堆栈内存溢出
  简体   繁体   English

在 azure 中设置 IdentityServer3

[英]setup IdentityServer3 in azure

 原文  2017-09-29 10:24:46       c#/ azure/ identityserver3

问题描述

I have setup IdentityServer3 locally and everything works fine.我在本地设置了 IdentityServer3,一切正常。 I am using JWT to authorize my users and have been able to successfully access my Web API controllers (with the authorize attribute).我正在使用 JWT 来授权我的用户并且已经能够成功访问我的 Web API 控制器(使用授权属性)。

When I uploaded to azure, although I can get an access token but when I try to access a controller, I get a 401 error.当我上传到 azure 时,虽然我可以获得访问令牌,但是当我尝试访问控制器时,我收到 401 错误。 I assume this is to do with the certificate.我认为这与证书有关。 My configuration looks like this:我的配置是这样的:

public static class Config
{

    /// <summary>
    /// Configures identity server
    /// </summary>
    public static void ConfigureIdentityServer(this IAppBuilder app, CormarConfig config)
    {

        // Create our options
        var identityServerOptions = new IdentityServerOptions
        {
            SiteName = "Cormar API",
            SigningCertificate = LoadCertificate(),
            IssuerUri = "https://localhost:44313",

            // Not needed
            LoggingOptions = new LoggingOptions
            {
                EnableHttpLogging = true,
                EnableWebApiDiagnostics = true,
                EnableKatanaLogging = true,
                WebApiDiagnosticsIsVerbose = true
            },

            // In membory crap just to get going
            Factory = new IdentityServerServiceFactory().Configure(config),         

            // Disable when live
            EnableWelcomePage = true
        };

        // Setup our auth path
        app.Map("/identity", idsrvApp =>
        {
            idsrvApp.UseIdentityServer(identityServerOptions);
        });
    }


    /// <summary>
    /// Configures the identity server to use token authentication
    /// </summary>
    public static void ConfigureIdentityServerTokenAuthentication(this IAppBuilder app, HttpConfiguration config)
    {
        app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "https://localhost:44313/identity",
            ValidationMode = ValidationMode.ValidationEndpoint,
            RequiredScopes = new[] { "api" }
        });

        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityServer3.Core.Constants.ClaimTypes.Subject;
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
    }

    /// <summary>
    /// Loads the certificate
    /// </summary>
    /// <returns></returns>
    private static X509Certificate2 LoadCertificate()
    {
        var certPath = $"{ AppDomain.CurrentDomain.BaseDirectory }App_Data\\idsrv3test.pfx";
        return new X509Certificate2(certPath, "idsrv3test");
    }

    /// <summary>
    /// Configure the identity service factory with custom services
    /// </summary>
    /// <returns></returns>
    private static IdentityServerServiceFactory Configure(this IdentityServerServiceFactory factory, CormarConfig config)
    {
        var serviceOptions = new EntityFrameworkServiceOptions { ConnectionString = config.SqlConnectionString };
        factory.RegisterOperationalServices(serviceOptions);
        factory.RegisterConfigurationServices(serviceOptions);

        factory.CorsPolicyService = new Registration<ICorsPolicyService>(new DefaultCorsPolicyService { AllowAll = true }); // Allow all domains to access authentication
        factory.Register(new Registration<DbContext>(dr => dr.ResolveFromAutofacOwinLifetimeScope<DbContext>()));
        factory.UserService = new Registration<IUserService>(dr => dr.ResolveFromAutofacOwinLifetimeScope<IUserService>());
        factory.ClientStore = new Registration<IClientStore>(dr => dr.ResolveFromAutofacOwinLifetimeScope<IClientStore>());
        factory.ScopeStore = new Registration<IScopeStore>(dr => dr.ResolveFromAutofacOwinLifetimeScope<IScopeStore>());

        return factory;
    }
}

I have been reading and it looks like if I use reference tokens, I don't need to use a certificate to sign them.我一直在阅读,看起来如果我使用参考令牌,我不需要使用证书来签署它们。 So I changed my client AccessTokenType to reference token and added the secret to the api scope and I was able to access my protected controllers locally, but again when I push to azure, I still get a 401.因此,我将我的客户端AccessTokenType更改为引用令牌并将秘密添加到api范围,并且我能够在本地访问受保护的控制器,但是当我再次推送到 azure 时,我仍然得到 401。

Does anyone know how I can solve this issue?有谁知道我该如何解决这个问题?

1 个解决方案

解决方案1
 1 已采纳  2017-09-29 14:04:08

Changing the settings for UseIdentityServerBearerTokenAuthentication was the solution to this.更改UseIdentityServerBearerTokenAuthentication的设置是解决此问题的方法。 I updated the options to this:我将选项更新为:

DelayLoadMetadata = true,

And it all started working.这一切都开始起作用了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为SSO设置Identityserver3 - setup Identityserver3 for SSO 如何为IdentityServer3设置MVC客户端 - How to setup an MVC client for IdentityServer3 Authorize标记上的角色和IdentityServer3客户端设置之间是什么关系? - What is the relationship between Roles on the Authorize tag and IdentityServer3 client setup 使用IdentityServer3进行Azure AD身份验证的本地帐户和选项 - Local account and option for Azure AD authentication using IdentityServer3 如何在Azure B2c中使用IdentityServer3或4作为自定义策略 - How to use IdentityServer3 or 4 in Azure B2c as custom policy 具有IdentityServer3 AccessTokenValidation的Identityserver4 - Identityserver4 with IdentityServer3 AccessTokenValidation IdentityServer3和JWT ValidateIssuerSigningKey - IdentityServer3 and JWT ValidateIssuerSigningKey 远程登录身份服务器3 - remote login identityserver3 IdentityServer3-异常处理 - IdentityServer3 - Exception handling 带ASP.NET核心客户端的IdentityServer3 - IdentityServer3 with aspnet core client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM