728x90
728x170
[TestAuthorizationServer 프로젝트]
▶ Properties/launchSettings.json
{
"iisSettings" :
{
"windowsAuthentication" : false,
"anonymousAuthentication" : true,
"iisExpress" :
{
"applicationUrl" : "http://localhost:50000",
"sslPort" : 44300
}
},
"profiles" :
{
"IIS Express" :
{
"commandName" : "IISExpress",
"launchBrowser" : true,
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
},
"TestAuthorizationServer" :
{
"commandName" : "Project",
"launchBrowser" : true,
"applicationUrl" : "https://localhost:5001;http://localhost:5000",
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
}
}
}
728x90
▶ ConstantHelper.cs
namespace TestAuthorizationServer
{
/// <summary>
/// 상수 헬퍼
/// </summary>
public class ConstantHelper
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Field
////////////////////////////////////////////////////////////////////////////////////////// Public
#region Field
/// <summary>
/// 발급자
/// </summary>
public const string Issuer = Audiance;
/// <summary>
/// 청중
/// </summary>
public const string Audiance = "https://localhost:44300/";
/// <summary>
/// 패스워드
/// </summary>
public const string Password = "not_too_short_secret_otherwise_it_might_error";
#endregion
}
}
300x250
▶ Startup.cs
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;
using System.Text;
using System.Threading.Tasks;
namespace TestAuthorizationServer
{
/// <summary>
/// 시작
/// </summary>
public class Startup
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 서비스 컬렉션 구성하기 - ConfigureServices(services)
/// <summary>
/// 서비스 컬렉션 구성하기
/// </summary>
/// <param name="services">서비스 컬렉션</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("OAuth")
.AddJwtBearer
(
"OAuth",
options =>
{
byte[] passwordByteArray = Encoding.UTF8.GetBytes(ConstantHelper.Password);
SymmetricSecurityKey key = new SymmetricSecurityKey(passwordByteArray);
options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
if(context.Request.Query.ContainsKey("access_token"))
{
context.Token = context.Request.Query["access_token"];
}
return Task.CompletedTask;
}
};
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = ConstantHelper.Issuer,
ValidAudience = ConstantHelper.Audiance,
IssuerSigningKey = key
};
}
);
services.AddControllersWithViews()
.AddRazorRuntimeCompilation();
}
#endregion
#region 구성하기 - Configure(app, environment)
/// <summary>
/// 구성하기
/// </summary>
/// <param name="app">애플리케이션 빌더</param>
/// <param name="environment">웹 호스트 환경</param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
{
if(environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints
(
endpoints =>
{
endpoints.MapDefaultControllerRoute();
}
);
}
#endregion
}
}
▶ Controllers/HomeController.cs
using Microsoft.AspNetCore.Mvc;
namespace TestAuthorizationServer.Controllers
{
/// <summary>
/// 홈 컨트롤러
/// </summary>
public class HomeController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 처리하기 - Index()
/// <summary>
/// 인덱스 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult Index()
{
return View();
}
#endregion
}
}
▶ Controllers/OAuthController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;
namespace TestAuthorizationServer.Controllers
{
/// <summary>
/// OAUTH 컨트롤러
/// </summary>
public class OAuthController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 로그인 페이지 처리하기 - Login(client_id, scope, response_type, redirect_uri, state)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="client_id">클라이언트 ID</param>
/// <param name="scope">범위</param>
/// <param name="response_type">인증 플로우 타입</param>
/// <param name="redirect_uri">재전송 URI</param>
/// <param name="state">상태</param>
/// <returns>액션 결과</returns>
[HttpGet]
public IActionResult Login(string client_id, string scope, string response_type, string redirect_uri, string state)
{
QueryBuilder queryBuilder = new QueryBuilder();
queryBuilder.Add("redirectURI", redirect_uri);
queryBuilder.Add("state" , state );
return View(model : queryBuilder.ToString());
}
#endregion
#region 로그인 페이지 처리하기 - Login(userName, password, redirectURI, state)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="userName">사용자명</param>
/// <param name="password">패스워드</param>
/// <param name="redirectURI">재전송 URI</param>
/// <param name="state">상태</param>
/// <returns>액션 결과</returns>
[HttpPost]
public IActionResult Login(string userName, string password, string redirectURI, string state)
{
const string code = "TESTCODE"; // 사용자명과 패스워드에 따라 code를 설정한다.
