本文共 26337 字,大约阅读时间需要 87 分钟。
TaskFindClientByIdAsync(string clientId);
从EFCore实现中可以看出来,就一个简单的客户端查询语句,尽然执行了10次数据库查询操作(可以使用SQL Server Profiler查看详细的SQL语句),这也是为什么使用IdentityServer4获取授权信息时奇慢无比的原因。
public TaskFindClientByIdAsync(string clientId){ var client = _context.Clients .Include(x => x.AllowedGrantTypes) .Include(x => x.RedirectUris) .Include(x => x.PostLogoutRedirectUris) .Include(x => x.AllowedScopes) .Include(x => x.ClientSecrets) .Include(x => x.Claims) .Include(x => x.IdentityProviderRestrictions) .Include(x => x.AllowedCorsOrigins) .Include(x => x.Properties) .FirstOrDefault(x => x.ClientId == clientId); var model = client?.ToModel(); _logger.LogDebug("{clientId} found in database: {clientIdFound}", clientId, model != null); return Task.FromResult(model);}
using IdentityServer4.Dapper.Options;using System;using IdentityServer4.Stores;namespace Microsoft.Extensions.DependencyInjection{ ////// 金焰的世界 /// 2018-12-03 /// 使用Dapper扩展 /// public static class IdentityServerDapperBuilderExtensions { ////// 配置Dapper接口和实现(默认使用SqlServer) /// /// The builder. /// 存储配置信息 ///public static IIdentityServerBuilder AddDapperStore( this IIdentityServerBuilder builder, Action storeOptionsAction = null) { var options = new DapperStoreOptions(); builder.Services.AddSingleton(options); storeOptionsAction?.Invoke(options); builder.Services.AddTransient (); builder.Services.AddTransient (); builder.Services.AddTransient (); return builder; } /// /// 使用Mysql存储 /// /// ///public static IIdentityServerBuilder UseMySql(this IIdentityServerBuilder builder) { builder.Services.AddTransient (); builder.Services.AddTransient (); builder.Services.AddTransient (); return builder; } }}
namespace IdentityServer4.Dapper.Options{ ////// 金焰的世界 /// 2018-12-03 /// 配置存储信息 /// public class DapperStoreOptions { ////// 是否启用自定清理Token /// public bool EnableTokenCleanup { get; set; } = false; ////// 清理token周期(单位秒),默认1小时 /// public int TokenCleanupInterval { get; set; } = 3600; ////// 连接字符串 /// public string DbConnectionStrings { get; set; } }}
using Dapper;using IdentityServer4.Dapper.Mappers;using IdentityServer4.Dapper.Options;using IdentityServer4.Models;using IdentityServer4.Stores;using Microsoft.Extensions.Logging;using System.Data.SqlClient;using System.Threading.Tasks;namespace IdentityServer4.Dapper.Stores.SqlServer{ ////// 金焰的世界 /// 2018-12-03 /// 实现提取客户端存储信息 /// public class SqlServerClientStore: IClientStore { private readonly ILogger_logger; private readonly DapperStoreOptions _configurationStoreOptions; public SqlServerClientStore(ILogger logger, DapperStoreOptions configurationStoreOptions) { _logger = logger; _configurationStoreOptions = configurationStoreOptions; } /// /// 根据客户端ID 获取客户端信息内容 /// /// ///public async Task FindClientByIdAsync(string clientId) { var cModel = new Client(); var _client = new Entities.Client(); using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { //由于后续未用到,暂不实现 ClientPostLogoutRedirectUris ClientClaims ClientIdPRestrictions ClientCorsOrigins ClientProperties,有需要的自行添加。 string sql = @"select * from Clients where ClientId=@client and Enabled=1; select t2.* from Clients t1 inner join ClientGrantTypes t2 on t1.Id=t2.ClientId where t1.ClientId=@client and Enabled=1; select t2.* from Clients t1 inner join ClientRedirectUris t2 on t1.Id=t2.ClientId where t1.ClientId=@client and Enabled=1; select t2.* from Clients t1 inner join ClientScopes t2 on t1.Id=t2.ClientId where t1.ClientId=@client and Enabled=1; select t2.* from Clients t1 inner join ClientSecrets t2 on t1.Id=t2.ClientId where t1.ClientId=@client and Enabled=1; "; var multi = await connection.QueryMultipleAsync(sql, new { client = clientId }); var client = multi.Read (); var ClientGrantTypes = multi.Read (); var ClientRedirectUris = multi.Read (); var ClientScopes = multi.Read (); var ClientSecrets = multi.Read (); if (client != null && client.AsList().Count > 0) {//提取信息 _client = client.AsList()[0]; _client.AllowedGrantTypes = ClientGrantTypes.AsList(); _client.RedirectUris = ClientRedirectUris.AsList(); _client.AllowedScopes = ClientScopes.AsList(); _client.ClientSecrets = ClientSecrets.AsList(); cModel = _client.ToModel(); } } _logger.LogDebug("{clientId} found in database: {clientIdFound}", clientId, _client != null); return cModel; } }}
