第二步:配置启动类
public void ConfigureServices(IServiceCollection services)
{
//注册服务
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(x =>
{
x.Authority = "http://localhost:5000";//鉴权服务地址
x.RequireHttpsMetadata = false;
x.ApiName = "api1";//鉴权范围
});
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();//添加鉴权认证
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
应用程序默认的端口号有两种:1.http://localhost:5000 2.https://localhost:5001.为了避免端口号冲突被占用,我们可以在Program类中修改应用程序启动端口号。
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseUrls("http://*:5555");//设置启动端口号
webBuilder.UseStartup<Startup>();
});
第三步:创建API DEMO
[Route("api/[controller]")]
[ApiController]
public class TestController : ControllerBase
{
// GET: api/Test
/// <summary>
/// 方法加权
/// </summary>
/// <returns></returns>
[Authorize]
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
/// <summary>
/// 方法未加权 可直接访问
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
// GET: api/Test/5
[HttpGet("{id}", Name = "Get")]
public string Get(int id)
{
return "value";
}
/// <summary>
/// 开放获取token API 接口
/// </summary>
/// <returns></returns>
[HttpGet("GetToken")]
public async Task<string> GetToken()
{
var client = new HttpClient();
var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = "http://localhost:5000/connect/token",
ClientId = "client",
ClientSecret = "secret",
Scope = "api1",
UserName = "Admin",
Password = "123456",
});
if (tokenResponse.IsError)
{
return tokenResponse.Error;
}
return tokenResponse.AccessToken;
}
}
1.接口方法上加上:
[Authorize]
相当于对接口加权,只有被授权的用户才能访问(即获取token的用户)。此时上文中接口
