如何配置在 .Net Framework 4.7.1 上运行的 mvc 客户端以使用在 .Net Core 上运行的 IdentityServer4 (3.1) 进行身份验证

Question

我不确定如何配置在 .Net Framework 4.7.1 上运行的 mvc 客户端，以使用在 .Net Core 上运行的 IdentityServer4 (3.1) 进行身份验证。

我之前已经针对 IdentityServer4 成功验证了运行在 .net core 上的客户端，但没有成功验证运行在 .Net Framework 上的客户端。很遗憾，我无法将此客户端升级到 .net 核心。

基本上，我不确定如何在 mvc 客户端上执行此操作：

public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();

        JwtSecurityTokenHandler.DefaultMapInboundClaims = false;

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = "Cookies";
            options.DefaultChallengeScheme = "oidc";
        })
        .AddCookie("Cookies")
        .AddOpenIdConnect("oidc", options =>
        {
            options.Authority = "https://myIdentityServer:4532";

            options.ClientId = "MVC_Net_Framework";
            options.ClientSecret = "mysecret";
            options.ResponseType = "code";
            
            options.Scope.Add("myScope");

            options.SaveTokens = true;
        });
    }

Answer 1

您需要使用 OwinStartup 类。在项目的根目录中添加部分类 Startup 为

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Cors;
using System.Web.Http;
using System.Web.Mvc;
using System.Configuration;
[assembly: OwinStartup(typeof(MCVAppNet7.Startup))]
namespace MCVAppNet7
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            var services = new ServiceCollection();

            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
            ConfigureAuth(app);

            // For Access-Control-Allow-Origin
            app.UseCors(CorsOptions.AllowAll);

        }
    }

}

之后在“App_Start”文件夹中创建一个新文件“Startup.Auth.cs”，并在其中创建部分启动类

using System.Configuration;
using Owin;
using Microsoft.Owin.Security.Cookies;
using IdentityServer3.AccessTokenValidation;
using System;

namespace MCVAppNet7
{
    public partial class Startup
    {
        public void ConfigureAuth(IAppBuilder app)
        {
            try
            {
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = "Cookies"
                });
                
                app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
                {
                    Authority = "",
                    ClientId = "",
                    AuthenticationType = "Bearer",
                    RequiredScopes = new[] { "" },
                    ValidationMode = "",
                    PreserveAccessToken = true,
                    RequireHttps = ""
                });
            }

            catch (Exception ex)
            {
                throw ex;
            }
        }
    }
}

从 NuGet 安装这些包

• Microsoft.Owin
• Microsoft.Owin.Security.OAuth
• Microsoft.Owin.Host.SystemWeb
• 身份模型
• IdentityServer3.Contrib.AccessTokenValidation

我正在使用 IdentityServer3.Contrib.AccessTokenValidation 它对我有用，但它可能适用于 IdentityServer4.AccessTokenValidation 和更多信息

• https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-startup-class-detection
• ASP.NET Web Api - Startup.cs doesn't exist
• https://github.com/IdentityServer/IdentityServer4/issues/4188