using System.Collections.Generic;using System.Security.Claims;using AutoMapper;namespace IdentityServer4.Dapper.Mappers{ ////// 金焰的世界 /// 2018-12-03 /// 客户端实体映射 /// ///public class ClientMapperProfile : Profile { public ClientMapperProfile() { CreateMap >() .ReverseMap(); CreateMap () .ForMember(dest => dest.ProtocolType, opt => opt.Condition(srs => srs != null)) .ReverseMap(); CreateMap () .ConstructUsing(src => src.Origin) .ReverseMap() .ForMember(dest => dest.Origin, opt => opt.MapFrom(src => src)); CreateMap () .ConstructUsing(src => src.Provider) .ReverseMap() .ForMember(dest => dest.Provider, opt => opt.MapFrom(src => src)); CreateMap (MemberList.None) .ConstructUsing(src => new Claim(src.Type, src.Value)) .ReverseMap(); CreateMap () .ConstructUsing(src => src.Scope) .ReverseMap() .ForMember(dest => dest.Scope, opt => opt.MapFrom(src => src)); CreateMap () .ConstructUsing(src => src.PostLogoutRedirectUri) .ReverseMap() .ForMember(dest => dest.PostLogoutRedirectUri, opt => opt.MapFrom(src => src)); CreateMap () .ConstructUsing(src => src.RedirectUri) .ReverseMap() .ForMember(dest => dest.RedirectUri, opt => opt.MapFrom(src => src)); CreateMap () .ConstructUsing(src => src.GrantType) .ReverseMap() .ForMember(dest => dest.GrantType, opt => opt.MapFrom(src => src)); CreateMap (MemberList.Destination) .ForMember(dest => dest.Type, opt => opt.Condition(srs => srs != null)) .ReverseMap(); } }}
using AutoMapper;namespace IdentityServer4.Dapper.Mappers{ ////// 金焰的世界 /// 2018-12-03 /// 客户端信息映射 /// public static class ClientMappers { static ClientMappers() { Mapper = new MapperConfiguration(cfg => cfg.AddProfile()) .CreateMapper(); } internal static IMapper Mapper { get; } public static Models.Client ToModel(this Entities.Client entity) { return Mapper.Map (entity); } public static Entities.Client ToEntity(this Models.Client model) { return Mapper.Map (model); } }}
using Dapper;using IdentityServer4.Dapper.Mappers;using IdentityServer4.Dapper.Options;using IdentityServer4.Models;using IdentityServer4.Stores;using Microsoft.Extensions.Logging;using System.Collections.Generic;using System.Data.SqlClient;using System.Threading.Tasks;using System.Linq;namespace IdentityServer4.Dapper.Stores.SqlServer{ ////// 金焰的世界 /// 2018-12-03 /// 重写资源存储方法 /// public class SqlServerResourceStore : IResourceStore { private readonly ILogger_logger; private readonly DapperStoreOptions _configurationStoreOptions; public SqlServerResourceStore(ILogger logger, DapperStoreOptions configurationStoreOptions) { _logger = logger; _configurationStoreOptions = configurationStoreOptions; } /// /// 根据api名称获取相关信息 /// /// ///public async Task FindApiResourceAsync(string name) { var model = new ApiResource(); using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = @"select * from ApiResources where Name=@Name and Enabled=1; select * from ApiResources t1 inner join ApiScopes t2 on t1.Id=t2.ApiResourceId where t1.Name=@name and Enabled=1; "; var multi = await connection.QueryMultipleAsync(sql, new { name }); var ApiResources = multi.Read (); var ApiScopes = multi.Read (); if (ApiResources != null && ApiResources.AsList()?.Count > 0) { var apiresource = ApiResources.AsList()[0]; apiresource.Scopes = ApiScopes.AsList(); if (apiresource != null) { _logger.LogDebug("Found {api} API resource in database", name); } else { _logger.LogDebug("Did not find {api} API resource in database", name); } model = apiresource.ToModel(); } } return model; } /// /// 根据作用域信息获取接口资源 /// /// ///public async Task > FindApiResourcesByScopeAsync(IEnumerable scopeNames) { var apiResourceData = new List (); string _scopes = ""; foreach (var scope in scopeNames) { _scopes += "'" + scope + "',"; } if (_scopes == "") { return null; } else { _scopes = _scopes.Substring(0, _scopes.Length - 1); } string sql = "select distinct t1.* from ApiResources t1 inner join ApiScopes t2 on t1.Id=t2.ApiResourceId where t2.Name in(" + _scopes + ") and Enabled=1;"; using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { var apir = (await connection.QueryAsync (sql))?.AsList(); if (apir != null && apir.Count > 0) { foreach (var apimodel in apir) { sql = "select * from ApiScopes where ApiResourceId=@id"; var scopedata = (await connection.QueryAsync (sql, new { id = apimodel.Id }))?.AsList(); apimodel.Scopes = scopedata; apiResourceData.Add(apimodel.ToModel()); } _logger.LogDebug("Found {scopes} API scopes in database", apiResourceData.SelectMany(x => x.Scopes).Select(x => x.Name)); } } return apiResourceData; } /// /// 根据scope获取身份资源 /// /// ///public async Task > FindIdentityResourcesByScopeAsync(IEnumerable scopeNames) { var apiResourceData = new List (); string _scopes = ""; foreach (var scope in scopeNames) { _scopes += "'" + scope + "',"; } if (_scopes == "") { return null; } else { _scopes = _scopes.Substring(0, _scopes.Length - 1); } using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { //暂不实现 IdentityClaims string sql = "select * from IdentityResources where Enabled=1 and Name in(" + _scopes + ")"; var data = (await connection.QueryAsync (sql))?.AsList(); if (data != null && data.Count > 0) { foreach (var model in data) { apiResourceData.Add(model.ToModel()); } } } return apiResourceData; } /// /// 获取所有资源实现 /// ///public async Task GetAllResourcesAsync() { var apiResourceData = new List (); var identityResourceData = new List (); using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "select * from IdentityResources where Enabled=1"; var data = (await connection.QueryAsync (sql))?.AsList(); if (data != null && data.Count > 0) { foreach (var m in data) { identityResourceData.Add(m.ToModel()); } } //获取apiresource sql = "select * from ApiResources where Enabled=1"; var apidata = (await connection.QueryAsync (sql))?.AsList(); if (apidata != null && apidata.Count > 0) { foreach (var m in apidata) { sql = "select * from ApiScopes where ApiResourceId=@id"; var scopedata = (await connection.QueryAsync (sql, new { id = m.Id }))?.AsList(); m.Scopes = scopedata; apiResourceData.Add(m.ToModel()); } } } var model = new Resources(identityResourceData, apiResourceData); return model; } }}
using Dapper;using IdentityServer4.Dapper.Mappers;using IdentityServer4.Dapper.Options;using IdentityServer4.Models;using IdentityServer4.Stores;using Microsoft.Extensions.Logging;using System.Collections.Generic;using System.Data.SqlClient;using System.Linq;using System.Threading.Tasks;namespace IdentityServer4.Dapper.Stores.SqlServer{ ////// 金焰的世界 /// 2018-12-03 /// 重写授权信息存储 /// public class SqlServerPersistedGrantStore : IPersistedGrantStore { private readonly ILogger_logger; private readonly DapperStoreOptions _configurationStoreOptions; public SqlServerPersistedGrantStore(ILogger logger, DapperStoreOptions configurationStoreOptions) { _logger = logger; _configurationStoreOptions = configurationStoreOptions; } /// /// 根据用户标识获取所有的授权信息 /// /// 用户标识 ///public async Task > GetAllAsync(string subjectId) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "select * from PersistedGrants where SubjectId=@subjectId"; var data = (await connection.QueryAsync (sql, new { subjectId }))?.AsList(); var model = data.Select(x => x.ToModel()); _logger.LogDebug("{persistedGrantCount} persisted grants found for {subjectId}", data.Count, subjectId); return model; } } /// /// 根据key获取授权信息 /// /// 认证信息 ///public async Task GetAsync(string key) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "select * from PersistedGrants where [Key]=@key"; var result = await connection.QueryFirstOrDefaultAsync (sql, new { key }); var model = result.ToModel(); _logger.LogDebug("{persistedGrantKey} found in database: {persistedGrantKeyFound}", key, model != null); return model; } } /// /// 根据用户标识和客户端ID移除所有的授权信息 /// /// 用户标识 /// 客户端ID ///public async Task RemoveAllAsync(string subjectId, string clientId) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "delete from PersistedGrants where ClientId=@clientId and SubjectId=@subjectId"; await connection.ExecuteAsync(sql, new { subjectId, clientId }); _logger.LogDebug("remove {subjectId} {clientId} from database success", subjectId, clientId); } } /// /// 移除指定的标识、客户端、类型等授权信息 /// /// 标识 /// 客户端ID /// 授权类型 ///public async Task RemoveAllAsync(string subjectId, string clientId, string type) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "delete from PersistedGrants where ClientId=@clientId and SubjectId=@subjectId and Type=@type"; await connection.ExecuteAsync(sql, new { subjectId, clientId }); _logger.LogDebug("remove {subjectId} {clientId} {type} from database success", subjectId, clientId, type); } } /// /// 移除指定KEY的授权信息 /// /// ///public async Task RemoveAsync(string key) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "delete from PersistedGrants where [Key]=@key"; await connection.ExecuteAsync(sql, new { key }); _logger.LogDebug("remove {key} from database success", key); } } /// /// 存储授权信息 /// /// 实体 ///public async Task StoreAsync(PersistedGrant grant) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { //移除防止重复 await RemoveAsync(grant.Key); string sql = "insert into PersistedGrants([Key],ClientId,CreationTime,Data,Expiration,SubjectId,Type) values(@Key,@ClientId,@CreationTime,@Data,@Expiration,@SubjectId,@Type)"; await connection.ExecuteAsync(sql, grant); } } }}
using System;using System.Threading.Tasks;namespace IdentityServer4.Dapper.Interfaces{ ////// 金焰的世界 /// 2018-12-03 /// 过期授权清理接口 /// public interface IPersistedGrants { ////// 移除指定时间的过期信息 /// /// 过期时间 ///Task RemoveExpireToken(DateTime dt); }}
using Dapper;using IdentityServer4.Dapper.Interfaces;using IdentityServer4.Dapper.Options;using Microsoft.Extensions.Logging;using System;using System.Data.SqlClient;using System.Threading.Tasks;namespace IdentityServer4.Dapper.Stores.SqlServer{ ////// 金焰的世界 /// 2018-12-03 /// 实现授权信息自定义管理 /// public class SqlServerPersistedGrants : IPersistedGrants { private readonly ILogger_logger; private readonly DapperStoreOptions _configurationStoreOptions; public SqlServerPersistedGrants(ILogger logger, DapperStoreOptions configurationStoreOptions) { _logger = logger; _configurationStoreOptions = configurationStoreOptions; } /// /// 移除指定的时间过期授权信息 /// /// Utc时间 ///public async Task RemoveExpireToken(DateTime dt) { using (var connection = new SqlConnection(_configurationStoreOptions.DbConnectionStrings)) { string sql = "delete from PersistedGrants where Expiration>@dt"; await connection.ExecuteAsync(sql, new { dt }); } } }}
有个清理的接口和实现,我们需要注入下实现builder.Services.AddTransient<IPersistedGrants, SqlServerPersistedGrants>();
