堆栈内存溢出
  简体   繁体   English

登录后,Identity Server 4 未重定向到 Angular 应用程序

[英]Identity Server 4 is not redirecting to Angular app after login

 原文  2019-03-07 14:30:40       angular/ authentication/ identityserver4/ asp.net-identity-2/ oidc-client-js

问题描述

I am using oidc-client in angular.我在 angular 中使用oidc-client following this Tutorial遵循本教程

import { UserManager, UserManagerSettings, User } from 'oidc-client';

My Client:我的客户:

export function getClientSettings(): UserManagerSettings {
return {
authority: 'https://localhost:44305/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile api1',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: false
};

In Identity Server I'm using Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0在身份服务器中,我使用的是Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0

I'm adding default identity like this:我正在添加这样的默认身份:

[assembly: 
HostingStartup(typeof(WebApp.Areas.Identity.IdentityHostingStartup))]
namespace WebApp.Areas.Identity 
{
   public class IdentityHostingStartup: IHostingStartup {
     public void Configure(IWebHostBuilder builder) {
       builder.ConfigureServices((context, services) => {
         services.AddDbContext < WebAppContext > (options =>
             options.UseSqlite(context.Configuration.GetConnectionString("WebAppContextConnection")));

         services.AddDefaultIdentity < WebAppUser > ()
            .AddEntityFrameworkStores < WebAppContext > ();
     });
    }
  }
}

WebAppUser is derived from IdentityUser WebAppUser派生自IdentityUser

Startup.cs:启动.cs:

public class Startup
{

    private ILogger<DefaultCorsPolicyService> _logger;
    private IHostingEnvironment _env;

    public Startup(ILoggerFactory loggerFactory, IHostingEnvironment env)
    {
        _logger = loggerFactory.CreateLogger<DefaultCorsPolicyService>();
        _env = env;
    }
    private static void SetupIdentityServer(IdentityServerOptions identityServerOptions)
    {
        identityServerOptions.UserInteraction.LoginUrl = new PathString("/Identity/Account/Login");
        //  identityServerOptions.Cors.CorsPolicyName = "CorsPolicy";
    }
    public void ConfigureServices(IServiceCollection services)
    {

        services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
        {
            builder
             .WithOrigins("https://localhost:44305")
            .AllowAnyOrigin()
                   .AllowAnyMethod()
                   .AllowAnyHeader();
        }));

        //  services.AddMvc();
        var cors = new DefaultCorsPolicyService(_logger)
        {
            AllowAll = true
        };

        var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "mycert.pfx"), "xxxxx");
        services.AddIdentityServer(SetupIdentityServer)//SetupIdentityServer
                 .AddSigningCredential(cert)
                 .AddInMemoryApiResources(Config.GetApiResources())
                 .AddInMemoryClients(Config.GetClients())
                 // .AddTestUsers(TestUsers.Users)
                 .AddInMemoryIdentityResources(Config.GetIdentityResources());
                 services.AddSingleton<ICorsPolicyService>(cors);

    }
    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        //loggerFactory.AddConsole();
        app.UseDeveloperExceptionPage();

        app.Map("/api", api =>
        {
            api.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
            api.UseAuthentication();

            api.Run(async context =>
            {
                var result = await context.AuthenticateAsync("api");
                if (!result.Succeeded)
                {
                    context.Response.StatusCode = 401;
                    return;
                }

                context.Response.ContentType = "application/json";
                await context.Response.WriteAsync(JsonConvert.SerializeObject("API Response!"));
            });
        });

        app.UseIdentityServer();

        app.UseStaticFiles();
        app.UseMvcWithDefaultRoute();

        //Run these PMC commands after this.
        //Add - Migration CreateIdentitySchema
        //Update - Database

    }
}

In identity server 4 i have enabled https .在身份服务器 4 中,我启用了https So the problem is that from my Angular app if i try to use a protected URL I'm navigated to identity serves login page.所以问题是,如果我尝试使用受保护的URL我会从我的 Angular 应用程序导航到身份服务登录页面。 Looks like it is authenticating properly against the user that is in database.看起来它正在针对数据库中的用户正确进行身份验证。 but then it just refreshes the login page and does not redirects to the callback URL .但随后它只会刷新登录页面,不会重定向到回调URL

