feat: add authing sso

2024-09-20 23:48:27 +08:00 · 2023-01-29 16:19:30 +08:00 · 2023-01-29 16:19:30 +08:00 · a30f184996
commit a30f184996
parent 5092087379
5 changed files with 71 additions and 3 deletions
--- a/Blog.Core.Api/Program.cs
+++ b/Blog.Core.Api/Program.cs
@ -56,6 +56,7 @@ builder.Services.AddSingleton(new LogLock(builder.Environment.ContentRootPath));
 builder.Services.AddUiFilesZipSetup(builder.Environment);

 Permissions.IsUseIds4 = AppSettings.app(new string[] { "Startup", "IdentityServer4", "Enabled" }).ObjToBool();
+Permissions.IsUseAuthing = AppSettings.app(new string[] { "Startup", "Authing", "Enabled" }).ObjToBool();
 RoutePrefix.Name = AppSettings.app(new string[] { "AppSettings", "SvcName" }).ObjToString();

 JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
@ -79,9 +80,10 @@ builder.Services.AddEventBusSetup();
 builder.Services.AddNacosSetup(builder.Configuration);

 builder.Services.AddAuthorizationSetup();
-if (Permissions.IsUseIds4)
+if (Permissions.IsUseIds4 || Permissions.IsUseAuthing)
 {
-    builder.Services.AddAuthentication_Ids4Setup();
+    if (Permissions.IsUseIds4) builder.Services.AddAuthentication_Ids4Setup();
+    else if (Permissions.IsUseAuthing) builder.Services.AddAuthentication_AuthingSetup();
 }
 else
 {
--- a/Blog.Core.Api/appsettings.json
+++ b/Blog.Core.Api/appsettings.json
@ -189,6 +189,12 @@
      "AuthorizationUrl": "http://localhost:5004", // 认证中心域名
      "ApiName": "blog.core.api" // 资源服务器
    },
+    "Authing": {
+      "Enabled": true,
+      "Issuer": "https://uldr24esx31h-demo.authing.cn/oidc",
+      "Audience": "63d51c4205c2849803be5178",
+      "JwksUri": "https://uldr24esx31h-demo.authing.cn/oidc/.well-known/jwks.json"
+    },
    "RedisMq": {
      "Enabled": false //redis 消息队列
    },
--- a/Blog.Core.Common/GlobalVar/GlobalVars.cs
+++ b/Blog.Core.Common/GlobalVar/GlobalVars.cs
@ -20,6 +20,12 @@
        /// true：表示启动IDS4
        /// false：表示使用JWT
        public static bool IsUseIds4 = false;
+
+        /// <summary>
+        /// 当前项目是否启用Authing权限方案
+        /// true：表示启动
+        /// false：表示使用JWT
+        public static bool IsUseAuthing = false;
    }

    /// <summary>
--- a/Blog.Core.Extensions/Blog.Core.Extensions.csproj
+++ b/Blog.Core.Extensions/Blog.Core.Extensions.csproj
@ -11,7 +11,7 @@
    <PackageReference Include="Com.Ctrip.Framework.Apollo" Version="2.8.0" />
    <PackageReference Include="Com.Ctrip.Framework.Apollo.Configuration" Version="2.8.0" />
    <PackageReference Include="Consul" Version="1.6.10.7" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.11" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.8" />
    <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.SignalR.Protocols.NewtonsoftJson" Version="6.0.8" />
@ -20,6 +20,7 @@
    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="6.0.0" />
    <PackageReference Include="Microsoft.Extensions.Logging.Log4Net.AspNetCore" Version="6.1.0" />
    <PackageReference Include="MiniProfiler.AspNetCore.Mvc" Version="4.2.22" />
+    <PackageReference Include="NetDevPack.Security.JwtExtensions" Version="6.0.2" />
    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
    <PackageReference Include="Swashbuckle.AspNetCore.Filters" Version="7.0.5" />
--- a/Blog.Core.Extensions/ServiceExtensions/Authentication_AuthingSetup.cs
+++ b/Blog.Core.Extensions/ServiceExtensions/Authentication_AuthingSetup.cs
@ -0,0 +1,53 @@
+using Blog.Core.AuthHelper;
+using Blog.Core.Common;
+using Blog.Core.Common.HttpContextUser;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
+using NetDevPack.Security.JwtExtensions;
+using System;
+
+namespace Blog.Core.Extensions
+{
+    /// <summary>
+    /// Authing权限 认证服务
+    /// </summary>
+    public static class Authentication_AuthingSetup
+    {
+        public static void AddAuthentication_AuthingSetup(this IServiceCollection services)
+        {
+            if (services == null) throw new ArgumentNullException(nameof(services));
+
+            var tokenValidationParameters = new TokenValidationParameters
+            {
+                ValidIssuer = AppSettings.app(new string[] { "Startup", "Authing", "Issuer" }),
+                ValidAudience = AppSettings.app(new string[] { "Startup", "Authing", "Audience" }),
+                ValidAlgorithms = new string[] { "RS256" },
+                //ValidateLifetime = true,
+                //ClockSkew = TimeSpan.FromSeconds(30),
+                //RequireExpirationTime = true,
+            };
+
+            services.AddAuthentication(o =>
+            {
+                //认证middleware配置
+                o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultChallengeScheme = nameof(ApiResponseHandler);
+                o.DefaultForbidScheme = nameof(ApiResponseHandler);
+            })
+            .AddJwtBearer(o =>
+            {
+                //主要是jwt  token参数设置
+                o.TokenValidationParameters = tokenValidationParameters;
+                o.RequireHttpsMetadata = false;
+                o.SaveToken = false;
+                o.IncludeErrorDetails = true;
+                o.SetJwksOptions(new JwkOptions(AppSettings.app(new string[] { "Startup", "Authing", "JwksUri" }), AppSettings.app(new string[] { "Startup", "Authing", "Issuer" }), new TimeSpan(TimeSpan.TicksPerDay)));
+            })
+            .AddScheme<AuthenticationSchemeOptions, ApiResponseHandler>(nameof(ApiResponseHandler), o => { });
+
+        }
+    }
+}