使用IdentityServer4无需密码即可生成访问令牌

本文介绍了使用IdentityServer4无需密码即可生成访问令牌的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我已经使用ROPC流创建了用IdentityServer4保护的ASP.NET Core WebApi(使用此示例: github /robisim74/AngularSPAWebAPI ).

I have created ASP.NET Core WebApi protected with IdentityServer4 using ROPC flow (using this example: github/robisim74/AngularSPAWebAPI).

如何在没有密码的情况下从服务器手动生成access_token?

How to manually generate access_token from the server without password?

推荐答案

[HttpPost("loginas/{id}")] [Authorize(Roles = "admin")] public async Task<IActionResult> LoginAs(int id, [FromServices] ITokenService TS, [FromServices] IUserClaimsPrincipalFactory<ApplicationUser> principalFactory, [FromServices] IdentityServerOptions options) { var Request = new TokenCreationRequest(); var User = await userManager.FindByIdAsync(id.ToString()); var IdentityPricipal = await principalFactory.CreateAsync(User); var IdServerPrincipal = IdentityServerPrincipal.Create(User.Id.ToString(), User.UserName, IdentityPricipal.Claims.ToArray()); Request.Subject = IdServerPrincipal; Request.IncludeAllIdentityClaims = true; Request.ValidatedRequest = new ValidatedRequest(); Request.ValidatedRequest.Subject = Request.Subject; Request.ValidatedRequest.SetClient(Config.GetClients().First()); Request.Resources = new Resources(Config.GetIdentityResources(), Config.GetApiResources()); Request.ValidatedRequest.Options = options; Request.ValidatedRequest.ClientClaims = IdServerPrincipal.Claims.ToArray(); var Token = await TS.CreateAccessTokenAsync(Request); Token.Issuer = "" + HttpContext.Request.Host.Value; var TokenValue = await TS.CreateSecurityTokenAsync(Token); return Ok(TokenValue); }

对于新发布的IdentityServer 2.0.0，代码需要进行一些修改:

For a newly released IdentityServer 2.0.0 the code needs some modifications:

[HttpPost("loginas/{id}")] [Authorize(Roles = "admin")] public async Task<IActionResult> LoginAs(int id, [FromServices] ITokenService TS, [FromServices] IUserClaimsPrincipalFactory<ApplicationUser> principalFactory, [FromServices] IdentityServerOptions options) { var Request = new TokenCreationRequest(); var User = await userManager.FindByIdAsync(id.ToString()); var IdentityPricipal = await principalFactory.CreateAsync(User); var IdentityUser = new IdentityServerUser(User.Id.ToString()); IdentityUser.AdditionalClaims = IdentityPricipal.Claims.ToArray(); IdentityUser.DisplayName = User.UserName; IdentityUser.AuthenticationTime = System.DateTime.UtcNow; IdentityUser.IdentityProvider = IdentityServerConstants.LocalIdentityProvider; Request.Subject = IdentityUser.CreatePrincipal(); Request.IncludeAllIdentityClaims = true; Request.ValidatedRequest = new ValidatedRequest(); Request.ValidatedRequest.Subject = Request.Subject; Request.ValidatedRequest.SetClient(Config.GetClients().First()); Request.Resources = new Resources(Config.GetIdentityResources(), Config.GetApiResources()); Request.ValidatedRequest.Options = options; Request.ValidatedRequest.ClientClaims = IdentityUser.AdditionalClaims; var Token = await TS.CreateAccessTokenAsync(Request); Token.Issuer = HttpContext.Request.Scheme + "://" + HttpContext.Request.Host.Value; var TokenValue = await TS.CreateSecurityTokenAsync(Token); return Ok(TokenValue); }