IdentityServer4:如何根据环境设置权限?
IdentityServer4 : how to set Authority based on environment?
所有 IdentityServer4 示例在配置期间对 Authority 属性 进行硬编码:
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.ApiName = "api";
options.RequireHttpsMetadata = Env.IsStaging() || Env.IsProduction();
});
我将如何根据环境(即暂存和生产)加载权限?
这就是我们所做的:
每个环境都有不同的 appSettings.json 文件。
所有文件都包含 IdentityServer 的单独值。例如
{
"IdentityServerSettings": {
"Authority": "http://localhost:5000",
"ApiName": "tb5api"
}
}
然后在Startup.csclass我们根据当前环境载入设置json文件
private readonly IHostingEnvironment _env;
public IConfigurationRoot Configuration { get; }
public Startup(IHostingEnvironment env)
{
_env = env;
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityServerSettings>(Configuration.GetSection("IdentityServerSettings"));
......
然后我们有一个 class 来加载我们的设置:
/// <summary>
/// This class is a representation of the configuration of the API for Identity Server
/// </summary>
public class IdentityServerSettings
{
// Authority is the Identity Server URL
public string Authority { get; set; }
// Current API/Resource Name
public string ApiName { get; set; }
}
然后在任何需要 IdentityServerSettings 的地方,您都可以将它们注入控制器或配置方法中:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
#region Identity Server Config
var identityServerOptions = app.ApplicationServices.GetService<IOptions<IdentityServerSettings>>().Value;
// Setup Identity Server Options for this API -
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = identityServerOptions.Authority,
RequireHttpsMetadata = false,
ApiName = identityServerOptions.ApiName,
NameClaimType = "username",
});
.......
所有 IdentityServer4 示例在配置期间对 Authority 属性 进行硬编码:
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.ApiName = "api";
options.RequireHttpsMetadata = Env.IsStaging() || Env.IsProduction();
});
我将如何根据环境(即暂存和生产)加载权限?
这就是我们所做的:
每个环境都有不同的 appSettings.json 文件。
所有文件都包含 IdentityServer 的单独值。例如
{
"IdentityServerSettings": {
"Authority": "http://localhost:5000",
"ApiName": "tb5api"
}
}
然后在Startup.csclass我们根据当前环境载入设置json文件
private readonly IHostingEnvironment _env;
public IConfigurationRoot Configuration { get; }
public Startup(IHostingEnvironment env)
{
_env = env;
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityServerSettings>(Configuration.GetSection("IdentityServerSettings"));
......
然后我们有一个 class 来加载我们的设置:
/// <summary>
/// This class is a representation of the configuration of the API for Identity Server
/// </summary>
public class IdentityServerSettings
{
// Authority is the Identity Server URL
public string Authority { get; set; }
// Current API/Resource Name
public string ApiName { get; set; }
}
然后在任何需要 IdentityServerSettings 的地方,您都可以将它们注入控制器或配置方法中:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
#region Identity Server Config
var identityServerOptions = app.ApplicationServices.GetService<IOptions<IdentityServerSettings>>().Value;
// Setup Identity Server Options for this API -
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = identityServerOptions.Authority,
RequireHttpsMetadata = false,
ApiName = identityServerOptions.ApiName,
NameClaimType = "username",
});
.......