scopes .NET Core微服务之基于IdentityServer建(5)

这里的ClientId要和MvcClient中设置的一致。RedirectUris是指登录成功之后需要重定向的地址（这里这个位置在MvcClient中），而PostLogoutRedirectUris是指登出之后需要重定向的地址。和API Service Client的设置不同的就是在AllowedScopes中给它增加了OpenId和Profile，因为我们为MvcClient设定的是oidc而不是bearer的模式。最后为了使用这些OpenID Connect Scopes，需要设置这些Identity Resources：

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
        };
    }

    public void ConfigureServices(IServiceCollection services)
    {
        .......

        services.AddIdentityServer()
            //.AddDeveloperSigningCredential()
            .AddSigningCredential(new X509Certificate2(Path.Combine(basePath,
                Configuration["Certificates:CerPath"]),
                Configuration["Certificates:Password"]))
            .AddInMemoryIdentityResources(InMemoryConfiguration.GetIdentityResources())
            .AddTestUsers(InMemoryConfiguration.GetUsers().ToList())
            .AddInMemoryClients(InMemoryConfiguration.GetClients())
            .AddInMemoryApiResources(InMemoryConfiguration.GetApiResources());
        ......
    }

同时，为了演示方便，我们在MvcClient的About视图中添加几句：

@{
    ViewData["Title"] = "About";
}
<h2>@ViewData["Title"]</h2>
<h3>@ViewData["Message"]</h3>

@using Microsoft.AspNetCore.Authentication
<div>
    <strong>id_token</strong>
    <span>@await ViewContext.HttpContext.GetTokenAsync("id_token")</span>
</div>
<div>
    <strong>access_token</strong>
    <span>@await ViewContext.HttpContext.GetTokenAsync("access_token")</span>
</div>

<dl>
    @foreach (var claim in User.Claims)
    {
        <dt>@claim.Type</dt>
        <dd>@claim.Value</dd>
    }
</dl>

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/tongxinshuyu/article-92987-5.html