gRPCにaspを集積する.Netidentity token認証の実現
gRPCにaspを集積する.Netidentity token認証の実現
asp.Netcore 3.0でidentity認証をオンにします
asp.Netcore 3.0のインポートが必要なidentityパッケージはcore 2.2といくつか変化しました.
コードの構成はあまり変わりません.主にConfigureServicesに集中しています.services.AddDbContext(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services
.AddDefaultIdentity(delegate (IdentityOptions options)
{
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
})
.AddEntityFrameworkStores();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
ValidateAudience = false,
ValidateIssuer = false,
ValidateActor = false,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("41B71F9E-4204-4E88-8E91-64B1981F1B82"))
};
});
asp.Netcore 3.0におけるgRPCとRestful APIの同時統合
KestrelでHTTP 1とHTTP 2を同時にサポートする:public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder
.ConfigureKestrel(options =>
{
options.ListenLocalhost(50051, listenOptions =>
{
listenOptions.UseHttps("server.pfx", "1111");
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
})
.UseStartup();
});
特に注意すべき点は、Kestrelに関する文書に言及する、Http 1とHttp 2を同時に開くにはTLSとALPNガイドHTTP/2が必要であり、そうでない場合、デフォルトはHTTP 1である.1.
Bearer TokenベースのgRPCサービスライセンス
gRPCはaspに集積する.net core3.0以降、デフォルトのライセンス方式は、gRPCサービスで直接使用できます.[Authorize(AuthenticationSchemes = "Bearer")]
public class GreeterService : Greeter.GreeterBase
{
public override Task SayHello(HelloRequest request, ServerCallContext context)
{
return Task.FromResult(new HelloReply
{
Message = "Hello " + request.Name
});
}
}
完全コードはGithubコードライブラリを参照してください
services.AddDbContext(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services
.AddDefaultIdentity(delegate (IdentityOptions options)
{
options.Password.RequiredLength = 6;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
})
.AddEntityFrameworkStores();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
ValidateAudience = false,
ValidateIssuer = false,
ValidateActor = false,
ValidateLifetime = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("41B71F9E-4204-4E88-8E91-64B1981F1B82"))
};
});
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder
.ConfigureKestrel(options =>
{
options.ListenLocalhost(50051, listenOptions =>
{
listenOptions.UseHttps("server.pfx", "1111");
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
})
.UseStartup();
});
[Authorize(AuthenticationSchemes = "Bearer")]
public class GreeterService : Greeter.GreeterBase
{
public override Task SayHello(HelloRequest request, ServerCallContext context)
{
return Task.FromResult(new HelloReply
{
Message = "Hello " + request.Name
});
}
}