here are some logs that might help这里有一些日志可能会有所帮助

2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] Starting IdentityServer4 version 2.3 .2 .0 2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] You are using the in -memory version of the persisted grant store.This will store consent decisions, authorization codes, refresh and reference tokens in memory only.If you are using any of those features in production, you want to switch to a different store implementation. 2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] 启动 IdentityServer4 版本 2.3 .2 .0 2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] 你正在使用内存版本持久授权存储。这将仅在内存中存储同意决定、授权代码、刷新和引用令牌。如果您在生产中使用这些功能中的任何一个,您希望切换到不同的存储实现。 2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] Using the default authentication scheme idsrv for IdentityServer 2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using idsrv as default ASP.NET Core scheme for authentication 2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using Identity.External as default ASP.NET Core scheme for sign - in 2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using Identity.External as default ASP.NET Core scheme for sign - out 2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as default ASP.NET Core scheme for challenge 2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as default ASP.NET Core scheme for forbid 2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS request made for path: /.well-known/openid - configuration from origin: http: //localhost:4200 2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll true, so origin: http: //localhost:4200 is allowed 2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] CorsPolicyService allowed origin: http: //localhost:4200 2019 - 03 2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] 使用 IdentityServer 的默认身份验证方案 idsrv 2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] 默认使用 ids.NET Corerv身份验证方案 2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] 使用 Identity.External 作为默认 ASP.NET Core 方案进行登录 - 2019 - 03 - 07 01: 19: 30.645 - 06: 00[ DBG] 使用 Identity.External 作为默认 ASP.NET Core 方案进行注销 2019-03-07 01:19:30.645-06:00[DBG] 使用 idsrv 作为默认 ASP.NET Core 方案进行挑​​战 2019-03-07 01: 19: 30.645 - 06: 00[DBG] 使用 idsrv 作为默认 ASP.NET Core 方案 forbid 2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS 请求为路径:/.well-已知/openid - 来自 origin 的配置:http://localhost:4200 2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll tr​​ue,所以 origin: http://localhost:4200 is allowed 2019 - 03 - 07 01:19:31.468 - 06:00[DBG] CorsPolicyService 允许来源:http://本地主机:4200 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Url: /Identity/Account / Login 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Return Url Parameter: ReturnUrl 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Logout Url: /Account/Logout 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Consent Return Url Parameter: returnUrl 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Url: /home/error 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Id Parameter: errorId 2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 31.550 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 31.553 - 06: 00[DBG] Request path / .well - known / openid - configuration matched to endpoint type Discovery 2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpo - 07 01: 19: 31.482 - 06: 00[DBG] 登录网址:/Identity/Account / Login 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] 登录返回网址参数:Return19rl -03 07 01: 19: 31.482 - 06: 00[DBG] 注销网址:/Account/Logout 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent 19 - 03019 : 31.482 - 06: 00[DBG] 同意返回 URL 参数:returnUrl 2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] 错误 URL:/home/error 2019 - 03 - 019:19:01 06: 00[DBG] 错误 ID 参数:errorId 2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票失败 2019 - 03 - 07:01:1.59 06:00[INF] idsrv 未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01:19:31.553 - 06:00[DBG] 请求路径/.well-known/openid-配置与端点类型发现匹配2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] 端点启用:发现,成功创建处理程序:IdentityServer4.Endpo ints.DiscoveryEndpoint 2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for / .well - known / openid - configuration 2019 - 03 - 07 01: 19: 31.576 - 06: 00[DBG] Start discovery request 2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 31.885 - 06: 00[DBG] Request path / connect / authorize matched to endpoint type Authorize 2019 - 03 - 07 01: 19: 31.893 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint 2019 - 03 - 07 01: 19: 31.893 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for / connect / authorize 2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] Start authorize request 2019 - 03 - 07 01: 19: 31.919 - 06: 00[ ints.DiscoveryEndpoint 2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] 调用 IdentityServer 端点:IdentityServer4.Endpoints.DiscoveryEndpoint for / .well -known / openid - configuration 2019 - 03 - 019:073: - 06: 00[DBG] 开始发现请求 2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01:19:5 -306。 00[INF] idsrv 未通过身份验证。失败消息:取消保护票证失败 2019-03-07 01:19:31.885-06:00[DBG] 请求路径/连接/授权匹配端点类型授权 2019-03-07 01: 19:31.893 - 06:00[DBG] 端点启用:授权,成功创建处理程序:IdentityServer4.Endpoints.AuthorizeEndpoint 2019 - 03 - 07 01:19:31.893 - 06:00[INF] 调用 IdentityEndpoints.AuthorizeEndpoint:IdentityServer4Endpoint for / connect / authorize 2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] 开始授权请求 2019 - 03 - 07 01: 19: 31.919 - 06: 00[ INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG] No user present in authorize request 2019 - 03 - 07 01: 19: 31.945 - 06: 00[DBG] Start authorize request protocol validation 2019 - 03 - 07 01: 19: 31.983 - 06: 00[DBG] client configuration validation for client angular_spa succeeded. INF] idsrv 未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG]授权请求中没有用户2019 - 03 - 07 01: 19: 30.945 - 00 [DBG] 开始授权请求协议验证 2019 - 03 - 07 01: 19: 31.983 - 06: 00 [DBG] 客户端angular_spa 的客户端配置验证成功。 