<\/div>\n
Merhaba,<\/p>\n
IdentityServer4 Yaz\u0131 Serisi<\/a>nin onbirinci makalesi olan Merkezi \u00dcyelik Sistemi Temelleri<\/a> ba\u015fl\u0131kl\u0131 i\u00e7eri\u011fimizin 5. ad\u0131m\u0131nda Identity Resource \u00fczerine odaklanm\u0131\u015ft\u0131k ve \u00f6ntan\u0131ml\u0131 olan ‘OpenId’ ve ‘Profile’ bilgilerini ekleyerek kullan\u0131c\u0131 id\/subject id de\u011feriyle birlikte kullan\u0131c\u0131 profil bilgilerini tan\u0131mlam\u0131\u015ft\u0131k. Bu i\u00e7eri\u011fimizde ise bu \u00f6ntan\u0131ml\u0131 identity resource’lerin d\u0131\u015f\u0131nda custom(\u00f6zel) identity resource tan\u0131mlamay\u0131 ele alacak ve bunu client taraf\u0131ndan talep etmeyi inceleyece\u011fiz.<\/p>\n
IdentityServer4 uygulamas\u0131na custom identity resource ekleyebilmek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131n s\u0131ras\u0131yla uygulanmas\u0131 gerekmektedir.<\/p>\n
Ad\u0131m 1<\/strong>
\n‘AuthServer’ uygulamas\u0131ndaki ‘Config.cs’ dosyas\u0131nda identity resource’lerin tan\u0131mland\u0131\u011f\u0131 ‘GetIdentityResources’ metoduna a\u015fa\u011f\u0131daki gibi custom de\u011fer(ler) olu\u015fturulmal\u0131d\u0131r.<\/p>\n
\r\n        public static IEnumerable<IdentityResource> GetIdentityResources()\r\n        {\r\n            return new List<IdentityResource>\r\n            {\r\n                new IdentityResources.OpenId(),\r\n                new IdentityResources.Profile(),\r\n                new IdentityResource {\r\n                    Name = "PositionAndAuthority",\r\n                    DisplayName = "Position And Authority",\r\n                    Description = "Kullan\u0131c\u0131 pozisyonu ve yetkisi.",\r\n                    UserClaims = { "position", "authority" }\r\n                }\r\n            };\r\n        }\r\n<\/pre>\nBurada g\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere ‘PositionAndAuthority’ isminde bir identity resource olu\u015fturulmu\u015ftur ve i\u00e7erisinde ‘position’ ve ‘authority’ claim’leri mevcuttur.\n<\/li>\nAd\u0131m 2<\/strong>
\nYukar\u0131da olu\u015fturulan identity resource claim’lerini kullan\u0131c\u0131lar i\u00e7inde claim olarak tan\u0131mlamam\u0131z gerekmektedir. Bunun i\u00e7in yine ‘Config.cs’ dosyas\u0131ndaki ‘GetTestUsers’ metodundaki ilgili kullan\u0131c\u0131lara a\u015fa\u011f\u0131daki gibi eklemede bulunmak gerekmektedir.<\/p>\n\r\n        public static IEnumerable<TestUser> GetTestUsers()\r\n        {\r\n            return new List<TestUser> {\r\n                new TestUser {\r\n                    .\r\n                    .\r\n                    .\r\n                    Claims = {\r\n                        new Claim("name","test user1"),\r\n                        new Claim("given_name","test user1 given"),\r\n                        new Claim("website","https:\/\/wwww.testuser1.com"),\r\n                        new Claim("gender","1"),\r\n                        new Claim("position" , "Test Kullan\u0131c\u0131s\u0131 1"),\r\n                        new Claim("authority", "Test 1")\r\n                    }\r\n                },\r\n                new TestUser {\r\n                    .\r\n                    .\r\n                    .\r\n                    Claims = {\r\n                        new Claim("name","test user2"),\r\n                        new Claim("website","https:\/\/wwww.testuser2.com"),\r\n                        new Claim("gender","0"),\r\n                        new Claim("position" , "Test Kullan\u0131c\u0131s\u0131 2"),\r\n                        new Claim("authority", "Test 2")\r\n                    }\r\n                }\r\n            };\r\n        }\r\n<\/pre>\nG\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere identity resource’da olu\u015fturulan ‘position’ ve ‘authority’ claim’lerine kar\u015f\u0131l\u0131k de\u011ferler verilmi\u015ftir. Tabi burada kafa kar\u0131\u015ft\u0131rabilecek bir durum vard\u0131r. O da \u00f6nceki makalelerde kullan\u0131c\u0131lara tan\u0131mlad\u0131\u011f\u0131m\u0131z ‘website’, ‘gender’ vs. gibi claim bilgileridir. Do\u011frusu bu bilgileri \u00f6nceden tan\u0131mland\u0131\u011f\u0131 i\u00e7in kald\u0131rmaya gerek duymad\u0131m. \u0130lgili claim’lere dair 1. ad\u0131mda oldu\u011fu gibi identity resource’ler olu\u015fturup uygulamada client’\u0131n talep edebilece\u011fi hale getirebilirsiniz.\n<\/li>\nAd\u0131m 3<\/strong>
