fix: rewrite jwt authentication configuration

aspnet-core/LINGYUN.MicroService.All.sln

@@ -742,6 +742,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.OpenApi.OpenIdd
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.TextTemplating.Scriban", "modules\text-templating\LINGYUN.Abp.TextTemplating.Scriban\LINGYUN.Abp.TextTemplating.Scriban.csproj", "{15482834-9242-4D20-9736-9DA571A9A83A}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LINGYUN.Abp.Claims.Mapping", "framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj", "{8A255A72-50FC-460E-9897-FA53F455580B}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -1892,6 +1894,10 @@ Global
 		{15482834-9242-4D20-9736-9DA571A9A83A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{15482834-9242-4D20-9736-9DA571A9A83A}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{15482834-9242-4D20-9736-9DA571A9A83A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8A255A72-50FC-460E-9897-FA53F455580B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8A255A72-50FC-460E-9897-FA53F455580B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8A255A72-50FC-460E-9897-FA53F455580B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8A255A72-50FC-460E-9897-FA53F455580B}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -2250,6 +2256,7 @@ Global
 		{FDAAAD2E-42A7-44EC-8971-B5277FD6D404} = {3C7A8246-DE82-4330-8697-24EF1B1C515D}
 		{ED3DF100-C5DB-4334-A847-118922B28D95} = {3C7A8246-DE82-4330-8697-24EF1B1C515D}
 		{15482834-9242-4D20-9736-9DA571A9A83A} = {ABD89F39-62D9-439E-8662-BE4F36BFA04F}
+		{8A255A72-50FC-460E-9897-FA53F455580B} = {9D1302BE-3886-49F8-B0CD-35D2AC1E5A37}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {C95FDF91-16F2-4A8B-A4BE-0E62D1B66718}

aspnet-core/LINGYUN.MicroService.TaskManagement.sln

@@ -154,7 +154,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.BackgroundTasks
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.TestsBase", "tests\LINGYUN.Abp.TestBase\LINGYUN.Abp.TestsBase.csproj", "{6CC06BD8-FA30-45E0-BD3A-25FF39906EF5}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LINGYUN.Abp.BackgroundTasks.Activities.Tests", "tests\LINGYUN.Abp.BackgroundTasks.Activities.Tests\LINGYUN.Abp.BackgroundTasks.Activities.Tests.csproj", "{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.BackgroundTasks.Activities.Tests", "tests\LINGYUN.Abp.BackgroundTasks.Activities.Tests\LINGYUN.Abp.BackgroundTasks.Activities.Tests.csproj", "{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Claims.Mapping", "framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj", "{34042B8E-B896-4E5E-A243-31E2802264CE}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -398,6 +400,10 @@ Global
 		{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07}.Release|Any CPU.Build.0 = Release|Any CPU
+		{34042B8E-B896-4E5E-A243-31E2802264CE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{34042B8E-B896-4E5E-A243-31E2802264CE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{34042B8E-B896-4E5E-A243-31E2802264CE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{34042B8E-B896-4E5E-A243-31E2802264CE}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -462,6 +468,7 @@ Global
 		{A8EFC95D-6700-4840-A7FD-1F5BF4D0C71C} = {77341F31-F54C-436A-AF8D-F78D91303C45}
 		{6CC06BD8-FA30-45E0-BD3A-25FF39906EF5} = {77341F31-F54C-436A-AF8D-F78D91303C45}
 		{3EBB4CA4-82C2-41C6-94C5-CB0D4D2B6D07} = {77341F31-F54C-436A-AF8D-F78D91303C45}
+		{34042B8E-B896-4E5E-A243-31E2802264CE} = {5A41C31A-B966-418B-B446-5BA1D7E61A62}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {E1FD1F4C-D344-408B-97CF-B6F1F6D7D293}

aspnet-core/LINGYUN.MicroService.WebhooksManagement.sln

@@ -145,6 +145,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.AspNetCore.Http
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Security", "framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj", "{8F11DADB-557A-4ECF-BEBB-19AFA71998A1}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Claims.Mapping", "framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj", "{047F892F-F8D2-4952-A1E9-93AA2B030F76}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -375,6 +377,10 @@ Global
 		{8F11DADB-557A-4ECF-BEBB-19AFA71998A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8F11DADB-557A-4ECF-BEBB-19AFA71998A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8F11DADB-557A-4ECF-BEBB-19AFA71998A1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{047F892F-F8D2-4952-A1E9-93AA2B030F76}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{047F892F-F8D2-4952-A1E9-93AA2B030F76}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{047F892F-F8D2-4952-A1E9-93AA2B030F76}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{047F892F-F8D2-4952-A1E9-93AA2B030F76}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -447,6 +453,7 @@ Global
 		{004CC7A9-92FF-4E98-8F1D-550D07CB47F0} = {FB7A9794-06D2-42CF-939E-4626497B97BD}
 		{0DFDAC71-BCB9-44CF-A44A-E8288E75246F} = {FB7A9794-06D2-42CF-939E-4626497B97BD}
 		{8F11DADB-557A-4ECF-BEBB-19AFA71998A1} = {FB7A9794-06D2-42CF-939E-4626497B97BD}
+		{047F892F-F8D2-4952-A1E9-93AA2B030F76} = {FB7A9794-06D2-42CF-939E-4626497B97BD}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {80ED12A5-C899-459F-A181-ADCC9D680DE5}

