本篇同步發文在個人Blog: 一袋.NET要扛幾樓?打造容器化的ASP.NET Core網站!系列文章 - (24) 建立購物車系統 - 7
前面一篇文章,Startup.cs有從設定檔讀取IdentityUrl,也就是AuthApi的URL連結,因此需要再appSettings.json加入:
"IdentityUrl": "https://localhost:44399",
在AuthApi的Config.cs新增對CartApi的IdentityServer4的Client,只採用Implicit驗證方式,而需要另外從設定檔讀取CartApi的Url作為OIDC相關的功能:
using IdentityServer4;
using IdentityServer4.Models;
using Microsoft.Extensions.Configuration;
using System.Collections.Generic;
namespace TokenServiceApi
{
public class Config
{
public static Dictionary<string, string> GetUrls(IConfiguration configuration)
{
Dictionary<string, string> urls = new Dictionary<string, string>();
urls.Add("Mvc", configuration.GetValue<string>("MvcClient"));
urls.Add("BasketApi", configuration.GetValue<string>("BasketApiClient"));
return urls;
}
public static IEnumerable<ApiScope> GetApiScopes()
{
return new List<ApiScope>
{
new ApiScope("basket", "basket api"),
new ApiScope("order", "order api"),
new ApiScope("report", "report api")
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("basket", "Shopping Cart Api")
{
Scopes = new List<string>
{
"basket"
}
},
new ApiResource("order", "Ordering Api")
{
Scopes = new List<string>
{
"order"
}
},
new ApiResource("report", "Report Api"){
Scopes = new List<string>
{
"report"
}
}
};
}
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public static IEnumerable<Client> GetClients(Dictionary<string, string> clientUrls)
{
return new List<Client>
{
new Client
{
ClientId = "mvc",
ClientSecrets = new []{new Secret("secret".Sha256())},
AllowedGrantTypes = GrantTypes.Hybrid,
RedirectUris = {$"{clientUrls["Mvc"]}/signin-oidc"},
PostLogoutRedirectUris = {$"{clientUrls["Mvc"]}/signout-callback-oidc"},
AllowAccessTokensViaBrowser = false,
AllowOfflineAccess = true,
RequireConsent = false,
RequirePkce = false,
AlwaysIncludeUserClaimsInIdToken =true,
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.OfflineAccess,
"order",
"basket",
"report"
}
},
new Client
{
ClientId = "basketswaggerui",
ClientName = "Basket Swagger UI",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = {$"{clientUrls["BasketApi"]}/swagger/oauth2-redirect.html" },
PostLogoutRedirectUris = {$"{clientUrls["BasketApi"]}/swagger/"},
AllowedCorsOrigins = {$"{clientUrls["BasketApi"]}"},
AllowedScopes = new List<string>
{
"basket"
}
}
};
}
}
}
在AuthApi的appSettings.json加入購物車的服務連結:
"BasketApiClient": "http://localhost:1028",
先執行MSSQL資料庫和Redis,所以用cmd在docker-compose.yml所在位置輸入指令:
docker-compose up cart.data mssqlserver
在VS執行AuthApi和CartApi,將會看見CartApi的頁面右上角多了Authorize按鈕,假如不先按它,直接按任何GET/POST/DELETE的方法,會被回傳401 Unauthorized的回應,如圖1
圖1
按下Authorize,並勾選Basket Scope,跳轉到AuthApi的登入頁面,登入後又回到CartApi,變成已授權的狀態,於是可以用GET/POST/DELETE的功能。
iThome鐵人賽
看影片追技術