\n\u0130lgili claim’leri kullan\u0131c\u0131lar i\u00e7inde tan\u0131mlad\u0131ktan sonra client’ta bu identity resource’\u00fcn ‘AllowedScopes’ property’si ile talep edilmesi gerekmektedir.<\/p>\n\r\n        public static IEnumerable<Client> GetClients()\r\n        {\r\n            return new List<Client>\r\n            {\r\n                new Client\r\n                        {\r\n                            ClientId = "GarantiBankasi",\r\n                            .\r\n                            .\r\n                            .\r\n                            AllowedScopes = { "Garanti.Write", "Garanti.Read" }\r\n                        },\r\n                new Client\r\n                        {\r\n                            ClientId = "HalkBankasi",\r\n                            .\r\n                            .\r\n                            .\r\n                            AllowedScopes = { "HalkBank.Write", "HalkBank.Read" }\r\n                        },\r\n                new Client\r\n                        {\r\n                            ClientId = "OnlineBankamatik",\r\n                            .\r\n                            .\r\n                            .\r\n                            AllowedScopes = {\r\n                                IdentityServerConstants.StandardScopes.OpenId,\r\n                                IdentityServerConstants.StandardScopes.Profile,\r\n                                IdentityServerConstants.StandardScopes.OfflineAccess,\r\n                                "Garanti.Write",\r\n                                "Garanti.Read",\r\n                                "PositionAndAuthority"\r\n                                            },\r\n                            .\r\n                            .\r\n                            .\r\n                        }\r\n            };\r\n        }\r\n<\/pre>\n33. sat\u0131ra g\u00f6z atarsan\u0131z e\u011fer ilgili identity resource client taraf\u0131ndan scope olarak talep edilmektedir.\n<\/li>\nAd\u0131m 4<\/strong>
\nAyriyetten ilgili identity resource de\u011ferlerinin client uygulamas\u0131n\u0131n ‘Startup.cs’ dosyas\u0131ndan da scope olarak talep edilmesi gerekmektedir. Bunun i\u00e7in;<\/p>\n\r\n    public class Startup\r\n    {\r\n        public void ConfigureServices(IServiceCollection services)\r\n        {\r\n            services.AddAuthentication(_ =>\r\n            {\r\n                _.DefaultScheme = "OnlineBankamatikCookie";\r\n                _.DefaultChallengeScheme = "oidc";\r\n            })\r\n            .AddCookie("OnlineBankamatikCookie")\r\n            .AddOpenIdConnect("oidc", _ =>\r\n            {\r\n                .\r\n                .\r\n                .\r\n                _.Scope.Add("offline_access");\r\n                _.Scope.Add("Garanti.Write");\r\n                _.Scope.Add("Garanti.Read");\r\n                _.Scope.Add("PositionAndAuthority");\r\n            });\r\n            services.AddControllersWithViews();\r\n        }\r\n        .\r\n        .\r\n        .\r\n    }\r\n<\/pre>\n19. sat\u0131rda oldu\u011fu gibi ‘Scope.Add’ komutuyla talebin eklenmesi yeterlidir.\n<\/li>\n
Ad\u0131m 5<\/strong>
\nBu ad\u0131ma kadar yap\u0131lan konfig\u00fcrasyon ile client’\u0131n kullan\u0131c\u0131ya dair ‘PositionAndAuthority’ name de\u011ferine sahip identity resource’u talep etmesi neticesinde ilgili claim de\u011ferlerini elde edebilece\u011fi bildirilmi\u015ftir. Lakin \u00fcretilecek JWT’de bu de\u011ferlerin hangi claim’ler ile e\u015fle\u015fece\u011fi bildirilmemi\u015ftir. Hoca! Zaten ‘Profile’ ve ‘OpenId’ identity resource’lerinde bildirmedik, \u00f6zel olu\u015fturdu\u011fumuzu niye bildirelim!