aspnet-core/LINGYUN.MicroService.Workflow.sln

@@ -163,6 +163,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.AspNetCore.Http
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Security", "framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj", "{E4783690-052A-4AB0-837E-BDBC77CC7EEC}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LINGYUN.Abp.Claims.Mapping", "framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj", "{1859E205-88DC-4E08-A0BD-55A045DCC495}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -437,6 +439,10 @@ Global
 		{E4783690-052A-4AB0-837E-BDBC77CC7EEC}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E4783690-052A-4AB0-837E-BDBC77CC7EEC}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E4783690-052A-4AB0-837E-BDBC77CC7EEC}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1859E205-88DC-4E08-A0BD-55A045DCC495}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1859E205-88DC-4E08-A0BD-55A045DCC495}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1859E205-88DC-4E08-A0BD-55A045DCC495}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1859E205-88DC-4E08-A0BD-55A045DCC495}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -511,6 +517,7 @@ Global
 		{CAE0492C-11A3-424C-8613-7DAB83E4FB60} = {AD002164-CFB4-4583-BF13-62C815009ADE}
 		{4D055853-DE80-4145-BB2F-33EB6B379F5E} = {6DA78E72-BA55-4ECF-97DB-6258174D3E2A}
 		{E4783690-052A-4AB0-837E-BDBC77CC7EEC} = {6DA78E72-BA55-4ECF-97DB-6258174D3E2A}
+		{1859E205-88DC-4E08-A0BD-55A045DCC495} = {6DA78E72-BA55-4ECF-97DB-6258174D3E2A}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {6BB7A5DE-DA12-44DC-BC9B-0F6CA524346F}

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/FodyWeavers.xml

@@ -0,0 +1,3 @@
+<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
+  <ConfigureAwait ContinueOnCapturedContext="false" />
+</Weavers>

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/FodyWeavers.xsd

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
+  <xs:element name="Weavers">
+    <xs:complexType>
+      <xs:all>
+        <xs:element name="ConfigureAwait" minOccurs="0" maxOccurs="1">
+          <xs:complexType>
+            <xs:attribute name="ContinueOnCapturedContext" type="xs:boolean" />
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="VerifyAssembly" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
+        <xs:annotation>
+          <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="GenerateXsd" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/LINGYUN.Abp.Claims.Mapping.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+	<Import Project="..\..\..\..\configureawait.props" />
+	<Import Project="..\..\..\..\common.props" />
+
+	<PropertyGroup>
+		<TargetFramework>netstandard2.0</TargetFramework>
+		<RootNamespace />
+	</PropertyGroup>
+
+	<ItemGroup>
+		<PackageReference Include="Volo.Abp.Security" />
+		<PackageReference Include="IdentityModel" />
+	</ItemGroup>
+
+</Project>

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/LINGYUN/Abp/Claims/Mapping/AbpClaimsMappingModule.cs

@@ -0,0 +1,13 @@
+using Volo.Abp.Modularity;
+using Volo.Abp.Security;
+
+namespace LINGYUN.Abp.Claims.Mapping;
+
+[DependsOn(typeof(AbpSecurityModule))]
+public class AbpClaimsMappingModule : AbpModule
+{
+    public override void PreConfigureServices(ServiceConfigurationContext context)
+    {
+        JwtClaimTypesMapping.MapAbpClaimTypes();
+    }
+}

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/LINGYUN/Abp/Claims/Mapping/JwtClaimTypesMapping.cs

