【问题标题】:OpenIdDict: Interactive user consent is required. AuthenticationScheme: OpenIddict.Server.AspNetCore was forbiddenOpenIdDict:需要交互式用户同意。 AuthenticationScheme:OpenIddict.Server.AspNetCore 被禁止
【发布时间】:2022-12-17 01:10:08
【问题描述】:

我有服务器和 Webassembly 客户端项目,客户端托管在服务器上。我的项目使用 OpenIDDict 身份验证。突然,当我尝试联系客户时,出现错误:Interactive user consent is required

我的Program.cs

using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Notes.Web.Server;
using Notes.Web.Server.Logging;
using Notes.Web.Server.Models;
using Notes.Web.Server.Models.Data;
using static OpenIddict.Abstractions.OpenIddictConstants;

#region WebApplication Builder

var builder = WebApplication.CreateBuilder(new WebApplicationOptions
{
    WebRootPath = "WebRoot",
    Args = args
});
builder.WebHost.ConfigureLogging(loggingBuilder =>
{
    loggingBuilder.ClearProviders();
    loggingBuilder.AddPrettyConsoleLogger();
});
builder.Services.AddHostedService<OAuthWorker>();

#endregion

#region Razor and MVC Setup

builder.Services.AddMvc();
builder.Services.AddRazorPages().AddRazorRuntimeCompilation();

#endregion

#region Database Setup

builder.Services.AddDbContext<PrettyNotesApplicationDBContext>(options =>
{
    //options.UseInMemoryDatabase("Server=(localdb)\\mssqllocaldb;Database=TestDB;Trusted_Connection=True;");
    options.UseSqlServer("****");
    options.UseOpenIddict();
}); 

#endregion

#region Identity Setup

builder.Services.AddIdentity<PNUser, IdentityRole>(options =>
{
    options.Password.RequiredLength = 8;
    options.Password.RequireNonAlphanumeric = false;
    options.Password.RequireDigit = true;
}).AddEntityFrameworkStores<PrettyNotesApplicationDBContext>().AddDefaultTokenProviders();

builder.Services.Configure<IdentityOptions>(options =>
{
    options.ClaimsIdentity.UserNameClaimType = Claims.Name;
    options.ClaimsIdentity.UserIdClaimType = Claims.Subject;
    options.ClaimsIdentity.RoleClaimType = Claims.Role;
});

builder.Services.PostConfigure<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme,
    opt =>
    {
        opt.LoginPath = "/auth/login";
        opt.LogoutPath = "/auth/logout";
    });

#endregion

#region OpenIdDict Setup

builder.Services.AddOpenIddict().AddCore(options =>
{
    options.UseEntityFrameworkCore().UseDbContext<PrettyNotesApplicationDBContext>();
}).AddServer(options =>
{
    options.SetAuthorizationEndpointUris("/connect/authorize")
        .SetLogoutEndpointUris("/connect/logout")
        .SetTokenEndpointUris("/connect/token")
        .SetUserinfoEndpointUris("/connect/userinfo");
    options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles, Scopes.OpenId);
    options.AddDevelopmentEncryptionCertificate().AddDevelopmentSigningCertificate();
    options.AllowAuthorizationCodeFlow()
        .AllowRefreshTokenFlow();
    options.UseAspNetCore()
        .EnableAuthorizationEndpointPassthrough()
        .EnableLogoutEndpointPassthrough()
        .EnableStatusCodePagesIntegration()
        .EnableTokenEndpointPassthrough();
}).AddValidation(options =>
{
    options.UseLocalServer();
    options.UseAspNetCore();
});

#endregion

builder.Services.AddRemoteAuthentication<RemoteAuthenticationState, RemoteUserAccount, OidcProviderOptions>();
builder.Services.AddScoped<AuthenticationStateProvider, RemoteAuthenticationService>()
    .AddScoped<SignOutSessionStateManager>()
    .AddTransient<IAccessTokenProvider, AccessTokenProvider>()
    .AddTransient<Microsoft.JSInterop.IJSRuntime, JSRuntime>();

var app = builder.Build();

if (app.Environment.IsDevelopment()) app.UseDeveloperExceptionPage();

app.UseRouting();

app.UseStaticFiles();
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
    endpoints.MapRazorPages();
    endpoints.MapFallbackToController("/client/{**segment}", "Index", "Client");
    endpoints.MapControllerRoute("Default", "{controller=Home}/{action=Index}/{id?}");
});

app.Run();

启动应用程序并访问客户端后,出现下一个错误:

[Information] - [0] - [OpenIddict.Server.OpenIddictServerDispatcher] - [2022-02-06] - [20:34:46]
        The authorization response was successfully returned to 'https://localhost:7000/client/security/oauth/login-callback' using the query response mode: {
  "error": "consent_required",
  "error_description": "Interactive user consent is required.",
  "error_uri": "https://documentation.openiddict.com/errors/ID2015",
  "state": "25b73e28b98140ae9f0b88267828fd68"
}.
[Information] - [13] - [OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler] - [2022-02-06] - [20:34:46]
        AuthenticationScheme: OpenIddict.Server.AspNetCore was forbidden.

这个错误是什么意思,如何解决?

【问题讨论】:

    标签: c# asp.net .net asp.net-core openid


    【解决方案1】:

    我猜你正在为你的数据库播种应用程序详细信息以进行身份​​验证。在OpenIddictApplicationDescriptor中有一个字段ConsentType必须设置为ConsentTypes.Implicit。它通常发生在库升级之后。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2016-07-26
      • 1970-01-01
      • 2015-04-03
      • 1970-01-01
      • 2016-07-06
      • 2016-09-29
      • 2012-11-14
      相关资源
      最近更新 更多