IdentityServer3 的 ASP.NET Identity 插件 UI (IdentityManager) 在部署到 Azure (WebApp) 后不起作用
[英]ASP.NET Identity plugin UI (IdentityManager) for IdentityServer3 not working after deploying to Azure (WebApp)
问题描述
I set-up IdentityServer3 to use ASP.NET Identity using the sample provided.
我使用提供的示例设置 IdentityServer3 以使用 ASP.NET Identity。 Everything works fine locally, I can access the Identity Manager UI via '/admin' and can add/remove users/roles.本地一切正常,我可以通过“/admin”访问 Identity Manager UI,并且可以添加/删除用户/角色。
However, when I deploy it to Azure and try to access it then nothing happens and takes me to an URL that looks like this: https://IdentityServer3/admin/authorize?state=11373557769572288&client_id=idmgr&response_type=token但是,当我将它部署到 Azure 并尝试访问它时,没有任何反应,并将我带到一个如下所示的 URL: https://IdentityServer3/admin/authorize?state=11373557769572288&client_id=idmgr&response_type=token
It works fine locally regardless if I use a local or remote (Azure SQL) database.无论我使用本地还是远程(Azure SQL)数据库,它都可以在本地正常工作。
IdentityManager automatically logs-in the local user on first access which I suspect might be an issue when accessing a remote server but I'm not sure how to customize/change this. IdentityManager 在第一次访问时自动登录本地用户,我怀疑这在访问远程服务器时可能是一个问题,但我不确定如何自定义/更改它。
The sample I used is here: https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/AspNetIdentity我使用的示例在这里: https : //github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/AspNetIdentity
1 个解决方案
解决方案1
2 已采纳 2016-04-19 16:41:23
Ok, in case someone else stumbles upon this the solution is to change IdentityManager's SecurityConfiguration to HostSecurityConfiguration and then either:好的,如果其他人偶然发现此问题,解决方案是将 IdentityManager 的 SecurityConfiguration 更改为HostSecurityConfiguration ,然后:
Manually implement a simple authentication mechanism like the one shown here: https://vimeo.com/125427106
手动实现一种简单的身份验证机制,如下所示: https : //vimeo.com/125427106or
或者Configure the IdentityManager like any other OIDC client.
像任何其他 OIDC 客户端一样配置 IdentityManager。 More details here: https://www.scottbrady91.com/ASPNET-Identity/Identity-Manager-using-ASPNET-Identity更多细节在这里: https : //www.scottbrady91.com/ASPNET-Identity/Identity-Manager-using-ASPNET-Identity
All of the above is necessary because by default the IdentityManager uses LocalhostSecurityConfiguration which only allows authentication via localhost .上述所有内容都是必需的,因为默认情况下 IdentityManager 使用LocalhostSecurityConfiguration ,它只允许通过localhost进行身份验证。
For the second option, the IdentityManager's SecurityConfiguration will end up looking like this:对于第二个选项,IdentityManager 的 SecurityConfiguration 最终将如下所示:
managerApp.UseIdentityManager(new IdentityManagerOptions()
{
SecurityConfiguration = new HostSecurityConfiguration
{
HostAuthenticationType = "cookies",
AdditionalSignOutType = "oidc",
NameClaimType = Constants.ClaimTypes.Name,
RoleClaimType = Constants.ClaimTypes.Role,
AdminRoleName = "IdentityManagerAdministrator" //default role name for IdentityManager
}
});
As a tip, if you're running the IdentityManager in the same web application as the IdentityServer itself then make sure you place the IdentityManager's authentication logic after the IdentityServer mapping and before the IdentityManager's mapping:作为提示,如果您在与 IdentityServer 本身相同的 Web 应用程序中运行 IdentityManager,请确保将 IdentityManager 的身份验证逻辑放在 IdentityServer 映射之后和 IdentityManager 映射之前:
app.Map("/identity", idsrvApp =>
//this sets IdentityManager to use IdentityServer as Idp
ConfigureIdentityManagerAuthentication(app);
app.Map("/manager", managerApp =>
If you place it before the IdentityServer's mapping then you will see an additional external 'OpenId' provider in the IdentityServer login page.如果您将它放在 IdentityServer 的映射之前,那么您将在 IdentityServer 登录页面中看到一个额外的外部“OpenId”提供者。 If you put it after the IdentityManager map then the authentication won't work.如果将它放在 IdentityManager 映射之后,则身份验证将不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.