@@ -0,0 +1,21 @@
+using IdentityModel;
+using Volo.Abp.Security.Claims;
+
+namespace LINGYUN.Abp.Claims.Mapping;
+
+public static class JwtClaimTypesMapping
+{
+    public static void MapAbpClaimTypes()
+    {
+        AbpClaimTypes.UserId = JwtClaimTypes.Subject;
+        AbpClaimTypes.Role = JwtClaimTypes.Role;
+        AbpClaimTypes.UserName = JwtClaimTypes.PreferredUserName;
+        AbpClaimTypes.Name = JwtClaimTypes.GivenName;
+        AbpClaimTypes.SurName = JwtClaimTypes.FamilyName;
+        AbpClaimTypes.PhoneNumber = JwtClaimTypes.PhoneNumber;
+        AbpClaimTypes.PhoneNumberVerified = JwtClaimTypes.PhoneNumberVerified;
+        AbpClaimTypes.Email = JwtClaimTypes.Email;
+        AbpClaimTypes.EmailVerified = JwtClaimTypes.EmailVerified;
+        AbpClaimTypes.ClientId = JwtClaimTypes.ClientId;
+    }
+}

aspnet-core/framework/security/LINGYUN.Abp.Claims.Mapping/README.md

@@ -0,0 +1,18 @@
+# LINGYUN.Abp.Claims.Mapping
+
+引入此模块解决*IdentityServer*身份令牌映射,需要配合 *MapInboundClaims* 使用   
+
+## 注意
+
+身份认证服务器使用 *OpenIddict* 时无需处理  
+
+## 配置使用
+
+
+```csharp
+[DependsOn(typeof(AbpClaimsMappingModule))]
+public class YouProjectModule : AbpModule
+{
+  // other
+}
+```

aspnet-core/modules/realtime-notifications/LINGYUN.Abp.Notifications.PushPlus/LINGYUN/Abp/Notifications/PushPlus/PushPlusNotificationPublishProvider.cs

@@ -50,7 +50,7 @@ public class PushPlusNotificationPublishProvider : NotificationPublishProvider
         if (!await FeatureChecker.IsEnabledAsync(PushPlusFeatureNames.Message.Enable))
         {
             Logger.LogWarning(
-                "{0} cannot push messages because the feature {0} is not enabled",
+                "{0} cannot push messages because the feature {1} is not enabled",
                 Name,
                 PushPlusFeatureNames.Message.Enable);
             return false;

aspnet-core/modules/realtime-notifications/LINGYUN.Abp.Notifications.WeChat.MiniProgram/LINGYUN/Abp/Notifications/WeChat/MiniProgram/WeChatMiniProgramNotificationPublishProvider.cs

@@ -33,10 +33,12 @@ namespace LINGYUN.Abp.Notifications.WeChat.MiniProgram
 
         protected async override Task<bool> CanPublishAsync(NotificationInfo notification, CancellationToken cancellationToken = default)
         {
-            if (!await FeatureChecker.IsEnabledAsync(WeChatMiniProgramFeatures.Messages.Enable))
+            if (!await FeatureChecker.IsEnabledAsync(true,
+                WeChatMiniProgramFeatures.Enable,
+                WeChatMiniProgramFeatures.Messages.Enable))
             {
                 Logger.LogWarning(
-                    "{0} cannot push messages because the feature {0} is not enabled",
+                    "{0} cannot push messages because the feature {1} is not enabled",
                     Name,
                     WeChatMiniProgramFeatures.Messages.Enable);
                 return false;

aspnet-core/modules/realtime-notifications/LINGYUN.Abp.Notifications.WeChat.Work/LINGYUN/Abp/Notifications/WeChat/Work/WeChatWorkNotificationPublishProvider.cs

@@ -1,9 +1,11 @@
 using LINGYUN.Abp.RealTime.Localization;
 using LINGYUN.Abp.WeChat.Work;
 using LINGYUN.Abp.WeChat.Work.Authorize;
+using LINGYUN.Abp.WeChat.Work.Features;
 using LINGYUN.Abp.WeChat.Work.Messages;
 using LINGYUN.Abp.WeChat.Work.Messages.Models;
 using Microsoft.Extensions.Localization;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using System;
 using System.Collections.Generic;
@@ -40,6 +42,21 @@ public class WeChatWorkNotificationPublishProvider : NotificationPublishProvider
         WeChatWorkOptions = weChatWorkOptions.CurrentValue;
     }
 
+    protected async override Task<bool> CanPublishAsync(NotificationInfo notification, CancellationToken cancellationToken = default)
+    {
+        if (!await FeatureChecker.IsEnabledAsync(true,
+            WeChatWorkFeatureNames.Enable,
+            WeChatWorkFeatureNames.Message.Enable))
+        {
+            Logger.LogWarning(
+                "{0} cannot push messages because the feature {1} is not enabled",
+                Name,
+                WeChatWorkFeatureNames.Message.Enable);
+            return false;
+        }
+        return true;
+    }
+
     protected async override Task PublishAsync(
         NotificationInfo notification, 
         IEnumerable<UserIdentifier> identifiers, 

aspnet-core/modules/realtime-notifications/LINGYUN.Abp.Notifications.WxPusher/LINGYUN/Abp/Notifications/WxPusher/WxPusherNotificationPublishProvider.cs

@@ -51,7 +51,9 @@ public class WxPusherNotificationPublishProvider : NotificationPublishProvider
 
     protected async override Task<bool> CanPublishAsync(NotificationInfo notification, CancellationToken cancellationToken = default)
     {
-        if (!await FeatureChecker.IsEnabledAsync(WxPusherFeatureNames.Message.Enable))
+        if (!await FeatureChecker.IsEnabledAsync(true,
+            WxPusherFeatureNames.Enable,
+            WxPusherFeatureNames.Message.Enable))
         {
             Logger.LogWarning(
                 "{0} cannot push messages because the feature {1} is not enabled",

aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.Configure.cs

@@ -440,17 +440,9 @@ public partial class AuthServerHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.cs

@@ -3,6 +3,7 @@ using LINGYUN.Abp.AspNetCore.HttpOverrides;
 using LINGYUN.Abp.AspNetCore.Mvc.Localization;
 using LINGYUN.Abp.AuditLogging.Elasticsearch;
 using LINGYUN.Abp.Authorization.OrganizationUnits;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Identity;
@@ -61,6 +62,7 @@ namespace LY.MicroService.AuthServer;
     typeof(AbpCachingStackExchangeRedisModule),
     typeof(AbpLocalizationCultureMapModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAutofacModule)
     )]
 public partial class AuthServerHttpApiHostModule : AbpModule

aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/LY.MicroService.AuthServer.HttpApi.Host.csproj

@@ -62,6 +62,7 @@
 		<ProjectReference Include="..\..\framework\localization\LINGYUN.Abp.Localization.CultureMap\LINGYUN.Abp.Localization.CultureMap.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/appsettings.Development.json

@@ -86,8 +86,10 @@
     "InstanceName": "LINGYUN.Abp.Application"
   },
   "AuthServer": {
-    "Authority": "http://127.0.0.1:44385",
-    "ApiName": "lingyun-abp-application"
+    "Authority": "http://127.0.0.1:44385/",
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "AuditLogging": {
     "Elasticsearch": {

aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs

@@ -391,21 +391,6 @@ public partial class AuthServerModule
     }
     private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
     {
-        //services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
-
-        //services.AddAuthentication()
-        //        .AddJwtBearer(options =>
-        //        {
-        //            options.Authority = configuration["AuthServer:Authority"];
-        //            options.RequireHttpsMetadata = false;
-        //            options.Audience = configuration["AuthServer:ApiName"];
-        //        });
-
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs

@@ -68,7 +68,6 @@ public partial class BackendAdminHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -471,16 +470,13 @@ public partial class BackendAdminHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
-            });
+                configuration.GetSection("AuthServer").Bind(options);
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
+                //options.Authority = configuration["AuthServer:Authority"];
+                //options.RequireHttpsMetadata = false;
+                //options.Audience = configuration["AuthServer:ApiName"];
+                //options.MapInboundClaims = false;
+            });
 
         if (!isDevelopment)
         {

aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs

@@ -6,6 +6,7 @@ using LINGYUN.Abp.Auditing;
 using LINGYUN.Abp.AuditLogging.Elasticsearch;
 using LINGYUN.Abp.CachingManagement;
 using LINGYUN.Abp.CachingManagement.StackExchangeRedis;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Data.DbMigrator;
 using LINGYUN.Abp.DataProtectionManagement;
 using LINGYUN.Abp.EventBus.CAP;
@@ -116,6 +117,7 @@ namespace LY.MicroService.BackendAdmin;
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAutofacModule)
     )]
 public partial class BackendAdminHttpApiHostModule : AbpModule

aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/LY.MicroService.BackendAdmin.HttpApi.Host.csproj

@@ -74,7 +74,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\common\LINGYUN.Abp.Sms.Aliyun\LINGYUN.Abp.Sms.Aliyun.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 		<ProjectReference Include="..\..\framework\wechat\LINGYUN.Abp.WeChat.SettingManagement\LINGYUN.Abp.WeChat.SettingManagement.csproj" />
 		<ProjectReference Include="..\..\framework\wx-pusher\LINGYUN.Abp.WxPusher.SettingManagement\LINGYUN.Abp.WxPusher.SettingManagement.csproj" />
 	</ItemGroup>

aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/appsettings.Development.json