2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator 2019 - 03 - 07 01: 19: 32.099 - 06: 00[INF] ValidatedAuthorizeRequest { "ClientId": "angular_spa", "ClientName": "Angular 4 Client", "RedirectUri": " http://localhost:4200/auth-callback ", "AllowedRedirectUris": [" http://localhost:4200/auth-callback ", " http://localhost:4200/silent-refresh.html "], "SubjectId": "anonymous", "ResponseType": "id_token token", "ResponseMode": "fragment", "GrantType": "implicit", "RequestedScopes": "openid profile api1", "State": "cd6df66e397546d3aab62533de28a2d2", "UiLocales": null, "Nonce": "8b3af6331d784e9a9cad076555f16174", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": { "client_id": "angular_spa", "redirect_uri": " http://localhost:4200/auth-callback ", "response_type": "id_token token", "scope": "openid profi 2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] 调用自定义验证器:IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator 2019 - 03 - 07 01: 19: 32.099 - 06: 06: 06: 验证客户端请求验证"angular_spa", "ClientName": "Angular 4 Client", "RedirectUri": " http://localhost:4200/auth-callback ", "AllowedRedirectUris": [" http://localhost:4200/auth-callback " , " http://localhost:4200/silent- refresh.html "], "SubjectId": "anonymous", "ResponseType": "id_token token", "ResponseMode": "fragment", "GrantType": "implicit" , "RequestedScopes": "openid profile api1", "State": "cd6df66e397546d3aab62533de28a2d2", "UiLocales": null, "Nonce": "8b3af6331d784e9a9cad076555f16e397546d3aab62533de28a2d2", "Nonce": "8b3af6331d784e9a9cad076555f16176555f16176555f16174", "DisplayProfessential", "NULL , "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": { "client_id": "angular_spa", "redirect_uri": " http://localhost:4200/auth-callback ", "response_type": "id_token token", "scope": "openid profi le api1", "state": "cd6df66e397546d3aab62533de28a2d2", "nonce": "8b3af6331d784e9a9cad076555f16174" }, "$type": "AuthorizeRequestValidationLog" } 2019 - 03 - 07 01: 19: 32.126 - 06: 00[INF] Showing login: User is not authenticated 2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 32.155 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 32.628 - 06: 00[INF] AuthenticationScheme: Identity.External signed out. le api1", "state": "cd6df66e397546d3aab62533de28a2d2", "nonce": "8b3af6331d784e9a9cad076555f16174" }, "$type": "AuthorizeRequestValidationLog: -019: -0301 登录:061019:06120101用户未通过身份验证 2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票失败 2019 - 03 - 07 01: 19: 32.155 - [INRF]0未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01:19:32.628 - 06:00[INF] AuthenticationScheme:Identity.External 已注销。 2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.517 - 06: 00[INF] AuthenticationScheme: Identity.Application signed in . 2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票失败 2019 - 03 - 07 01: 19: 40.844 - 06: 00.idsrv [INF 未通过身份验证失败消息:取消保护票证失败 2019 - 03 - 07 01:19:41.517 - 06:00[INF] AuthenticationScheme:Identity.Application 已登录。 2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] User logged in . 2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] 用户登录。 2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] Request path / connect / authorize / callback matched to endpoint type Authorize 2019 - 03 - 07 01: 19: 41.529 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint 2019 - 03 - 07 01: 19: 41.529 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for / connect / authorize / callback 2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] Start authorize callback request 2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] No user present in authorize request 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Start author 2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01: 19: 41.528 - 06: 00.idsrv [INF 未通过身份验证失败消息:取消保护票失败 2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] 请求路径/连接/授权/回调匹配端点类型授权 2019 - 03 - 07 01: 19: 41.529 - 06:0 [DBG] 端点启用:授权,成功创建处理程序:IdentityServer4.Endpoints.AuthorizeCallbackEndpoint 2019 - 03 - 07 01:19:41.529 - 06:00[INF] 调用 IdentityServer 端点:IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for / callback / authorize 2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] 开始授权回调请求 2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv is not authentication.Un19ticket message - 03 - 07 01: 19: 41.541 - 06: 00[DBG] 没有用户出现在授权请求中 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] 开始作者ize request protocol validation 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] client configuration validation for client angular_spa succeeded. ize 请求协议验证 2019-03-07 01:19:41.541-06:00[DBG] 客户端 angular_spa 的客户端配置验证成功。 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator 2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] ValidatedAuthorizeRequest { "ClientId": "angular_spa", "ClientName": "Angular 4 Client", "RedirectUri": " http://localhost:4200/auth-callback ", "AllowedRedirectUris": [" http://localhost:4200/auth-callback ", " http://localhost:4200/silent-refresh.html "], "SubjectId": "anonymous", "ResponseType": "id_token token", "ResponseMode": "fragment", "GrantType": "implicit", "RequestedScopes": "openid profile api1", "State": "cd6df66e397546d3aab62533de28a2d2", "UiLocales": null, "Nonce": "8b3af6331d784e9a9cad076555f16174", "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": null, "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": { "client_id": "angular_spa", "redirect_uri": " http://localhost:4200/auth-callback ", "response_type": "id_token token", "scope": "openid profi 2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] 调用自定义验证器:IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator 2019 - 03 - 07 01: 19: 41.541 - 06: 06:{06} 验证请求验证[验证客户端] "angular_spa", "ClientName": "Angular 4 Client", "RedirectUri": " http://localhost:4200/auth-callback ", "AllowedRedirectUris": [" http://localhost:4200/auth-callback " , " http://localhost:4200/silent- refresh.html "], "SubjectId": "anonymous", "ResponseType": "id_token token", "ResponseMode": "fragment", "GrantType": "implicit" , "RequestedScopes": "openid profile api1", "State": "cd6df66e397546d3aab62533de28a2d2", "UiLocales": null, "Nonce": "8b3af6331d784e9a9cad076555f16e397546d3aab62533de28a2d2", "Nonce": "8b3af6331d784e9a9cad076555f16176555f16176555f16174", "DisplayProfessential", "NULL , "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": { "client_id": "angular_spa", "redirect_uri": " http://localhost:4200/auth-callback ", "response_type": "id_token token", "scope": "openid profi le api1", "state": "cd6df66e397546d3aab62533de28a2d2", "nonce": "8b3af6331d784e9a9cad076555f16174" }, "$type": "AuthorizeRequestValidationLog" } 2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] Showing login: User is not authenticated 2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed 2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] AuthenticationScheme: Identity.External signed out. le api1", "state": "cd6df66e397546d3aab62533de28a2d2", "nonce": "8b3af6331d784e9a9cad076555f16174" }, "$type": "AuthorizeRequestValidationLog: -019" -0401 登录:0704019:040101用户未通过身份验证 2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv 未通过身份验证。失败消息:取消保护票失败 2019 - 03 - 07 01: 19: 41.553 - [INRF]0未通过身份验证。失败消息:取消保护票证失败 2019 - 03 - 07 01:19:41.553 - 06:00[INF] AuthenticationScheme:Identity.External 已注销。

