你好 现在我有2个项目A,B 项目A: BLAZOR WEB APP / tired,ms sql 项目B: BLAZOR WEB APP / tired,ms sql
如何让项目A使用项目B的auth service呢?
12 Answer(s)
-
0
- You don’t “reuse Project B’s auth service” by referencing code. In ABP, the correct approach is: Project B runs as a dedicated AuthServer (OpenIddict/OIDC), and Project A becomes an OIDC client that redirects users to Project B to sign-in and receives tokens.
1) Make Project B the Auth Server (central)
- Ensure Project B has an
*.AuthServer(or equivalent host) running and reachable, e.g.https://auth.mycompany.com
- Make sure Project B issues tokens for the scopes/audiences that Project A will need (at minimum:
openid,profile,email,roles, plus your API scope if A will call B’s APIs).
2) Register Project A as a client in Project B (OpenIddict Application)
Project A must exist as an OpenIddict application in Project B (client_id/client_secret + redirect URIs).
Practical ABP way:
- Use ABP OpenIddict “Application Management” to create an application for Project A (client).
- Configure:
- ClientId: e.g.
ProjectA_Blazor - RedirectUri:
https://project-a-host/signin-oidc - PostLogoutRedirectUri:
https://project-a-host/signout-callback-oidc - Grant type:
authorization_code(with PKCE recommended) - Scopes:
openid profile email roles(+ API scopes you need)
- ClientId: e.g.
3) Configure Project A (Blazor Web App) to use Project B as Authority
In Project A
appsettings.json:"AuthServer": { "Authority": "https://auth.mycompany.com", "RequireHttpsMetadata": "true", "ClientId": "ProjectA_Blazor", "ClientSecret": "YOUR_CLIENT_SECRET" }Then in Project A authentication configuration (Program.cs / Module), set OpenId Connect to point to Project B (
Authority = AuthServer:Authority) and ensure the redirect URI path matches/signin-oidc.4) (Optional) If Project A must call Project B’s HttpApi
- Use the access token issued by Project B and call Project B’s API with
Bearer {access_token}. - If Project A is also ABP and you want typed/dynamic proxies, use ABP’s HttpApi.Client approach (create/consume an API client package or add
HttpApi.Clientproject reference pattern).
Sources
- https://abp.io/docs/latest/suite/solution-structure
- https://abp.io/docs/latest/modules/openiddict#application-management
- https://abp.io/support/questions/4849
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
现在我有2个项目A,B 项目A: BLAZOR WEB APP / tired,ms sql 项目B: BLAZOR WEB APP / tired,ms sql
A和B都有一个authserver项目
这种情况下你可以创建一个独立的authserver项目, 然后使用它作为共用,并移除AB中的authserver
Openiddict支持这种情况. 只需要修改application的重定向url或者添加新的客户端就可以
-
0
authserver使用独立的数据库?用户信息和权限如何处理呢?
-
0
authserver 要使用和 API 相同的数据库
blazor是纯UI项目.
-
0
项目A和项目B是独立的数据库,如何使用共用的auth server,?
-
0
auth server需要认证用户, 也就是它有account模块, 它就是单独的身份服务器
AB有API项目吗?
-
0
AB 有API项目,之前都是完整的项目,现在考虑使用共同的auth server, 考虑让B的auth server 作为公共的然后让A使用. 除了在B的auth server找中添加application B .还需要做什么呢?B的auth server 添加A的权限定义?
-
0
最基本的要求是AB中的API和authserver最好使用相同的数据库, 这点可以实现吗?
-
0
数据库目前已经是独立的了.是否可以参考微服务中的独立数据库模式?
-
0
这个数据库是存储用户数据的, api 服务会共享它. 必须是相同的一套User数据
-
0
我可以将A的用户数据 同步到B数据库. 之后要做什么呢?
-
0
之后你的API A, ABP B 和 AuthServer将使用相同的数据库.
AuthServer既可作为统一的身份认证服务器, 你需要在其中创建2个client/application, 之后给API A和B签发和验证token.
