堆栈内存溢出
  简体   繁体   English

UnauthorizedAccessException消耗了需要访问令牌的API

[英]UnauthorizedAccessException consuming an API that requires access token

 原文  2018-09-28 14:50:31       asp.net-mvc/ authentication/ identityserver4/ openid-connect

问题描述

I'm developing an .netcore 1.1 MVC app, which is an Open ID Connect client using authorisation with IdentityServer4. 我正在开发.netcore 1.1 MVC应用程序,它是使用IdentityServer4授权的Open ID Connect客户端。 It also consumes an API that requires authorisation. 它还使用需要授权的API。

Currently, when the access token expires and a call is made to the API, I am experiencing an System.UnauthorizedAccessException 'attempted to perform an unauthorized operation'. 当前,当访问令牌到期并且调用了API时,我遇到了System.UnauthorizedAccessException “试图执行未经授权的操作”。

I cannot seem to figure out how to fix it. 我似乎无法弄清楚如何解决它。

This is how the client is configured (note the API is added to the Scope): 这是配置客户端的方式(注意,API已添加到作用域):

In the Startup.cs, I have registered the API I want to consume, as follows: 在Startup.cs中,我注册了要使用的API,如下所示: 

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions()
       {
           AuthenticationScheme = "oidc",
                SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
                Authority = identityServerServiceOptions.GetValue<string>("AuthorityUrl"),
                RequireHttpsMetadata = false,
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                ClientId = identityServerServiceOptions.GetValue<string>("ClientId"),
                ClientSecret = identityServerServiceOptions.GetValue<string>("ClientSecret"),
                GetClaimsFromUserInfoEndpoint = true,
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    NameClaimType = "name",
                    RoleClaimType = "role"
                },
                SaveTokens = true,

                Scope =
                {
                    "[APIName]",
                    "roles",
                    "offline_access"
                }
            });

The client has the following Scopes defined in the IdentityServer4 table 'ClientScopes': 客户端在IdentityServer4表“ ClientScopes”中定义了以下范围:

  • roles 角色
  • email 电子邮件
  • profile 轮廓
  • openid OpenID的
  • offline_access offline_access
  • [APIName] [APIName]

Also, [APIName] was added tot ApiResources, ApiClaims and ApiScopes. 此外,[APIName]已添加到ApiResources,ApiClaims和ApiScopes。

I already tried: 我已经尝试过:

  • Setting AllowOfflineAccess in Clients to 'true' 将客户端中的AllowOfflineAccess设置为“ true”
  • Setting UpdateAccessTokenClaimsOnRefresh in Clients to 'true' 将客户端中的UpdateAccessTokenClaimsOnRefresh设置为“ true”

1 个解决方案

解决方案1
 0 已采纳  2018-09-29 07:15:51

如果您的访问令牌过期,则需要使用您在登录期间获得的刷新令牌来续订。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 System.UnauthorizedAccessException:访问路径拒绝错误 - System.UnauthorizedAccessException: Access to the path denied error 手动授予访问令牌MVC Web API - Granting access token manually MVC Web API 如何在Web Api OAuth中获取访问令牌? - How to get access token in Web Api OAuth? Web API授权access_token验证 - Web API authorization access_token validation 消耗Web API和类信息 - Consuming Web API and class information 消耗.net中的Rest API时出错 - Error consuming rest API in .net 从Web API控制器获取Live SDK访问令牌 - Getting Live SDK Access Token from Web API Controller 获取访问令牌Asp.NET Web Api 2 - Get Access Token Asp.NET Web Api 2 我的web api服务需要访问令牌吗? - Do I need an access token for my web api service? 使用MVC从Google API获取访问令牌的困惑 - Confusion on getting access token from google api with mvc
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM