Menu
I am creating an api resource in my identityserver application:
new ApiResource
{
Name = "socialnetwork",
Scopes =
{
new Scope()
{
Name = "socialnetwork.read_contents",
DisplayName = "Read"
},
new Scope
{
Name = "socialnetwork.share_content",
DisplayName = "Write"
}
}
}
But how can I use this scopes in my socialnetwork api controllers.
public class SocialController : Controller
{
[HttpGet]
public async Task<IActionResult> GetCotntents(){
}
[HttpPost]
public async Task<IActionResult> ShareCotntents(string content){
}
}
socialnetwork.read_contents scope, it can access GetCotntents() method.socialnetwork.share_content scope, it can access ShareCotntents() method.Actually does scope purpose is this? And how can I use it?
397
This value is used for authentication with introspection and will be added to the audience of the outgoing access token. DisplayName. This value can be used e.g. on the consent screen. Description.
The two fundamental resource types in IdentityServer are: identity resources: represent claims about a user like user ID, display name, email address etc… API resources: represent functionality a client wants to access.
IdentityServer4 support will last until the end of life of . NET Core 3.1 that means till November 2022.
Scopes can be used to restrict access to a resource based on read/write permissions. In IdentityServer4 scopes are modelled as resources, which come in two flavors: Identity and API.
In IdentityServer4 scopes are modelled as resources, which come in two flavors: Identity and API. An Identity resource allows you to model a scope that will return a certain set of claims, while an API resource scope allows you to model access to a protected resource/API. We won't be covering identity resource in this post.
The client can then request the resource using the scope parameter (other parameters omitted): IdentityServer will then use the scope names to create a list of requested claim types, and present that to your implementation of the profile service. Designing your API surface can be a complicated task.
Let's build a simple Token Server using IdentityServer4 that authorizes internal/external client apps for accessing a certain Resource Server. You can think of it as a system that generates a simple data structure containing Authorization and/or Authentication information.
I believe that what you need to do is set up a policy for each scope you want to use (in your ConfigureServices)
services.AddAuthorization(x =>
{
x.AddPolicy("readcontents", policy =>
policy.RequireClaim("scope", "socialnetwork.read_contents"));
x.AddPolicy("shared", policy =>
policy.RequireClaim("scope", "socialnetwork.share_content"));
});
Add then you can mark the Authorize attribute on your api method with the policy
[HttpGet]
[Authorize("readcontents")]
public async Task<IActionResult> GetCotntents(){
}
[HttpPost]
[Authorize("shared")]
public async Task<IActionResult> ShareCotntents(string content){
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
