堆栈内存溢出
  简体   繁体   English

具有混合身份验证流程的客户端证书

[英]Client certificate with Hybrid Authentication Flow

 原文  2016-09-05 16:36:14       c#/ asp.net-mvc/ oauth-2.0/ identityserver3/ openid-connect

问题描述

I'm developing a authentication/authorization server with IdentityServer3 and everything worked fine until now. 我正在使用IdentityServer3开发身份验证/授权服务器,到目前为止一切正常。

I'm trying to verify the hybrid flow client by a X509Certificate instead of the hashed secret in the samples. 我正在尝试通过X509Certificate而不是样本中的哈希秘密来验证混合流客户端。

My question is: How do I configure the client application to send the certificate for the authentication flow? 我的问题是:如何配置客户端应用程序以发送身份验证流的证书?

I saw in the source code for X509CertificateSecretParser.cs in order to get the client certificate, the owin environment variable "ssl.ClientCertificate" must have a value, but I cannot find where this value is set, even in the Microsoft.Owin source code. 我在X509CertificateSecretParser.cs的源代码中看到,为了获取客户端证书,owin环境变量“ ssl.ClientCertificate”必须具有一个值,但是即使在Microsoft.Owin源代码中,我也找不到该值的设置位置。

I also try to use the certificate that I'm loading on the server as the SSL certificate for the client application, but this doesn't work too. 我还尝试将服务器上加载的证书用作客户端应用程序的SSL证书,但这也行不通。

Code for setup the client secret: 设置客户端密码的代码: 

[my client].ClientSecrets.Add(new Secret
{
    Value = Convert.ToBase64String(cert.Export(X509ContentType.Cert)),
    Type = Constants.SecretTypes.X509CertificateBase64
});

Code for setup de authentication of the client application: 用于设置客户端应用程序身份验证的代码: 

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = ...,
    Scope = ...,
    ClientId = ...,
    RedirectUri = ...,
    ResponseType = "code id_token token",
    ClientSecret = "" , //What should I do with this?
    SignInAsAuthenticationType = "Cookies",
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        RedirectToIdentityProvider = ...,
        AuthorizationCodeReceived = ...
    }
});

1 个解决方案

解决方案1
 0  2016-09-12 16:18:40

a) You need to enable client certificates on IIS - our host has this commented out: a)您需要在IIS上启用客户端证书-我们的主机对此注释掉了:

https://github.com/IdentityServer/IdentityServer3/blob/master/source/Host.Web/Web.config#L19 https://github.com/IdentityServer/IdentityServer3/blob/master/source/Host.Web/Web.config#L19

This will populate the OWIN SSL environment variable after a successful HTTPS handshake. 成功进行HTTPS握手后,这将填充OWIN SSL环境变量。

b) The OpenID Connect middleware will not automatically contact the token endpoint for you. b)OpenID Connect中间件不会自动为您联系令牌端点。 You need to do that manually. 您需要手动执行此操作。 This way you can configure the client cert to use. 这样,您可以配置要使用的客户端证书。 Here's a sample: 这是一个示例:

https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Program.cs#L26 https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Program.cs#L26

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有客户端机密的Identity Server 4混合流错误 - Identity Server 4 Hybrid Flow error with Client Secret 混合流客户端凭据 OAuth 2.0 - Hybrid Flow Client Credentials OAuth 2.0 具有客户端证书认证的SignalR - SignalR with Client Certificate Authentication WCF和客户端证书身份验证 - WCF and client certificate authentication 想要将混合流认证添加到SPA的(dotnet)后端 - Want to add Hybrid Flow Authentication to the (dotnet) backend of a SPA 使用Owin进行客户端证书认证 - Client Certificate Authentication using Owin 针对某些请求的客户端证书身份验证 - Client certificate authentication on certain requests IdentityServer调用API,其令牌已传递到MVC客户端,并带有混合流 - IdentityServer call API with token delivered to MVC client wit hybrid flow 身份服务器:在 MVC 客户端的混合流中添加对访问令牌的声明 - Identity Server: Add claims to access token in hybrid flow in MVC client WCF客户端具有客户端证书和基本身份验证 - WCF client with Client Certificate and Basic Authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM