ASP.NET Core的Keycloak客户端

前端之家收集整理的这篇文章主要介绍了ASP.NET Core的Keycloak客户端前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
是否存在 Asp.net Core的Keycloak客户端? I have found a NuGet package for .net但它不适用于Core.您是否有任何想法如何轻松地与此安全服务器集成(或可能使用任何其他替代方案)?

解决方法

我今天玩了一下这个.最简单的方法是使用OpenId标准.

在Startup.cs中,我使用了OpenIdConnect身份验证:

public void Configure(...)
    { (...)
         app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,AutomaticAuthenticate = true,CookieHttpOnly = true,CookieSecure = CookieSecurePolicy.SameAsRequest
        });
        app.USEOpenIdConnectAuthentication(CreateKeycloakOpenIdConnectOptions());`(...)
 }`

OpenIdConnectOptions方法

private OpenIdConnectOptions CreateKeycloakOpenIdConnectOptions()
    {
        var options = new OpenIdConnectOptions
        {
            AuthenticationScheme = "oidc",SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,Authority = Configuration["Authentication:KeycloakAuthentication:ServerAddress"]+"/auth/realms/"+ Configuration["Authentication:KeycloakAuthentication:Realm"],RequireHttpsMetadata = false,//only in development
            PostlogoutRedirectUri = Configuration["Authentication:KeycloakAuthentication:PostlogoutRedirectUri"],ClientId = Configuration["Authentication:KeycloakAuthentication:ClientId"],ClientSecret = Configuration["Authentication:KeycloakAuthentication:ClientSecret"],ResponseType = OpenIdConnectResponseType.Code,GetClaimsFromUserInfoEndpoint = true,SaveTokens = true

        };
        options.Scope.Add("openid");
        return options;
    }

在appsettings.json中添加Keycloak的配置:

{
  (...),"Authentication": {
    "KeycloakAuthentication": {
      "ServerAddress": "http://localhost:8180","Realm": "demo","PostlogoutRedirectUri": "http://localhost:57630/","ClientId": "KeycloakASPNETCore","ClientSecret": "secret-get-it-in-keycloakConsole-client-credentials"
    }
  }
}

Keycloak客户端配置如下:

> Client settings,
> I’ve added ‘accounting’ role for test,
> I added mapper ‘member_of’ of type ‘User Client Role’ for roles so that roles are added in the claims

如果我想按角色授权用户,我会这样做:

在ConfigureServices方法添加authorization by claims

public void ConfigureServices(IServiceCollection services)
    {
        (...)

        services.AddAuthorization(options =>
        {
            options.AddPolicy("Accounting",policy =>
            policy.RequireClaim("member_of","[accounting]")); //this claim value is an array. Any suggestions how to extract just single role? This still works.
        });
    }

我在ValuesController(默认Web API模板)中编辑了get方法

[Authorize(Policy = "Accounting")]
[Route("api/[controller]")]
public class ValuesController : Controller
{
    // GET api/values        
    [HttpGet]
    public Dictionary<string,string> Get()
    {
        var userPrinciple = User as ClaimsPrincipal;
        var claims = new Dictionary<string,string>();

        foreach (var claim in userPrinciple.Claims)
        {
            var key = claim.Type;
            var value = claim.Value;

            claims.Add(key,value);
        }


        return claims;
    }

如果我使用具有会计角色的用户登录或具有会计角色的组,则应在地址localhost:57630 / api / values上显示我的用户声明.

我希望这适合你.

猜你在找的.NET Core相关文章