寫在前面
是這樣的,我們現在介面使用了Ocelot做閘道器,Ocelot裡面整合了基於IdentityServer4的開發的授權中心用於對Api資源的保護。問題來了,我們的Api用了SwaggerUI做介面的自文件,那就蛋疼了,你接入了IdentityServer4的Api,用SwaggerUI除錯、呼叫介面的話,妥妥的401,未授權啊。那有小夥伴就會說了,你SwaggerUI的Api不經過閘道器不就ok了?誒,好辦法。但是:
- 我不想改變Url規則啊,我是
/api開頭的Url都是經過閘道器的,如果不經過閘道器要加埠或者改變Url規則,會給其他部門的同事帶來麻煩(多個Url規則容易混淆); - 另外是,因為生產環境是接入了IdentityServer4,我想測試環境從一開始就需要呼叫方熟悉的接入,避免平時用沒有經過授權中心的Url除錯,一到生產就出問題。
ok,廢話講得有點多,我們就直奔主題。
下面我們需要建立兩個示例專案:
1、IdentityServer4的授權中心;
2、使用SwaggerUI做自文件的WebApi專案;
本文原始碼地址:https://github.com/gebiWangshushu/cnblogs-demos/tree/master/SwggerUI.IdentityServer4.Example
構建基於IdentityServer4授權中心
1、新建空白解決方案,並新增一個空的WebApi專案,IdentityServer
2、引用包。
Install-Package IdentityServer43、新增配置類:Config.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace IdentityServer
{
public class Startup
{
public IHostingEnvironment Environment { get; }
public Startup(IHostingEnvironment environment)
{
Environment = environment;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
}
}
4、修改Startup.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace IdentityServer
{
public class Startup
{
public IHostingEnvironment Environment { get; }
public Startup(IHostingEnvironment environment)
{
Environment = environment;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers());
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
}
}
}
ok,跑起來了
使用SwaggerUI做自文件的WebApi專案
1、新增WebApi專案,SwaggerUIApi
現在專案結構這樣:
2、先新增SwaggerUI,先不接入IdentityServer
修改Startup.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Swashbuckle.AspNetCore.Swagger;
namespace SwggerUIApi
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "ToDo API",
Description = "A simple example ASP.NET Core Web API",
TermsOfService = "None",
Contact = new Contact
{
Name = "Shayne Boyer",
Email = string.Empty,
Url = "https://twitter.com/spboyer"
},
License = new License
{
Name = "Use under LICX",
Url = "https://example.com/license"
}
});
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
// specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
app.UseMvc();
}
}
}
得到這樣的SwaggerUI:
我們呼叫一下介面:
槓槓的200:
3、介面專案我們接入IdentityServer4
修改:Startup.cs ,ConfigureServices方法,
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000"; // IdentityServer伺服器地址
options.ApiName = "swagger_api"; // 用於針對進行身份驗證的API資源的名稱
options.RequireHttpsMetadata = false; // 指定是否為HTTPS
});修改:Startup.cs ,Configure方法
app.UseAuthentication();Ok,可以看到我們接入進去了,401,未授權了;
3、接入IdentityServer
1、新增授權響應操作的過濾器,AuthResponsesOperationFilter.cs
using Microsoft.AspNetCore.Authorization;
using Swashbuckle.AspNetCore.Swagger;
using Swashbuckle.AspNetCore.SwaggerGen;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace SwggerUIApi
{
public class AuthResponsesOperationFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
//獲取是否新增登入特性
var authAttributes = context.MethodInfo.DeclaringType.GetCustomAttributes(true)
.Union(context.MethodInfo.GetCustomAttributes(true))
.OfType<AuthorizeAttribute>().Any();
if (authAttributes)
{
operation.Responses.Add("401", new Response { Description = "暫無訪問許可權" });
operation.Responses.Add("403", new Response { Description = "禁止訪問" });
operation.Security = new List<IDictionary<string, IEnumerable<string>>>
{
new Dictionary<string, IEnumerable<string>> {{"oauth2", new[] { "swagger_api" } }}
};
}
}
}
}
2、修改Startup.cs ,ConfigureServices方法的,services.AddSwaggerGen()
配置成這樣:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "ToDo API",
Description = "A simple example ASP.NET Core Web API",
TermsOfService = "None",
Contact = new Contact
{
Name = "Shayne Boyer",
Email = string.Empty,
Url = "https://twitter.com/spboyer"
},
License = new License
{
Name = "Use under LICX",
Url = "https://example.com/license"
}
});
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
//接入identityserver
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Flow = "implicit", // 只需通過瀏覽器獲取令牌(適用於swagger)
AuthorizationUrl = "http://localhost:5000/connect/authorize",//獲取登入授權介面
Scopes = new Dictionary<string, string> {
{ "swagger_api_scopde", "swagger_api access" }//指定客戶端請求的api作用域。 如果為空,則客戶端無法訪問
}
});
c.OperationFilter<AuthResponsesOperationFilter>();
});3、我們還需給授權中心新增一個登陸介面
下載這個兩個資料夾,丟到IdentityServer專案下面:
專案結構:
4、我們執行看看
先啟動Identityserver專案
執行SwaggerUI可以看到,這兩個地方了個小鎖頭,表示已啟用安全保護:
我們點一下上面的按鈕:
哇,我們跳到了這裡:
輸入:alice/alice,點登入:
哇哇:
當然是Yes啦,然後這邊變成這樣了:
這是已獲得授權狀態,我們再次呼叫看看:
這裡我們看到已經呼叫成功,仔細看請求,與前面簡短的請求不同的是,現在請求裡面帶了access_token了,
這才是我們折騰這麼久得來的寶貝。
總結
寫得有點匆忙,希望大家能看得懂[捂臉];
原始碼地址:https://github.com/gebiWangshushu/cnblogs-demos/tree/master/SwggerUI.IdentityServer4.Example