QueryBuilder queryBuilder = new QueryBuilder();
queryBuilder.Add("code" , code );
queryBuilder.Add("state", state);
return Redirect($"{redirectURI}{queryBuilder.ToString()}");
}
#endregion
#region 토큰 페이지 처리하기 - Token(grant_type, code, redirect_uri, client_id)
/// <summary>
/// 토큰 페이지 처리하기
/// </summary>
/// <param name="grant_type">그랜트 타입</param>
/// <param name="code">코드</param>
/// <param name="redirect_uri">재전송 URI</param>
/// <param name="client_id">클라이언트 ID</param>
/// <returns></returns>
public async Task<IActionResult> Token(string grant_type, string code, string redirect_uri, string client_id)
{
// code 값에 따라 JWT를 발행한다.
List<Claim> claimList = new List<Claim>()
{
new Claim(JwtRegisteredClaimNames.Sub , "ID0001" ),
new Claim(JwtRegisteredClaimNames.Birthdate, "1990-01-01" ),
new Claim(JwtRegisteredClaimNames.Email , "test@daum.net"),
new Claim(JwtRegisteredClaimNames.Gender , "Male" ),
new Claim("CompanyGroup" , "영업1그룹" ),
new Claim("CompanyDepartment" , "영업1팀" ),
new Claim("CompanyTitle" , "대리" ),
new Claim("EmployeeID" , "EMP0001" ),
new Claim("EmployeeName" , "홍길동" )
};
byte[] passwordByteArray = Encoding.UTF8.GetBytes(ConstantHelper.Password);
SymmetricSecurityKey key = new SymmetricSecurityKey(passwordByteArray);
string algorithm = SecurityAlgorithms.HmacSha256;
SigningCredentials signingCredentials = new SigningCredentials(key, algorithm);
JwtSecurityToken token = new JwtSecurityToken
(
ConstantHelper.Issuer,
ConstantHelper.Audiance,
claimList,
notBefore : DateTime.Now,
expires : DateTime.Now.AddHours(1),
signingCredentials
);
string access_token = new JwtSecurityTokenHandler().WriteToken(token);
var responseObject = new
{
access_token,
token_type = "Bearer",
raw_claim = "oauthTurorial"
};
string responseJSON = JsonConvert.SerializeObject(responseObject);
byte[] responseByteArray = Encoding.UTF8.GetBytes(responseJSON);
await Response.Body.WriteAsync(responseByteArray, 0, responseByteArray.Length);
return Redirect(redirect_uri);
}
#endregion
#region 검증 페이지 처리하기 - Validate()
/// <summary>
/// 검증 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[Authorize]
public IActionResult Validate()
{
if(HttpContext.Request.Query.TryGetValue("access_token", out var accessToken))
{
return Ok();
}
return BadRequest();
}
#endregion
}
}
▶ Controllers/SecretController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
namespace TestAuthorizationServer.Controllers
{
/// <summary>
/// 비밀 컨트롤러
/// </summary>
public class SecretController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 처리하기 - Index()
/// <summary>
/// 인덱스 페이지 처리하기
/// </summary>
/// <returns>문자열</returns>
[Authorize]
public IActionResult Index()
{
return Json($"인증 서버 비밀 메시지 {DateTime.Now:yyyy-MM-dd HH:mm:ss}");
}
#endregion
}
}
▶ Views/Home/Index.cshtml
<h1>인증 서버 인덱스 페이지</h1>
<hr />
▶ Views/OAuth/Login.cshtml
@model string
@{
var url = $"/OAuth/Login{Model}";
}
<h1>인증 서버 로그인 페이지</h1>
<hr />
<form action="@url" method="post">
<p>사용자명 <input type="text" name="userName" /></p>
<p>패스워드 <input type="password" name="password" /></p>
<p><input type="submit" value="로그인" /></p>
</form>
[TestAPIServer 프로젝트]
▶ Properties/launchSettings.json
{
"iisSettings" :
{
"windowsAuthentication" : false,
"anonymousAuthentication" : true,
"iisExpress" :
{
"applicationUrl" : "http://localhost:50010",
"sslPort" : 44310
}
},
"profiles" :
{
"IIS Express" :
{
"commandName" : "IISExpress",
"launchBrowser" : true,
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
},
"TestAPIServer" :
{
"commandName" : "Project",
"launchBrowser" : true,
"applicationUrl" : "https://localhost:5001;http://localhost:5000",
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
}
}
}
▶ Requirement/JWTRequirement.cs
using Microsoft.AspNetCore.Authorization;
namespace TestAPIServer.Requirement
{
/// <summary>
/// JWT 요청
/// </summary>
public class JWTRequirement : IAuthorizationRequirement
{
}
}
▶ Requirement/JWTRequirementAuthorizationHandler.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
namespace TestAPIServer.Requirement
{
/// <summary>
/// JWT 요청 권한 핸들러
/// </summary>
public class JWTRequirementAuthorizationHandler : AuthorizationHandler<JWTRequirement>
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Field
////////////////////////////////////////////////////////////////////////////////////////// Private
#region Field
/// <summary>
/// HTTP 클라이언트
/// </summary>
private readonly HttpClient httpClient;
/// <summary>
/// HTTP 컨텍스트
/// </summary>
private readonly HttpContext httpContext;
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - JWTRequirementAuthorizationHandler(factory, accessor)
/// <summary>
/// 생성자
/// </summary>
/// <param name="factory">HTTP 클라이언트 팩토리</param>
/// <param name="accessor">HTTP 컨텍스트 접근자</param>
public JWTRequirementAuthorizationHandler(IHttpClientFactory factory, IHttpContextAccessor accessor)
{
this.httpClient = factory.CreateClient();
this.httpContext = accessor.HttpContext;
}
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Protected
#region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement)
/// <summary>
/// 요청 처리하기 (비동기)
/// </summary>
/// <param name="context">컨텍스트</param>
/// <param name="requirement">요청</param>
/// <returns>태스크</returns>
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, JWTRequirement requirement)
{
if(this.httpContext.Request.Headers.TryGetValue("Authorization", out var authorizationHeaderValue))
{
string accessToken = authorizationHeaderValue.ToString().Split(' ')[1];
string url = $"https://localhost:44300/oauth/validate?access_token={accessToken}";
HttpResponseMessage response = await this.httpClient.GetAsync(url);
if(response.StatusCode == HttpStatusCode.OK)
{
context.Succeed(requirement);
}
}
}
#endregion
}
}
▶ Startup.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using TestAPIServer.Requirement;
namespace TestAPIServer
{
/// <summary>
/// 시작
/// </summary>
public class Startup
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 서비스 컬렉션 구성하기 - ConfigureServices(services)
/// <summary>
/// 서비스 컬렉션 구성하기
/// </summary>
/// <param name="services">서비스 컬렉션</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication();
services.AddAuthorization
(
options =>
{
var defaultAuthBuilder = new AuthorizationPolicyBuilder();
var defaultAuthPolicy = defaultAuthBuilder
.AddRequirements(new JWTRequirement())
.Build();
options.DefaultPolicy = defaultAuthPolicy;
}
);
services.AddScoped<IAuthorizationHandler, JWTRequirementAuthorizationHandler>();
services.AddHttpClient()
.AddHttpContextAccessor();
services.AddControllersWithViews();
}
#endregion
#region 구성하기 - Configure(app, environment)
/// <summary>
/// 구성하기
/// </summary>
/// <param name="app">애플리케이션 빌더</param>
/// <param name="environment">웹 호스트 환경</param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
{
if(environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints
(
endpoints =>
{
endpoints.MapDefaultControllerRoute();
}
);
}
#endregion
}
}
▶ Controllers/HomeController.cs
using Microsoft.AspNetCore.Mvc;
namespace TestAPIServer.Controllers
{
/// <summary>
/// 홈 컨트롤러
/// </summary>
public class HomeController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 처리하기 - Index()
/// <summary>
/// 인덱스 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult Index()
{
return View();
}
#endregion
}
}
▶ Controllers/SecretController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
namespace TestAPIServer.Controllers
{
/// <summary>
/// 비밀 컨트롤러
/// </summary>
public class SecretController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 구하기 - Index()
/// <summary>
/// 인덱스 페이지 구하기
/// </summary>
/// <returns>문자열</returns>
[Authorize]
public IActionResult Index()
{
return Json($"API 서버 비밀 메시지 {DateTime.Now:yyyy-MM-dd HH:mm:ss}");
}
#endregion
}
}
▶ Views/Home/Index.cshtml
<h1>API 서버 인덱스 페이지</h1>
<hr />
[TestClient 프로젝트]
▶ Properties/launchSettings.json
{
"iisSettings" :
{
"windowsAuthentication" : false,
"anonymousAuthentication" : true,
"iisExpress" :
{
"applicationUrl" : "http://localhost:50030",
"sslPort" : 44320
}
},
"profiles" :
{
"IIS Express" :
{
"commandName" : "IISExpress",
"launchBrowser" : true,
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
},
"TestClient" :
{
"commandName" : "Project",
"launchBrowser" : true,
"applicationUrl" : "https://localhost:5001;http://localhost:5000",
"environmentVariables" :
{
