具有IdentityServer3 AccessTokenValidation的Identityserver4

Question

I have IdentityServer4 set up with a IdentityServer3.AccessTokenValidation(v2.13.0) web api. Maybe because the key isnt a 509x cert

The issue is that the web api is not authenticating with IdentityServer4.

WEB API startup.cs

public void Configuration(IAppBuilder app)
    {
        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "http://identity.positive.local:5000",
            RequiredScopes = new[] { "odbc" }
        });
    }

IdentityServer4 Startup.cs ( http://identity.positive.local:5000 )

  services.AddIdentityServer()
            .AddSigningCredential(key)
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());

IdentityServer4 Config.cs ( http://identity.positive.local:5000 )

 public class Config
{
    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
        };
    }

    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
            new ApiResource("api", "POSI_Master-API"),
            new ApiResource("odbc", "POSI_Odbc-API")
        };
    }
    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {

             new Client
            {
                ClientId = "js",
                ClientName = "JavaScript Client",
                AllowedGrantTypes = GrantTypes.Implicit,
                AllowAccessTokensViaBrowser = true,
                RequireConsent = false,
                RedirectUris = { "http://products.positive.local/auth" },
                PostLogoutRedirectUris = { "http://products.positive.local" },
                AllowedCorsOrigins = { "http://products.positive.local" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api",
                    "odbc"
                },
            }
        };
    }

}
}

EDIT:

Exception thrown: 'System.Reflection.ReflectionTypeLoadException' in mscorlib.dll iisexpress.exe Warning: 0 : Message='Exception thrown while getting types from 'Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.', Exception=System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information. at System.Reflection.RuntimeModule.GetTypes(RuntimeModule module) at System.Reflection.RuntimeModule.GetTypes() at System.Reflection.Assembly.GetTypes() at System.Web.Http.Tracing.Tracers.DefaultHttpControllerTypeResolverTracer.GetTypesAndTrace(Assembly assembly)

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="IdentityModel" version="1.13.1" targetFramework="net452" />
  <package id="IdentityServer3.AccessTokenValidation" version="2.14.0" targetFramework="net452" />
  <package id="Microsoft.AspNet.Cors" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi.Cors" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi.Tracing" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net452" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net452" />
  <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.3" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Logging" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net452" />
  <package id="Microsoft.IdentityModel.Tokens" version="5.1.3" targetFramework="net452" />
  <package id="Microsoft.Net.Compilers" version="2.0.1" targetFramework="net452" developmentDependency="true" />
  <package id="Microsoft.Owin" version="3.0.1" targetFramework="net452" />
  <package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net452" />
  <package id="Microsoft.Owin.Security.Jwt" version="3.0.1" targetFramework="net452" />
  <package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net452" />
  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net452" />
  <package id="Newtonsoft.Json" version="9.0.1" targetFramework="net452" />
  <package id="Owin" version="1.0" targetFramework="net452" />
  <package id="System.IdentityModel.Tokens.Jwt" version="5.1.3" targetFramework="net452" />
  <package id="System.Net.Http" version="4.3.1" targetFramework="net452" />
</packages>

Answer 1

There have been issues reported around a bug in HttpClient - try manually updating to System.Net.Http 4.3.1.

We also updated our packages yesterday.

This repo exercises various IS3/4 and API scenario permutations.

https://github.com/IdentityServer/CrossVersionIntegrationTests

Compare that with your scenario.