<\/em><\/strong> \u015feklinde sorunuzu duyar gibiyim… Evet, Profile ve OpenId \u00f6ntan\u0131ml\u0131 identity resource olduklar\u0131ndan dolay\u0131 manuel m\u00fcdahaleye gerek kalmaks\u0131z\u0131n direkt olarak JWT’de bir claim ile e\u015fle\u015ftirilmektedir. Lakin custom geli\u015ftirilen identity resource’lar\u0131n JWT’de hangi claim ile ta\u015f\u0131naca\u011f\u0131 manuel belirtilmelidir. Bunun i\u00e7in yine client’\u0131n ‘Startup.cs’deki ‘AddOpenIdConnect’ servisinde ‘Microsoft.AspNetCore.Authentication<\/em>‘ namespace’i alt\u0131ndaki ‘MapUniqueJsonKey’ metoduyla a\u015fa\u011f\u0131daki konfig\u00fcrasyonlar ger\u00e7ekle\u015ftirilmelidir.<\/p>\n\r\n            .\r\n            .\r\n            .AddOpenIdConnect("oidc", _ =>\r\n            {\r\n                .\r\n                .\r\n                .\r\n                _.ClaimActions.MapUniqueJsonKey("position", "position");\r\n                _.ClaimActions.MapUniqueJsonKey("authority", "authority");\r\n            });\r\n<\/pre>\nBurada ‘MapUniqueJsonKey’ metodunun birinci parametresi claim ad\u0131n\u0131, ikinci parametre ise olu\u015fturulacak JWT’de ki kar\u015f\u0131l\u0131\u011f\u0131n\u0131 belirlemektedir. Dolay\u0131s\u0131yla ‘position’ claim’i ‘position’ json key’i ile e\u015fle\u015ftirilmekte ve b\u00f6ylece olu\u015fturulacak JWT’de ‘position’ de\u011feri ile ta\u015f\u0131nabilece\u011fi bildirilmektedir. Benzer mant\u0131k ‘authority’ claim’i i\u00e7inde ge\u00e7erlidir.\n<\/li>\n<\/ul>\n
Evet, i\u015fte bu kadar \ud83d\ude42
\n\u015eimdi s\u0131ra sisteme yeni eklenen identity resource’e kar\u015f\u0131l\u0131k gelen kullan\u0131c\u0131lardaki claim’lerin, client taraf\u0131ndan yap\u0131lan talep neticesinde elde edilip edilmedi\u011fini test etmeye gelmi\u015ftir.<\/p>\n
Test Edelim<\/h3>\n<\/a>
\nG\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere kullan\u0131c\u0131 giri\u015f yapt\u0131ktan sonra bir \u00f6nceki makalemizde konfig\u00fcre etti\u011fimiz onay sayfas\u0131 bizleri kar\u015f\u0131lamakta ve tasarlad\u0131\u011f\u0131m\u0131z ‘PositionAndAuthority’ identity resource’unu getirmektedir.<\/p>\n
Ayr\u0131ca elde edilen access token’\u0131 jwt.io<\/a> adresinde decode ederek incelersek e\u011fer;
\n<\/a>
\nilgili identity resource’un ‘scope’ k\u0131sm\u0131na eklendi\u011fini g\u00f6zlemleyebilmekteyiz.<\/p>\n
\u0130lgilenenlerin faydalanmas\u0131 dile\u011fiyle…
\nSonraki yaz\u0131lar\u0131mda g\u00f6r\u00fc\u015fmek \u00fczere…
\n\u0130yi \u00e7al\u0131\u015fmalar…<\/p>\n
Not : \u00d6rnek uygulamay\u0131 indirebilmek i\u00e7in buraya<\/a> t\u0131klay\u0131n\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"
Merhaba, IdentityServer4 Yaz\u0131 Serisinin onbirinci makalesi olan Merkezi \u00dcyelik Sistemi Temelleri ba\u015fl\u0131kl\u0131 i\u00e7eri\u011fimizin 5. ad\u0131m\u0131nda Identity Resource \u00fczerine odaklanm\u0131\u015ft\u0131k ve \u00f6ntan\u0131ml\u0131 olan ‘OpenId’ ve ‘Profile’ bilgilerini ekleyerek kullan\u0131c\u0131 id\/subject id de\u011feriyle birlikte kullan\u0131c\u0131 profil...<\/p>\n","protected":false},"author":1,"featured_media":18168,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3826],"tags":[3827,3918,3917,3887],"class_list":["post-19070","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-identityserver4","tag-identityserver4","tag-identityserver4-custom-identity-resource","tag-identityserver4-identity-resource","tag-merkezi-uyelik-sistemi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/19070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/comments?post=19070"}],"version-history":[{"count":29,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/19070\/revisions"}],"predecessor-version":[{"id":19103,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/posts\/19070\/revisions\/19103"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media\/18168"}],"wp:attachment":[{"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/media?parent=19070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/categories?post=19070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gencayyildiz.com\/blog\/wp-json\/wp\/v2\/tags?post=19070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}