@@ -67,8 +67,10 @@
     "InstanceName": "LINGYUN.Abp.Application"
   },
   "AuthServer": {
-    "Authority": "http://auth-server:44385/",
-    "ApiName": "lingyun-abp-application"
+    "Authority": "http://127.0.0.1:44385/",
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "Logging": {
     "Serilog": {

aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs

@@ -444,17 +444,9 @@ public partial class IdentityServerHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs

@@ -3,6 +3,7 @@ using LINGYUN.Abp.AspNetCore.Mvc.Localization;
 using LINGYUN.Abp.AspNetCore.Mvc.Wrapper;
 using LINGYUN.Abp.AuditLogging.Elasticsearch;
 using LINGYUN.Abp.Authorization.OrganizationUnits;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Http.Client.Wrapper;
@@ -60,6 +61,7 @@ namespace LY.MicroService.IdentityServer;
     typeof(AbpLocalizationCultureMapModule),
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
     typeof(AbpAutofacModule)
     )]

aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/LY.MicroService.identityServer.HttpApi.Host.csproj

@@ -71,6 +71,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/appsettings.Development.json

@@ -88,7 +88,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application"
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "AuditLogging": {
     "Elasticsearch": {

aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LY.MicroService.LocalizationManagement.HttpApi.Host.csproj

@@ -58,7 +58,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs

@@ -63,7 +63,6 @@ public partial class LocalizationManagementHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -379,10 +378,7 @@ public partial class LocalizationManagementHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
         if (isDevelopment)

aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/appsettings.Development.json

@@ -66,7 +66,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application"
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "AuditLogging": {
     "Elasticsearch": {

aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/LY.MicroService.PlatformManagement.HttpApi.Host.csproj

@@ -64,7 +64,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs

@@ -68,7 +68,6 @@ public partial class PlatformManagementHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -427,10 +426,7 @@ public partial class PlatformManagementHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
                 options.Events = new JwtBearerEvents
                 {
                     OnMessageReceived = context =>
@@ -447,11 +443,6 @@ public partial class PlatformManagementHttpApiHostModule
                 };
             });
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs

@@ -3,6 +3,7 @@ using LINGYUN.Abp.AspNetCore.Mvc.Localization;
 using LINGYUN.Abp.AspNetCore.Mvc.Wrapper;
 using LINGYUN.Abp.AuditLogging.Elasticsearch;
 using LINGYUN.Abp.Authorization.OrganizationUnits;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Data.DbMigrator;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Emailing;
@@ -89,6 +90,7 @@ namespace LY.MicroService.PlatformManagement;
     typeof(AbpLocalizationCultureMapModule),
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
     typeof(AbpAutofacModule)
     )]

aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/appsettings.Development.json

@@ -98,7 +98,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application"
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "AuditLogging": {
     "Elasticsearch": {

aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/LY.MicroService.RealtimeMessage.HttpApi.Host.csproj

@@ -66,7 +66,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 		<ProjectReference Include="..\..\framework\wechat\LINGYUN.Abp.Identity.WeChat.Work\LINGYUN.Abp.Identity.WeChat.Work.csproj" />
 		<ProjectReference Include="..\..\framework\wechat\LINGYUN.Abp.Identity.WeChat\LINGYUN.Abp.Identity.WeChat.csproj" />
 	</ItemGroup>

aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs

@@ -71,7 +71,6 @@ public partial class RealtimeMessageHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -483,10 +482,7 @@ public partial class RealtimeMessageHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
                 options.Events = new JwtBearerEvents
                 {
                     OnMessageReceived = context =>

aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs

@@ -6,6 +6,7 @@ using LINGYUN.Abp.Authorization.OrganizationUnits;
 using LINGYUN.Abp.BackgroundTasks.DistributedLocking;
 using LINGYUN.Abp.BackgroundTasks.ExceptionHandling;
 using LINGYUN.Abp.BackgroundTasks.Quartz;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Data.DbMigrator;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Notifications;
@@ -105,6 +106,7 @@ namespace LY.MicroService.RealtimeMessage;
     typeof(AbpCachingStackExchangeRedisModule),
     typeof(AbpLocalizationCultureMapModule),
     typeof(AbpHttpClientWrapperModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
     typeof(AbpAutofacModule)

aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/appsettings.Development.json

@@ -76,7 +76,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application"
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "Quartz": {
     "UsePersistentStore": false,

aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/LY.MicroService.TaskManagement.HttpApi.Host.csproj

@@ -59,7 +59,7 @@
 		<ProjectReference Include="..\..\framework\auditing\LINGYUN.Abp.AuditLogging.Elasticsearch\LINGYUN.Abp.AuditLogging.Elasticsearch.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 		<ProjectReference Include="..\..\framework\tenants\LINGYUN.Abp.MultiTenancy.Editions\LINGYUN.Abp.MultiTenancy.Editions.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
 	</ItemGroup>

aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs

@@ -65,7 +65,6 @@ public partial class TaskManagementHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -406,17 +405,9 @@ public partial class TaskManagementHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs

@@ -8,6 +8,7 @@ using LINGYUN.Abp.BackgroundTasks.ExceptionHandling;
 using LINGYUN.Abp.BackgroundTasks.Jobs;
 using LINGYUN.Abp.BackgroundTasks.Notifications;
 using LINGYUN.Abp.BackgroundTasks.Quartz;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Data.DbMigrator;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Emailing;
@@ -80,6 +81,7 @@ namespace LY.MicroService.TaskManagement;
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpCAPEventBusModule),
     typeof(AbpAutofacModule)
     )]

aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/appsettings.Development.json

@@ -95,10 +95,12 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application",
+    "Audience": "lingyun-abp-application",
     "Scopes": "lingyun-abp-application",
     "SwaggerClientId": "InternalServiceClient",
-    "SwaggerClientSecret": "1q2w3E*"
+    "SwaggerClientSecret": "1q2w3E*",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false
   },
   "Logging": {
     "Serilog": {

aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/LY.MicroService.WebhooksManagement.HttpApi.Host.csproj

@@ -59,7 +59,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\localization\LINGYUN.Abp.Localization.CultureMap\LINGYUN.Abp.Localization.CultureMap.csproj" />
 		<ProjectReference Include="..\..\framework\localization\LINGYUN.Abp.AspNetCore.Mvc.Localization\LINGYUN.Abp.AspNetCore.Mvc.Localization.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs

@@ -71,7 +71,6 @@ public partial class WebhooksManagementHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -468,15 +467,12 @@ public partial class WebhooksManagementHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
         if (isDevelopment)
         {
-            // services.AddAlwaysAllowAuthorization();
+            services.AddAlwaysAllowAuthorization();
         }
 
         if (!isDevelopment)

aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs

@@ -6,6 +6,7 @@ using LINGYUN.Abp.Authorization.OrganizationUnits;
 using LINGYUN.Abp.BackgroundTasks.DistributedLocking;
 using LINGYUN.Abp.BackgroundTasks.ExceptionHandling;
 using LINGYUN.Abp.BackgroundTasks.Quartz;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Dapr.Client.Wrapper;
 using LINGYUN.Abp.EventBus.CAP;
 using LINGYUN.Abp.ExceptionHandling.Emailing;
@@ -77,6 +78,7 @@ namespace LY.MicroService.WebhooksManagement;
     typeof(AbpSwashbuckleModule),
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpDaprClientWrapperModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
     typeof(AbpAutofacModule)

aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/appsettings.Development.json

@@ -97,7 +97,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application",
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false,
     "SwaggerClientId": "InternalServiceClient",
     "SwaggerClientSecret": "1q2w3E*"
   },

aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/LY.MicroService.WorkflowManagement.HttpApi.Host.csproj

@@ -66,7 +66,7 @@
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.Application\LINGYUN.Abp.Serilog.Enrichers.Application.csproj" />
 		<ProjectReference Include="..\..\framework\logging\LINGYUN.Abp.Serilog.Enrichers.UniqueId\LINGYUN.Abp.Serilog.Enrichers.UniqueId.csproj" />
 		<ProjectReference Include="..\..\framework\mvc\LINGYUN.Abp.AspNetCore.Mvc.Wrapper\LINGYUN.Abp.AspNetCore.Mvc.Wrapper.csproj" />
-		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Security\LINGYUN.Abp.Security.csproj" />
+		<ProjectReference Include="..\..\framework\security\LINGYUN.Abp.Claims.Mapping\LINGYUN.Abp.Claims.Mapping.csproj" />
 	</ItemGroup>
 
 	<ItemGroup>

aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs

@@ -73,7 +73,6 @@ public partial class WorkflowManagementHttpApiHostModule
 
     private void PreConfigureApp(IConfiguration configuration)
     {
-        JwtClaimTypesMapping.MapAbpClaimTypes();
         AbpSerilogEnrichersConsts.ApplicationName = ApplicationName;
 
         PreConfigure<AbpSerilogEnrichersUniqueIdOptions>(options =>
@@ -503,21 +502,13 @@ public partial class WorkflowManagementHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.RequireHttpsMetadata = false;
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.MapInboundClaims = false;
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
         //services.AddElsaJwtBearerAuthentication(options =>
         //{
         //});
 
