如何在 Asp.net 核心中的 appsettings.json 中定义角色标识资源
How to define role Identity resource in appsettings.json in Asp.net core
我创建了一个 asp.net 具有个人帐户安全性的核心 Web 应用程序,并将其配置为用于 authorization/authentication 外部水疗中心 我在 appset5tings.json 文件中添加了以下配置
{
"ConnectionStrings":
{
"DefaultConnection":
"Server=localhost;Database=itrSts;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"IdentityServer": {
"Clients": {
"itr.childcare.webapp": {
"Profile": "SPA",
"RedirectUri": "http://localhost:3000/signin-callback",
"LogoutUri": "http://localhost:3000/signout-callback",
"AccessTokenLifetime": 600,
"Scopes": "openid profile gateway-api roles"
},
"Itr.Sts": {
"Profile": "IdentityServerSPA"
}
}
"Resources": {
"gateway-api": {
"Profile": "API",
"UserClaims": [
"role"
]
}
}
}
}
当请求“openid profile gateway-api”范围时它工作正常但是当还请求角色范围时我收到无效范围错误任何人都可以帮助我并告诉我应该做什么吗?谢谢
缺少的是身份资源定义。他们定义了哪些声明(包括角色)应该对客户端可用。
请参阅有关身份资源的article。
如果您使用的是 IdentityServer4,版本 4.x,那么您还应该考虑定义 ApiScopes。
在代码中,IdentityResources 的定义可以如下所示:
var employeeInfoScope = new IdentityResource()
{
Name = "employee_info",
DisplayName = "Employee information",
Description = "Employee information including seniority and status...",
Emphasize = true,
Enabled = true,
Required = true,
ShowInDiscoveryDocument = true,
UserClaims = new List<string>
{
"employment_start",
"seniority",
"contractor",
"employee",
}
};
_identityResources = new List<IdentityResource>()
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
new IdentityResources.Address(),
employeeInfoScope
};
我创建了一个 asp.net 具有个人帐户安全性的核心 Web 应用程序,并将其配置为用于 authorization/authentication 外部水疗中心 我在 appset5tings.json 文件中添加了以下配置
{
"ConnectionStrings":
{
"DefaultConnection":
"Server=localhost;Database=itrSts;Trusted_Connection=True;MultipleActiveResultSets=true"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"IdentityServer": {
"Clients": {
"itr.childcare.webapp": {
"Profile": "SPA",
"RedirectUri": "http://localhost:3000/signin-callback",
"LogoutUri": "http://localhost:3000/signout-callback",
"AccessTokenLifetime": 600,
"Scopes": "openid profile gateway-api roles"
},
"Itr.Sts": {
"Profile": "IdentityServerSPA"
}
}
"Resources": {
"gateway-api": {
"Profile": "API",
"UserClaims": [
"role"
]
}
}
} }
当请求“openid profile gateway-api”范围时它工作正常但是当还请求角色范围时我收到无效范围错误任何人都可以帮助我并告诉我应该做什么吗?谢谢
缺少的是身份资源定义。他们定义了哪些声明(包括角色)应该对客户端可用。
请参阅有关身份资源的article。
如果您使用的是 IdentityServer4,版本 4.x,那么您还应该考虑定义 ApiScopes。
在代码中,IdentityResources 的定义可以如下所示:
var employeeInfoScope = new IdentityResource()
{
Name = "employee_info",
DisplayName = "Employee information",
Description = "Employee information including seniority and status...",
Emphasize = true,
Enabled = true,
Required = true,
ShowInDiscoveryDocument = true,
UserClaims = new List<string>
{
"employment_start",
"seniority",
"contractor",
"employee",
}
};
_identityResources = new List<IdentityResource>()
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
new IdentityResources.Address(),
employeeInfoScope
};