response.IdentityServer3 Flows.ClientCredentials中的“禁止”错误
[英]response.Error “Forbidden” in IdentityServer3 Flows.ClientCredentials
问题描述
I'm having a Client in my IdentityServer3 
我的IdentityServer3中有一个客户端
new Client
{
ClientName = "Client Credentials Flow Client With Certificate",
Enabled = true,
ClientId = "cc.WithCertificate",
Flow = Flows.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret
{
Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29",
Type = Constants.SecretTypes.X509CertificateThumbprint,
Description = "Client Certificate"
},
},
AllowedScopes = new List<string>
{
"read"
}
},
In Client Windows Form application I'm using "Client.pfx" downloaded from the URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx 在Client Windows Form应用程序中,我使用的是从URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx下载的“ Client.pfx”
The Client Certificate has the ThumbPrint 客户端证书具有ThumbPrint
Thumbprint = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29"
The Client Code is 客户代码为
var cert = new X509Certificate2("Client.pfx");
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);
string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];
var client = new TokenClient(
tokenEndPoint,
"cc.WithCertificate",
handler);
// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;
I did the configuration as specified in https://identityserver.github.io/Documentation/docsv2/advanced/clientCerts.html 我进行了https://identityserver.github.io/Documentation/docsv2/advanced/clientCerts.html中指定的配置
<location path="core/connect/token">
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
</security>
</system.webServer>
</location>
Initially its gives me the Internal Server Error , later I changed the following mode to " Allow " 最初它给我Internal Server Error ,后来我将以下模式更改为“ Allow ”
File Path: C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config 文件路径: C:\\Windows\\System32\\inetsrv\\config\\applicationHost.config
<section name="access" overrideModeDefault="Deny" />
to 至
<section name="access" overrideModeDefault="Allow" />
Later its the response is coming with an Error Status Code: response.Error ="Forbidden" 稍后其响应将带有错误状态代码: response.Error ="Forbidden"
Here with I have attached the Snapshot of Response Object 在此附上响应对象的快照
Kindly assist me how to fix this issue and get the AccessToken using ClientCertificate. 请协助我解决此问题并使用ClientCertificate获取AccessToken。
1 个解决方案
解决方案1
0 已采纳
You are using the " Client.pfx " Certificate in the Client side and your are passing the same to the IdentityServer through HTTP Request . 您正在客户端使用“ Client.pfx ”证书,并且正在通过HTTP Request将其传递给IdentityServer。
The said certificate has a Root Certificate namely " DevRoot ", it should be in the said Trusted Root Certification Authorities otherwise the IIS should not allow the request and return back with status code 403 Forbidden . 所述证书具有名为“ DevRoot ”的根证书,它应位于所述Trusted Root Certification Authorities否则IIS不应允许该请求并返回状态代码403 Forbidden 。
Kindly have a look into the snapshot and it shows the information of " Client.pfx " 请看一下快照,其中显示了“ Client.pfx ”的信息
So, ensure the " DevRoot " is installed in the " Trusted Root Certification Authorities " 因此,请确保在“ Trusted Root Certification Authorities ”中安装了“ DevRoot ”
If not there kindly download the " DevRoot.cer " and Import the same in the said path (ie, Trusted Root Certification Authorities ). 如果没有,请下载“ DevRoot.cer ”,然后在上述路径中导入该文件(即Trusted Root Certification Authorities )。
DevRoot.cer download URL: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer DevRoot.cer下载URL: https : //github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.