-        if (isDevelopment)
-        {
-            // services.AddAlwaysAllowAuthorization();
-        }
-
         if (!isDevelopment)
         {
             var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);

aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs

@@ -8,6 +8,7 @@ using LINGYUN.Abp.BackgroundTasks.DistributedLocking;
 using LINGYUN.Abp.BackgroundTasks.ExceptionHandling;
 using LINGYUN.Abp.BackgroundTasks.Quartz;
 using LINGYUN.Abp.BlobStoring.OssManagement;
+using LINGYUN.Abp.Claims.Mapping;
 using LINGYUN.Abp.Data.DbMigrator;
 using LINGYUN.Abp.Elsa;
 using LINGYUN.Abp.Elsa.Activities;
@@ -82,6 +83,7 @@ namespace LY.MicroService.WorkflowManagement;
     typeof(AbpLocalizationCultureMapModule),
     typeof(AbpHttpClientWrapperModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
+    typeof(AbpClaimsMappingModule),
     typeof(AbpAspNetCoreMvcNewtonsoftModule),
     typeof(AbpAspNetCoreHttpOverridesModule),
     typeof(AbpAutofacModule)

aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/appsettings.Development.json

@@ -157,7 +157,9 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application",
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
+    "RequireHttpsMetadata": false,
     "Scopes": "lingyun-abp-application",
     "ElsaClientId": "InternalServiceClient",
     "SwaggerClientId": "InternalServiceClient",

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/Dockerfile

@@ -16,26 +16,27 @@ COPY . /app
 ## 如果数据提供者是SqlServer, 且兼容性版本在120及以下,需要手动取消注释.
 ## The version of connection SqlServer TLS is too high.
 ## If the data provider is SqlServer and the compatibility version is 120 and below, manual annotation needs to be cancelled.
-RUN sed -i 's/\[openssl_init\]/# \[openssl_init\]/g' /etc/ssl/openssl.cnf
-RUN sed -i '$a\[openssl_init]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\providers = provider_sect' /etc/ssl/openssl.cnf
-RUN sed -i '$a\ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
- 
-RUN sed -i '$a\[provider_sect]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\default = default_sect' /etc/ssl/openssl.cnf
-RUN sed -i '$a\legacy = legacy_sect' /etc/ssl/openssl.cnf
- 
-RUN sed -i '$a\[default_sect]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
- 
-RUN sed -i '$a\[legacy_sect]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
- 
-RUN sed -i '$a\[ssl_sect]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\system_default = system_default_sect' /etc/ssl/openssl.cnf
- 
-RUN sed -i '$a\[system_default_sect]' /etc/ssl/openssl.cnf
-RUN sed -i '$a\CipherString = DEFAULT:@SECLEVEL=0' /etc/ssl/openssl.cnf
+
+#RUN sed -i 's/\[openssl_init\]/# \[openssl_init\]/g' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\[openssl_init]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\providers = provider_sect' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
+ #
+#RUN sed -i '$a\[provider_sect]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\default = default_sect' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\legacy = legacy_sect' /etc/ssl/openssl.cnf
+ #
+#RUN sed -i '$a\[default_sect]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
+ #
+#RUN sed -i '$a\[legacy_sect]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\activate = 1' /etc/ssl/openssl.cnf
+ #
+#RUN sed -i '$a\[ssl_sect]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\system_default = system_default_sect' /etc/ssl/openssl.cnf
+ #
+#RUN sed -i '$a\[system_default_sect]' /etc/ssl/openssl.cnf
+#RUN sed -i '$a\CipherString = DEFAULT:@SECLEVEL=0' /etc/ssl/openssl.cnf
 
 ## 阿里源
 #RUN sed -i "s@http://deb.debian.org@http://mirrors.aliyun.com@g" /etc/apt/sources.list.d/debian.sources

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/PackageName.CompanyName.ProjectName.HttpApi.Host.csproj

