ASP.NET Core的Keycloak客户端

前端之家收集整理的这篇文章主要介绍了ASP.NET Core的Keycloak客户端前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
是否存在 Asp.net Core的Keycloak客户端? I have found a NuGet package for .net但它不适用于Core.您是否有任何想法如何轻松地与此安全服务器集成(或可能使用任何其他替代方案)?

解决方法

我今天玩了一下这个.最简单的方法是使用OpenId标准.

在Startup.cs中,我使用了OpenIdConnect身份验证:

  1. public void Configure(...)
  2. { (...)
  3. app.UseCookieAuthentication(new CookieAuthenticationOptions
  4. {
  5. AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,AutomaticAuthenticate = true,CookieHttpOnly = true,CookieSecure = CookieSecurePolicy.SameAsRequest
  6. });
  7. app.USEOpenIdConnectAuthentication(CreateKeycloakOpenIdConnectOptions());`(...)
  8. }`

OpenIdConnectOptions方法

  1. private OpenIdConnectOptions CreateKeycloakOpenIdConnectOptions()
  2. {
  3. var options = new OpenIdConnectOptions
  4. {
  5. AuthenticationScheme = "oidc",SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,Authority = Configuration["Authentication:KeycloakAuthentication:ServerAddress"]+"/auth/realms/"+ Configuration["Authentication:KeycloakAuthentication:Realm"],RequireHttpsMetadata = false,//only in development
  6. PostlogoutRedirectUri = Configuration["Authentication:KeycloakAuthentication:PostlogoutRedirectUri"],ClientId = Configuration["Authentication:KeycloakAuthentication:ClientId"],ClientSecret = Configuration["Authentication:KeycloakAuthentication:ClientSecret"],ResponseType = OpenIdConnectResponseType.Code,GetClaimsFromUserInfoEndpoint = true,SaveTokens = true
  7.  
  8. };
  9. options.Scope.Add("openid");
  10. return options;
  11. }

在appsettings.json中添加Keycloak的配置:

  1. {
  2. (...),"Authentication": {
  3. "KeycloakAuthentication": {
  4. "ServerAddress": "http://localhost:8180","Realm": "demo","PostlogoutRedirectUri": "http://localhost:57630/","ClientId": "KeycloakASPNETCore","ClientSecret": "secret-get-it-in-keycloakConsole-client-credentials"
  5. }
  6. }
  7. }

Keycloak客户端配置如下:

> Client settings,
> I’ve added ‘accounting’ role for test,
> I added mapper ‘member_of’ of type ‘User Client Role’ for roles so that roles are added in the claims

如果我想按角色授权用户,我会这样做:

在ConfigureServices方法添加authorization by claims

  1. public void ConfigureServices(IServiceCollection services)
  2. {
  3. (...)
  4.  
  5. services.AddAuthorization(options =>
  6. {
  7. options.AddPolicy("Accounting",policy =>
  8. policy.RequireClaim("member_of","[accounting]")); //this claim value is an array. Any suggestions how to extract just single role? This still works.
  9. });
  10. }

我在ValuesController(默认Web API模板)中编辑了get方法

  1. [Authorize(Policy = "Accounting")]
  2. [Route("api/[controller]")]
  3. public class ValuesController : Controller
  4. {
  5. // GET api/values
  6. [HttpGet]
  7. public Dictionary<string,string> Get()
  8. {
  9. var userPrinciple = User as ClaimsPrincipal;
  10. var claims = new Dictionary<string,string>();
  11.  
  12. foreach (var claim in userPrinciple.Claims)
  13. {
  14. var key = claim.Type;
  15. var value = claim.Value;
  16.  
  17. claims.Add(key,value);
  18. }
  19.  
  20.  
  21. return claims;
  22. }

如果我使用具有会计角色的用户登录或具有会计角色的组,则应在地址localhost:57630 / api / values上显示我的用户声明.

我希望这适合你.

猜你在找的.NET Core相关文章