问题描述
我正在使用IdentityServer4保护我的API并验证用户身份,客户端是主要的ASP.NET Core MVC App,我只希望登录界面和UI位于MVC App上,而登录实现位于IdentityServer上,因此IdentityServer必须具有API才能从MVC应用登录页面接收用户名和密码,并返回将在cookie中使用的令牌
I am using IdentityServer4 to secure my API and also to authenticate users, the client is the main ASP.NET Core MVC App, I just want the login interface and UI to be at the MVC App and the login implementation at the IdentityServer, so the IdentityServer must have an API to just receive username and password from the MVC app login page return the token which will be used in cookies
推荐答案
出于多种原因移动视图是一个坏主意.其中一些:
It is a bad idea to move your views for several reasons. Some of them:
-
如果将视图移动到MVC客户端,则必须在所有客户端中创建这些视图.
If you move the views to your MVC client you will have to create those views in all your clients.
OAuth2/OpenId Connect应该将授权/身份验证委派给您的Idp,以避免凭据共享.取而代之的是,您被迫使用资源所有者密码"凭据,这意味着我们无法使用来自Idp的用户同意页面.
OAuth2 / OpenId Connect should delegate authorization / authentication to your Idp to avoid credentials sharing. Instead of that, you are forced to use Resource Owner Password Credentials which implies that we cannot use the user's consent pages from the Idp.
对于单点登录,您将不会从其IDp中获得Audentication Cookie.
You won't have Autentication Cookie from your Idp for Single Sign On.
这篇关于IdentityServer4登录api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!