目录:
- OpenID 与 OAuth2 基础知识
- Blazor wasm Google 登录
- Blazor wasm Gitee 码云登录
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例1-建立和配置IDS身份验证服务
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例2-登录信息组件wasm
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例3-服务端管理组件
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例4 - 部署服务端/独立WASM端授权
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例5 - Blazor hybird app 端授权
- Blazor SSR/WASM IDS/OIDC 单点登录授权实例5 - Winform 端授权
源码
BlazorOIDC/Server
BlazorOIDC.Server 项目
1. 服务端默认工程改为 Blazor ssr
- 最新版vs模板建立的net7 blazor wasm 托管工程主机端是空工程,需要改造一下变为服务端
具体代码比较多, 直接看提交或者源码
- 添加Pages目录以及文件
- 添加Shared目录以及文件
- 添加_Imports.razor文件
- 添加App.razor文件
2. 添加简单管理页面
Pages/DataAdmin.razor
<h4>用户表</h4><TablePollo TItem="AspNetUsers"IncludeByPropertyNames="@IncludeAspNetUsers"ItemDetails="AspNetUserRoles"SubAddAsync="OnSubAddAsync"ItemDetailsII="NullClass"ItemDetailsIII="NullClass"ShowColumnListShowExportButtonShowDetailRowSField="@nameof(AspNetUsers.Id)"FieldD="@nameof(AspNetUserRoles.UserId)"ExportToStream="false"ExportBasePath="temp" />
用户身份以及角色分配刷新两次后自动分配到测试数据
3. 用户身份以及角色分配
登录 test@test.com 后点击登录信息, 可以看到用户身份以及角色分配已经能读取出来了
点击Wasm菜单,切换到wasm项目,在wasm项目也重新登录,点击登录信息,可以看到用户身份以及角色分配也已经更新了
4. API授权
添加 Controllers/UserController.cs
using BlazorOIDC.Server.Models;
using Densen.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;namespace BlazorOIDC.Server.Controllers;[ApiController]
[Route("[controller]")]
public class UserController : ControllerBase
{private readonly ILogger<UserController> _logger;private readonly UserManager<ApplicationUser> _userManager;private readonly SignInManager<ApplicationUser> _signInManager;public UserController(ILogger<UserController> logger, SignInManager<ApplicationUser> signInManager,UserManager<ApplicationUser> userManager){_logger = logger;_signInManager = signInManager;_userManager = userManager;}/// <summary>/// jwt登录测试/// </summary>/// <param name="username"></param>/// <param name="password"></param>/// <param name="code"></param>/// <returns></returns>[HttpPost]public async Task<IActionResult> Post(string username = "test@test.com", string password = "1qaz2wsx"){var signedUser = await _userManager.FindByEmailAsync(username);if (signedUser == null){_logger.LogWarning("登录失败.");ModelState.AddModelError(string.Empty, "登录失败.请检查用户名或者密码.");return BadRequest("用户名密码错误");}var result = await _signInManager.PasswordSignInAsync(signedUser, password, false, lockoutOnFailure: false);var userId = await _userManager.GetUserIdAsync(signedUser);return Ok(new { result });}[Authorize][HttpGet]public async Task<object> Get(){//获取用户Claim信息var userClaims = HttpContext.User.Claims.Select(it => $"{it.Type}:{it.Value}");var user = await _userManager.GetUserAsync(User);return new{user.UserName,roles = await _userManager.GetRolesAsync(user),userClaims};}[Authorize(Roles = nameof(AuthorizeRoles.Superuser))][HttpGet("{id}")]public async Task<object> Get(int id){var user = await _userManager.GetUserAsync(User);return new{user.UserName,roles = await _userManager.GetRolesAsync(user)};} }
为了配合下一章OIDC部署到服务器使用,需要把 launchSettings.json 配置改一下
"applicationUrl": "https://localhost:5001;http://localhost:5000",
5. 测试API授权
测试登录
测试用户验证
![[ai笔记1] 借着“ai春晚”开个场](https://csdnimg.cn/release/blog_editor_html/release2.3.6/ckeditor/plugins/CsdnLink/icons/icon-default.png?t=N7T8){kind=icon}