@@ -17,18 +17,19 @@
 		<PackageReference Include="DotNetCore.CAP.RabbitMQ" />
 		<PackageReference Include="DotNetCore.CAP.OpenTelemetry" />
 		<PackageReference Include="LINGYUN.Abp.AspNetCore.HttpOverrides" />
+		<PackageReference Include="LINGYUN.Abp.AspNetCore.Mvc.Localization" />
+		<PackageReference Include="LINGYUN.Abp.AspNetCore.Mvc.Wrapper" />
 		<PackageReference Include="LINGYUN.Abp.AspNetCore.Mvc.Wrapper" />
+		<PackageReference Include="LINGYUN.Abp.AuditLogging.Elasticsearch" />
+		<PackageReference Include="LINGYUN.Abp.Data.DbMigrator" />
 		<PackageReference Include="LINGYUN.Abp.Dapr.Client.Wrapper" />
 		<PackageReference Include="LINGYUN.Abp.EventBus.CAP" />
 		<PackageReference Include="LINGYUN.Abp.ExceptionHandling.Emailing" />
+		<PackageReference Include="LINGYUN.Abp.Localization.CultureMap" />
+		<PackageReference Include="LINGYUN.Abp.LocalizationManagement.EntityFrameworkCore" />
 		<PackageReference Include="LINGYUN.Abp.Saas.EntityFrameworkCore" />
-		<PackageReference Include="LINGYUN.Abp.AuditLogging.Elasticsearch" />
-		<PackageReference Include="LINGYUN.Abp.Data.DbMigrator" />
 		<PackageReference Include="LINGYUN.Abp.Serilog.Enrichers.Application" />
 		<PackageReference Include="LINGYUN.Abp.Serilog.Enrichers.UniqueId" />
-		<PackageReference Include="LINGYUN.Abp.Localization.CultureMap" />
-		<PackageReference Include="LINGYUN.Abp.AspNetCore.Mvc.Localization" />
-		<PackageReference Include="LINGYUN.Abp.LocalizationManagement.EntityFrameworkCore" />
 		<PackageReference Include="LINGYUN.Abp.TextTemplating.EntityFrameworkCore" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.Tools">
 			<PrivateAssets>all</PrivateAssets>

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/ProjectNameHttpApiHostModule.Configure.cs

@@ -368,10 +368,7 @@ public partial class ProjectNameHttpApiHostModule
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {
-                options.Authority = configuration["AuthServer:Authority"];
-                options.Audience = configuration["AuthServer:ApiName"];
-                options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
-                options.MapInboundClaims = Convert.ToBoolean(configuration["AuthServer:MapInboundClaims"]);
+                configuration.GetSection("AuthServer").Bind(options);
             });
 
         if (!isDevelopment)
@@ -384,6 +381,30 @@ public partial class ProjectNameHttpApiHostModule
         }
     }
 
+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
     private void ConfigureWrapper()
     {
         Configure<AbpWrapperOptions>(options =>
@@ -391,22 +412,17 @@ public partial class ProjectNameHttpApiHostModule
             // 取消注释包装结果
             // options.IsEnabled = true;
         });
+    }
 
+    private void PreConfigureWrapper()
+    {
         Configure<AbpHttpClientBuilderOptions>(options =>
         {
             // http服务间调用发送不需要包装结果的请求头
-            options.ProxyClientBuildActions.Add(
-                (_, builder) =>
+            options.ProxyClientActions.Add(
+                (_, _, client) =>
                 {
-                    builder.ConfigureHttpClient((provider, client) =>
-                    {
-                        var wrapperOptions = provider.GetRequiredService<IOptions<AbpWrapperOptions>>();
-                        var wrapperHeader = wrapperOptions.Value.IsEnabled
-                            ? AbpHttpWrapConsts.AbpWrapResult
-                            : AbpHttpWrapConsts.AbpDontWrapResult;
-
-                        client.DefaultRequestHeaders.TryAddWithoutValidation(wrapperHeader, "true");
-                    });
+                    client.DefaultRequestHeaders.TryAddWithoutValidation(AbpHttpWrapConsts.AbpDontWrapResult, "true");
                 });
         });
 
@@ -420,28 +436,4 @@ public partial class ProjectNameHttpApiHostModule
                 });
         });
     }
-
-    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
-    {
-        services.AddCors(options =>
-        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
-            {
-                builder
-                    .WithOrigins(
-                        configuration["App:CorsOrigins"]
-                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
-                            .Select(o => o.RemovePostFix("/"))
-                            .ToArray()
-                    )
-                    .WithAbpExposedHeaders()
-                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
-                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
-                    .SetIsOriginAllowedToAllowWildcardSubdomains()
-                    .AllowAnyHeader()
-                    .AllowAnyMethod()
-                    .AllowCredentials();
-            });
-        });
-    }
 }

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/ProjectNameHttpApiHostModule.cs

@@ -68,6 +68,7 @@ public partial class ProjectNameHttpApiHostModule : AbpModule
         var configuration = context.Services.GetConfiguration();
 
         PreConfigureApp();
+        PreConfigureWrapper();
         PreConfigureFeature();
         PreConfigureCAP(configuration);
     }

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/appsettings.Development.json

@@ -101,7 +101,8 @@
   },
   "AuthServer": {
     "Authority": "http://127.0.0.1:44385/",
-    "ApiName": "lingyun-abp-application",
+    "Audience": "lingyun-abp-application",
+    "MapInboundClaims": false,
     "RequireHttpsMetadata": false,
     "SwaggerClientId": "InternalServiceClient",
     "SwaggerClientSecret": "1q2w3E*"