【发布时间】:2019-04-09 22:06:40
【问题描述】:
当我尝试将我的 MVC asp .net 核心部署为客户端时,我在 azure 中部署了身份服务器。出现未经授权的客户端错误。我下面的配置有什么问题?
启动客户端 MVC
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options => {
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options => {
options.SignInScheme = "Cookies";
options.Authority = Configuration.GetValue<string>("server:identityurl");
options.RequireHttpsMetadata = false;
options.ClientId = Configuration.GetValue<string>("server:clientid");
options.ClientSecret = Configuration.GetValue<string>("server:clientsecret");
options.ResponseType = Configuration.GetValue<string>("server:responsetype");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add(Configuration.GetValue<string>("server:scope1"));
options.Scope.Add(Configuration.GetValue<string>("server:scope2"));
});
Appsetting.json & Appsetting.Development.Json
"server": {
"identityurl": "https://pdjayaauthapi.azurewebsites.net",
"clientid": "webapp2",
"clientsecret": "web123",
"responsetype": "code id_token",
"scope1": "masterdataapi",
"scope2": "offline_access"
}
身份服务器启动
public void ConfigureServices(IServiceCollection services)
{
var sqlConnectionString = Configuration.GetConnectionString("MySqlCon");
services.AddDbContext<PDJayaDB>(options =>
options.UseMySql(
sqlConnectionString,
b => b.MigrationsAssembly("PDJaya.Identity")
)
);
//my user repository
services.AddScoped<IUserRepository, UserRepository>();
services.AddSingleton<IConfiguration>(Configuration);
services.AddMvc();
// configure identity server with in-memory stores, keys, clients and resources
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers())
.AddProfileService<ProfileService>();
//Inject the classes we just created
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddTransient<IProfileService, ProfileService>();
}
这是我定义客户端 asp .net mvc 的身份服务器配置。
身份服务器配置
新客户
ClientId = "webapp2",
ClientName = "web with openid",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets =
{
new Secret("web123".Sha256())
},
RedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signin-oidc" },
PostLogoutRedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"masterdataapi",
"transactionapi"
},
AllowOfflineAccess = true
【问题讨论】:
-
身份服务器日志会有原因。查看或发布日志以获取更多帮助
-
你能教我怎么看日志吗?我的身份服务器在 azure 上作为应用服务运行。@Richard
-
如果您使用的是“code id_token”响应类型,请尝试将客户端设置为使用混合流而不是设置的隐式流。
-
我更改为 Hybridandclientcredential,现在我的错误请求无效,有什么建议吗?
标签: c# asp.net asp.net-mvc .net-core identityserver4