[英]response.Error “Forbidden” in IdentityServer3 Flows.ClientCredentials
I'm having a Client in my IdentityServer3 我的IdentityServer3中有一个客户端
new Client
{
ClientName = "Client Credentials Flow Client With Certificate",
Enabled = true,
ClientId = "cc.WithCertificate",
Flow = Flows.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret
{
Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29",
Type = Constants.SecretTypes.X509CertificateThumbprint,
Description = "Client Certificate"
},
},
AllowedScopes = new List<string>
{
"read"
}
},
In Client Windows Form application I'm using "Client.pfx" downloaded from the URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx 在Client Windows Form应用程序中,我使用的是从URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx下载的“ Client.pfx”
The Client Certificate has the ThumbPrint 客户端证书具有ThumbPrint
Thumbprint = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29"
The Client Code is 客户代码为
var cert = new X509Certificate2("Client.pfx");
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);
string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];
var client = new TokenClient(
tokenEndPoint,
"cc.WithCertificate",
handler);
// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;
I did the configuration as specified in https://identityserver.github.io/Documentation/docsv2/advanced/clientCerts.html 我进行了https://identityserver.github.io/Documentation/docsv2/advanced/clientCerts.html中指定的配置
<location path="core/connect/token">
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
</security>
</system.webServer>
</location>
Initially its gives me the Internal Server Error
, later I changed the following mode to " Allow
" 最初它给我
Internal Server Error
,后来我将以下模式更改为“ Allow
”
File Path: C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config
文件路径:
C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config
<section name="access" overrideModeDefault="Deny" />
to 至
<section name="access" overrideModeDefault="Allow" />
Later its the response is coming with an Error Status Code: response.Error ="Forbidden"
稍后其响应将带有错误状态代码:
response.Error ="Forbidden"
Here with I have attached the Snapshot of Response Object 在此附上响应对象的快照
Kindly assist me how to fix this issue and get the AccessToken using ClientCertificate. 请协助我解决此问题并使用ClientCertificate获取AccessToken。
You are using the " Client.pfx
" Certificate in the Client side and your are passing the same to the IdentityServer through HTTP Request
. 您正在客户端使用“
Client.pfx
”证书,并且正在通过HTTP Request
将其传递给IdentityServer。
The said certificate has a Root Certificate namely " DevRoot
", it should be in the said Trusted Root Certification Authorities
otherwise the IIS should not allow the request and return back with status code 403 Forbidden
. 所述证书具有名为“
DevRoot
”的根证书,它应位于所述Trusted Root Certification Authorities
否则IIS不应允许该请求并返回状态代码403 Forbidden
。
Kindly have a look into the snapshot and it shows the information of " Client.pfx
" 请看一下快照,其中显示了“
Client.pfx
”的信息
So, ensure the " DevRoot
" is installed in the " Trusted Root Certification Authorities
" 因此,请确保在“
Trusted Root Certification Authorities
”中安装了“ DevRoot
”
If not there kindly download the " DevRoot.cer
" and Import the same in the said path (ie, Trusted Root Certification Authorities
). 如果没有,请下载“
DevRoot.cer
”,然后在上述路径中导入该文件(即Trusted Root Certification Authorities
)。
DevRoot.cer download URL: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer DevRoot.cer下载URL: https : //github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.