using IdentityServer4.Dapper.Interfaces;using IdentityServer4.Dapper.Options;using Microsoft.Extensions.Logging;using System;using System.Threading;using System.Threading.Tasks;namespace IdentityServer4.Dapper.HostedServices{ ////// 金焰的世界 /// 2018-12-03 /// 清理过期Token方法 /// public class TokenCleanup { private readonly ILogger_logger; private readonly DapperStoreOptions _options; private readonly IPersistedGrants _persistedGrants; private CancellationTokenSource _source; public TimeSpan CleanupInterval => TimeSpan.FromSeconds(_options.TokenCleanupInterval); public TokenCleanup(IPersistedGrants persistedGrants, ILogger logger, DapperStoreOptions options) { _options = options ?? throw new ArgumentNullException(nameof(options)); if (_options.TokenCleanupInterval < 1) throw new ArgumentException("Token cleanup interval must be at least 1 second"); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _persistedGrants = persistedGrants; } public void Start() { Start(CancellationToken.None); } public void Start(CancellationToken cancellationToken) { if (_source != null) throw new InvalidOperationException("Already started. Call Stop first."); _logger.LogDebug("Starting token cleanup"); _source = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken); Task.Factory.StartNew(() => StartInternal(_source.Token)); } public void Stop() { if (_source == null) throw new InvalidOperationException("Not started. Call Start first."); _logger.LogDebug("Stopping token cleanup"); _source.Cancel(); _source = null; } private async Task StartInternal(CancellationToken cancellationToken) { while (true) { if (cancellationToken.IsCancellationRequested) { _logger.LogDebug("CancellationRequested. Exiting."); break; } try { await Task.Delay(CleanupInterval, cancellationToken); } catch (TaskCanceledException) { _logger.LogDebug("TaskCanceledException. Exiting."); break; } catch (Exception ex) { _logger.LogError("Task.Delay exception: {0}. Exiting.", ex.Message); break; } if (cancellationToken.IsCancellationRequested) { _logger.LogDebug("CancellationRequested. Exiting."); break; } ClearTokens(); } } public void ClearTokens() { try { _logger.LogTrace("Querying for tokens to clear"); //提取满足条件的信息进行删除 _persistedGrants.RemoveExpireToken(DateTime.UtcNow); } catch (Exception ex) { _logger.LogError("Exception clearing tokens: {exception}", ex.Message); } } }}
using IdentityServer4.Dapper.Options;using Microsoft.Extensions.Hosting;using System.Threading;using System.Threading.Tasks;namespace IdentityServer4.Dapper.HostedServices{ ////// 金焰的世界 /// 2018-12-03 /// 授权后端清理服务 /// public class TokenCleanupHost : IHostedService { private readonly TokenCleanup _tokenCleanup; private readonly DapperStoreOptions _options; public TokenCleanupHost(TokenCleanup tokenCleanup, DapperStoreOptions options) { _tokenCleanup = tokenCleanup; _options = options; } public Task StartAsync(CancellationToken cancellationToken) { if (_options.EnableTokenCleanup) { _tokenCleanup.Start(cancellationToken); } return Task.CompletedTask; } public Task StopAsync(CancellationToken cancellationToken) { if (_options.EnableTokenCleanup) { _tokenCleanup.Stop(); } return Task.CompletedTask; } }}
builder.Services.AddSingleton(); builder.Services.AddSingleton ();
在前面客户端授权中,我们增加dapper扩展的实现,来测试功能是否能正常使用,且使用SQL Server Profiler
services.AddIdentityServer() .AddDeveloperSigningCredential() //.AddInMemoryApiResources(Config.GetApiResources()) //.AddInMemoryClients(Config.GetClients()); .AddDapperStore(option=> { option.DbConnectionStrings = "Server=;Database=mpc_identity;User ID=sa;Password=bl123456;"; });
services.AddIdentityServer() .AddDeveloperSigningCredential() //.AddInMemoryApiResources(Config.GetApiResources()) //.AddInMemoryClients(Config.GetClients()); .AddDapperStore(option=> { option.DbConnectionStrings = "Server=*******;Database=mpc_identity;User ID=root;Password=*******;"; }).UseMySql();