP.NET Core with React.js                            react                [C#]        Web/MVC/SPA
   ASP.NET Core with React.js and Redux                  reactredux           [C#]        Web/MVC/SPA
   Razor Class Library                                   razorclasslib        [C#]        Web/Razor/Library
   ASP.NET Core Web API                                  webapi               [C#],F#     Web/WebAPI
   ASP.NET Core gRPC Service                             grpc                 [C#]        Web/gRPC
   dotnet gitignore file                                 gitignore                        Config
   global.json file                                      globaljson                       Config
   NuGet Config                                          nugetconfig                      Config
   Dotnet local tool manifest file                       tool-manifest                    Config
   Web Config                                            webconfig                        Config
   Solution File                                         sln                              Solution
   Protocol Buffer File                                  proto                            Web/gRPC
   
   Examples:
       dotnet new mvc --auth Individual
       dotnet new nunit -f net472
       dotnet new --help
       dotnet new is4admin --help
   
   F:\workspace\code\练习\IdentifyServer4\Web.Client\IdentityServer>dotnet new is4ui
   The template "IdentityServer4 Quickstart UI (UI assets only)" was created successfully.
   
   F:\workspace\code\练习\IdentifyServer4\Web.Client\IdentityServer>

此时,你回到vs中,可以看到IdentityServer项目中会多出wwwroot,QuickStart,Views 这几个文件夹,表示成功了!!

友情提示:如果dotnet new -i IdentityServer4.Templates::4.0.1 命令如果已经执行过了,下次就不需要重新执行了,只需要执行dotnet new is4ui 命令即可!!!

  1. 在Configure 方法中注册路由与授权
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
	app.UseStaticFiles();
    app.UseRouting();
    app.UseIdentityServer();
    app.UseAuthorization();
    app.UseEndpoints(endpoint =>
                     {
                         endpoint.MapDefaultControllerRoute();
                     });
}

创建Mvc客户端(你的正文或者说你的系统)

这个客户端,其实就是你要做的系统。

  1. 创建项目Identity.MvcClient 项目(这个名字你随便写)
  2. 引用 Microsoft.AspNetCore.Authentication.OpenIdConnect
  3. 在你需要受保护的控制器或者视图上添加 [Authorize]标签
  4. 在startup.cs 类中 ConfigureServices 方法中添加oidc(OpenId Connect) 认证
public void ConfigureServices(IServiceCollection services)
{
    services.AddControllersWithViews();
    JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
    services.AddAuthentication(p =>
                               {
                                   p.DefaultScheme = "Cookies";
                                   p.DefaultChallengeScheme = "oidc";

                               })
        .AddCookie("Cookies")
        .AddOpenIdConnect("oidc", p =>
                          {
                              p.Authority = "https://localhost:5000";//IdentityServer 项目的运行地址,一定要用Https
                              p.ClientId = "simple_mvc_client";
                              p.ClientSecret = "simple_client_secret";
                              p.ResponseType = "code";//使用授权码形式
                              p.SaveTokens = true; //把令牌保存在cookie里
                              p.Scope.Add("simple_api");//验证令牌中,是否包含simple_api
                          });
}
  1. 在 Configure方法添加认证中间件,注意:必须放在app.UseAuthorization()前面
app.UseAuthentication();
  1. 运行IdentityServer项目与Mvc项目,此时,如果访问受保护的资源时,则到自动跳转至IdentityServer项目登录页面,登录成功之后,会立即返回刚刚你所访问的受保护的资源页面,配置成功!!

  2. 实现退出登录。随意在一个控制器中创建一个方法,表示退出登录

//实现退出页面
public IActionResult Logout()
{
    //清除Cookies,与oidc信息
    return SignOut("Cookies", "oidc");
}

配置EF Core

  1. 在IdentityServer 项目中添加引用:IdentityServer4.EntityFramework

    IdentityServer4.EntityFramework implements the required stores and services using the following DbContexts:

    • ConfigurationDbContext - used for configuration data such as clients, resources, and scopes
    • PersistedGrantDbContext - used for temporary operational data such as authorization codes, and refresh tokens
  2. 在IdentityServer 项目中添加引用:Microsoft.EntityFrameworkCore.SqlServer

  3. Startup.cs 中配置:

    var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
    const string connectionString = @"server=.;uid=sa;pwd=123456;database=ids4_oauth;trusted_connection=yes;";
    
    services.AddIdentityServer()
        .AddConfigurationStore(options =>
        {
            options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
                sql => sql.MigrationsAssembly(migrationsAssembly));
        })
        .AddOperationalStore(options =>
        {
            options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
                sql => sql.MigrationsAssembly(migrationsAssembly));
        });
    
  4. 安装install the Entity Framework Core CLI 环境

    dotnet tool install --global dotnet-ef --version 3.1.19
    

    引用包:Microsoft.EntityFrameworkCore.Design

  5. 在IdentifyServer项目文件夹中,打开命令行工具,执行数据迁移命令

dotnet ef migrations add InitialIdentityServerPersistedGrantDbMigration -c PersistedGrantDbContext -o Data/Migrations/IdentityServer/PersistedGrantDb

dotnet ef migrations add InitialIdentityServerConfigurationDbMigration -c ConfigurationDbContext -o Data/Migrations/IdentityServer/ConfigurationDb

dotnet ef migrations add InitialApplicationDbMigration -c ApplicationDbContext -o Data/Migrations/IdentityServer/ApplicationDb
或者
在程序包管理控制台:
add-migration InitApplicationDbMigration -c ApplicationDbContext
update-database InitApplicationDbMigration -c ApplicationDbContext

此时在~/Data/Migrations/IdentityServer下就会有你新创建的代码了

6.在Startup.cs 类中,初始化数据库,

public void Configure(IApplicationBuilder app)
{
    // this will do the initial DB population
    InitializeDatabase(app);

    // the rest of the code that was already here
    // ...
}
private void InitializeDatabase(IApplicationBuilder app)
{
    using (var serviceScope = app.ApplicationServices.GetService<IServiceScopeFactory>().CreateScope())
    {
        serviceScope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>().Database.Migrate();

        var context = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
        context.Database.Migrate();
        if (!context.Clients.Any())
        {
            foreach (var client in Config.Clients)
            {
                context.Clients.Add(client.ToEntity());
            }
            context.SaveChanges();
        }

        if (!context.IdentityResources.Any())
        {
            foreach (var resource in Config.IdentityResources)
            {
                context.IdentityResources.Add(resource.ToEntity());
            }
            context.SaveChanges();
        }

        if (!context.ApiScopes.Any())
        {
            foreach (var resource in Config.ApiScopes)
            {
                context.ApiScopes.Add(resource.ToEntity());
            }
            context.SaveChanges();
        }
    }
} 

安装IdentityServer4 证书

https://www.cnblogs.com/chenyishi/p/10922326.html

  1. 安装OpenSSL工具 ,官网下载地址:https://slproweb.com/products/Win32OpenSSL.html

  2. 在CMD中执行以下命令

openssl req -newkey rsa:2048 -nodes -keyout cas.clientservice.key -x509 -days 365 -out cas.clientservice.cer

 类似资料: