我做了它的工作,但设置Thinktecture的身份服务器v 3作为我的令牌提供者,但我认为如果你有另一个令牌提供者将是相同的流程….

(更新：我添加了一个github repo代码：here)

这里是我的启动类：(Identityserver v3也运行在Vnext上,稍作调整).通知我有同一个网络应用程序的服务器和网络api.如果您有两个不同的网站项目,那么这也是可以的,但这里是为了演示…

public class Startup
{
    // For more information on how to configure your application,visit http://go.microsoft.com/fwlink/?LinkID=398940
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app)
    {
        app.Map("/core",core =>
        {
            var factory = InMemoryFactory.Create(
                                    users: Users.Get(),clients: Clients.Get(),scopes: Scopes.Get());

            var idsrvOptions = new IdentityServerOptions
            {
                IssuerUri = "https://idsrv3.com",SiteName = "test vnext Identity server",Factory = factory,SigningCertificate = Certificate.Get(),RequireSsl = false,CorsPolicy = CorsPolicy.AllowAll,Authenticationoptions = new Authenticationoptions
                {
                }
            };

            core.UseIdentityServer(idsrvOptions);
        });

        app.Map("/api",api =>
        {

            api.USEOAuthBearerAuthentication(options => {
                options.Authority = Constants.AuthorizationUrl;
                options.MetadataAddress = Constants.AuthorizationUrl + "/.well-kNown/openid-configuration";
                options.TokenValidationParameters.ValidAudience = "https://idsrv3.com/resources"; 
            });

            api.UseMvc();

        });

    }
}

从这里你可以看到我的IdentityServerV3被映射到’/ core’,并在同一个Web应用程序项目(可能是另一个)中,我有一个web api使用MVC.下面是控制器：

[Authorize]
[Route("[controller]")]
public class Test : Controller
{
    [HttpGet]
    public JsonResult Get()
    {
        return Json(new
        {
            message = "You See this then it's ok auth is  :" + User.Identity.IsAuthenticated,});
    }
}

我已经在我的身份服务器中配置了一个客户端：

new Client
            {
                 //Resource Owner Flow Client (our web UI)
                ClientName = "WebUI",Enabled = true,ClientId = "IdentityWebUI",ClientSecrets = new List<ClientSecret>
                {
                    new ClientSecret("secret".Sha256())
                },Flow = Flows.ResourceOwner,AccesstokenType = AccesstokenType.Jwt,AccesstokenLifetime = 3600

            }

这里是User(用于InMemory用户)：

return new List<InMemoryUser>
        {
            new InMemoryUser
            {
                Username = "testUser",Password = "testPwd",Subject = "I am the Subject"
            }

        };

在fidler中,我发出以下POST以获取一个承载令牌：

POST : http://localhost:4357/core/connect/token

    User-Agent: fiddler
    Host: localhost:4357
    Content-Length: 67
    Content-Type: application/x-www-form-urlencoded
    Authorization: Basic swrlbnRpdhlXZWJVSTpzZWNyZXQ=

    grant_type=password&username=testUser&password=testPwd&scope=openid

在响应中你会得到一个Access_token

{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaiftbp9j7knxxQ3ZdGmaYAO96xuhHfO1DbGrdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ","expires_in":3600,"token_type":"Bearer"}

那么我使用access_token来调用我的web api

这里是小提琴手(在作曲家窗格中)

GET http://localhost:4357/api/Test

    User-Agent: fiddler
    Host: localhost:4357
    Content-Length: 0
    Content-Type: application/x-www-form-urlencoded
    Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaiftbp9j7knxxQ3ZdGmaYAO96xuhHfO1DbGrdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ

然后我得到响应仍然在fidler：

您可以按照下面的link获得更多信息,但与vnext无关.我将在此创建一个帖子,因为我需要一个angularJS应用程序来验证和使用隐式流而不是资源所有者流…与visual studio 2015预览