"ASPNETCORE_ENVIRONMENT" : "Development"
}
}
}
}
▶ Startup.cs
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;
using IdentityModel;
namespace TestClient
{
/// <summary>
/// 시작
/// </summary>
public class Startup
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 서비스 컬렉션 구성하기 - ConfigureServices(services)
/// <summary>
/// 서비스 컬렉션 구성하기
/// </summary>
/// <param name="services">서비스 컬렉션</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication
(
options =>
{
options.DefaultAuthenticateScheme = "TestClientCookie";
options.DefaultSignInScheme = "TestClientCookie";
options.DefaultChallengeScheme = "TestServer";
}
)
.AddCookie("TestClientCookie")
.AddOAuth
(
"TestServer",
options =>
{
options.ClientId = "CLIENTID0001";
options.ClientSecret = "CLIENTSECRET0001";
options.CallbackPath = "/oauth/callback";
options.AuthorizationEndpoint = "https://localhost:44300/oauth/login";
options.TokenEndpoint = "https://localhost:44300/oauth/token";
options.SaveTokens = true;
options.Events = new OAuthEvents()
{
OnCreatingTicket = context =>
{
string accessToken = context.AccessToken;
string payload = accessToken.Split('.')[1];
byte[] payloadByteArray = Base64Url.Decode(payload);
string json = Encoding.UTF8.GetString(payloadByteArray);
Dictionary<string, string> claimDictionary = JsonConvert.DeserializeObject<Dictionary<string, string>>(json);
foreach(KeyValuePair<string, string> claimKeyValuePair in claimDictionary)
{
context.Identity.AddClaim(new Claim(claimKeyValuePair.Key, claimKeyValuePair.Value));
}
return Task.CompletedTask;
}
};
}
);
services.AddHttpClient();
services.AddControllersWithViews()
.AddRazorRuntimeCompilation();
}
#endregion
#region 구성하기 - Configure(app, environment)
/// <summary>
/// 구성하기
/// </summary>
/// <param name="app">애플리케이션 빌더</param>
/// <param name="environment">웹 호스트 환경</param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
{
if(environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints
(
endpoints =>
{
endpoints.MapDefaultControllerRoute();
}
);
}
#endregion
}
}
▶ Controllers/HomeController.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Net.Http;
using System.Threading.Tasks;
namespace TestClient.Controllers
{
/// <summary>
/// 홈 컨트롤러
/// </summary>
public class HomeController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Field
////////////////////////////////////////////////////////////////////////////////////////// Private
#region Field
/// <summary>
/// HTTP 클라이언트
/// </summary>
private readonly HttpClient client;
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - HomeController(factory)
/// <summary>
/// 생성자
/// </summary>
/// <param name="factory">HTTP 클라이언트 팩토리</param>
public HomeController(IHttpClientFactory factory)
{
this.client = factory.CreateClient();
}
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이치 처리하기 - Index()
/// <summary>
/// 인덱스 페이치 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult Index()
{
return View();
}
#endregion
#region 비밀 페이지 처리하기 - Secret()
/// <summary>
/// 비밀 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[Authorize]
public async Task<IActionResult> Secret()
{
var token = await HttpContext.GetTokenAsync("access_token");
this.client.DefaultRequestHeaders.Add("Authorization", $"Bearer {token}");
string authorizationServerURL = "https://localhost:44300/secret/index";
HttpResponseMessage authorizationServerResponse = await this.client.GetAsync(authorizationServerURL);
if(authorizationServerResponse.IsSuccessStatusCode)
{
string result = await authorizationServerResponse.Content.ReadAsAsync<string>();
ViewData["AuthorizationServerData"] = result;
}
string apiServerURL = "https://localhost:44310/secret/index";
HttpResponseMessage apiServerResponse = await this.client.GetAsync(apiServerURL);
if(apiServerResponse.IsSuccessStatusCode)
{
string result = await apiServerResponse.Content.ReadAsAsync<string>();
ViewData["APIServerData"] = result;
}
return View();
}
#endregion
}
}
▶ Views/Home/Index.cshtml
<h1>클라이언트 인덱스 페이지</h1>
<hr />
▶ Views/Home/Secret.cshtml
<h1>클라이언트 비밀 페이지</h1>
<hr />
<p>인증 서버 데이터 : @ViewData["AuthorizationServerData"]</p>
<p>API 서버 데이터 : @ViewData["APIServerData"]</p>728x90
그리드형(광고전용)
