大多数软件的相互沟通图:客户端与Web应用程序的访问、应用与Web api、api与api……相互沟通则需要授权、身份验证
IdentityServer3的功能:Web认证、SSO单点登录、Web Api访问权限(常用的这三个)
RP:依赖方
OP:OpenID Provider
IP:Id Provider
STS:安全令牌服务
Scope:范围标识(身份、资源)
用户(User)访问客户端、客户端(Client: 如Web或APP)向IdentityServer请求token,OP返回身份token\访问token,每一种资源都有一个标识范围(身份信息,授权资源信息都有一个对应的scope标识),OP会获取资源(RP)的Scope
开始使用IdentityServer3
1、新建一个控制台应用作为IdentityServer
安装:install-package identityserver3
新建Client.cs:在IdentityServer注册Client信息
using IdentityServer3.Core.Models; using System.Collections.Generic; namespace IdSrv { static class Clients { public static List<Client> Get() { return new List<Client> { // no human involved new Client { ClientName = "Silicon-only Client", ClientId = "silicon", Enabled = true, AccessTokenType = AccessTokenType.Reference, Flow = Flows.ClientCredentials, ClientSecrets = new List<Secret> { new Secret("F621F470-9731-4A25-80EF-67A6F7C5F4B8".Sha256()) }, AllowedScopes = new List<string> { "api1" } }, // human is involved new Client { ClientName = "Silicon on behalf of Carbon Client", ClientId = "carbon", Enabled = true, AccessTokenType = AccessTokenType.Reference, Flow = Flows.ResourceOwner, ClientSecrets = new List<Secret> { new Secret("21B5F798-BE55-42BC-8AA8-0025B903DC3B".Sha256()) }, AllowedScopes = new List<string> { "api1" } } }; } } }