如何在ASP.NET Core 2.0 WebAPI中使用IdentityServer3来验证IdentityServer3服务器中的令牌

本文介绍了如何在ASP.NET Core 2.0 WebAPI中使用IdentityServer3来验证IdentityServer3服务器中的令牌的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个使用IdentityServer3发行令牌的身份服务器.

I have a identityserver which is using IdentityServer3 to issue tokens.

我正在创建一个asp core 2.0 api客户端.

I am creating an asp core 2.0 api client.

如何在ASP.Net Core 2.0 API应用程序中验证Identityserver3发行的令牌?

How to validate the token issued by Identityserver3 in ASP.Net Core 2.0 api application?

我尝试安装Identityserver3.AccessTokenValidation.AspNetCore，但是收到错误消息说它与核心不兼容.

I tried to install Identityserver3.AccessTokenValidation.AspNetCore, but getting error saying it is not compatible with core.

有人可以帮我怎么做吗?

Can anyone help me how to do this?

谢谢

推荐答案

使用 .Net Core 2 ，您可以使用 IdentityServer4.AccessTokenValidation 来验证IdentityServer3令牌，只需确保在 ConfigureServices 方法

With .Net Core 2 you can use IdentityServer4.AccessTokenValidation to validate IdentityServer3 token , just make sure to add this line in ConfigureServices method

options.LegacyAudienceValidation = true;

ConfigureServices 应该看起来像这样:

public void ConfigureServices(IServiceCollection services) { services.AddMvcCore(options => { // IS3 does not include the api name/audience - hence the extra scope check options.Filters.Add(new AuthorizeFilter(ScopePolicy.Create("api"))); }) .AddAuthorization(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = "localhost:5002"; options.RequireHttpsMetadata = false; options.ApiName = "api"; options.ApiSecret = "secret"; // this is only needed because IS3 does not include the API name in the JWT audience list // so we disable UseIdentityServerAuthentication JWT audience check and rely upon // scope validation to ensure we're only accepting tokens for the right API options.LegacyAudienceValidation = true; }); }

有关更多信息，您可以参考此链接

for more information you can refer to this link