sorry i tried to format the logs properly but didn't worked.抱歉,我试图正确格式化日志,但没有奏效。

UPDATE更新

my server side config looks like this我的服务器端配置是这样的

 public class Config
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
{
    new ApiResource("api1", "My API")
};
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
{
    new Client
    {

        ClientSecrets =
        {
            new Secret("superSecretPassword".Sha256())
        },


            ClientId = "angular_spa",
            ClientName = "Angular 4 Client",
            AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials ,  //implicit
            AllowedScopes = new List<string> { "openid", "profile", "userInfo", "api1" },

            //AllowedScopes = new List<string> { StandardScopes.OpenId, StandardScopes.Profile, StandardScopes.Email },
     RedirectUris = new List<string> {"http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"},
            PostLogoutRedirectUris = new List<string> { "http://localhost:4200/" },
            AllowedCorsOrigins = new List<string> { "http://localhost:4200" },
            AllowAccessTokensViaBrowser = true,
            Enabled = true,
            AllowOfflineAccess = true
    }
};
    }
    public static List<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
{
    new IdentityResources.OpenId(),
    new IdentityResources.Profile() // <-- usefull
};
    }
}

my project structure looks like this我的项目结构是这样的

在此处输入图片说明

it doesn't have any controllers.它没有任何控制器。 Should it have ?应该有吗?

UPDATE 2 looks like i figured out whats wrong.更新 2看起来我想出了什么问题。

The returnUrl is not resolving properly on the POST method. returnUrlPOST方法上没有正确解析。 it is coming as the complete URL .它将作为完整的URL if i force it to a proper return URL it works如果我强制它使用正确的返回URL它就可以工作

在此处输入图片说明

           var redirect_uri =  HttpUtility.ParseQueryString(returnUrl).Get("redirect_uri");

I did as above and used variable 'redirect_uri' in Redirect function.我如上所述并在重定向函数中使用了变量“redirect_uri”。 it works but it looks like a hack.它有效,但它看起来像一个黑客。 Should it automatically get the right thing ?它应该自动得到正确的东西吗?

with this i get 'No state in response' error on Angular side and oidc-client have no user after redirect.有了这个,我在 Angular 端出现“无响应状态”错误,重定向后oidc-client没有用户。

UPDATE更新

Looks like I'm using some different nuget package.看起来我正在使用一些不同的nuget包。 HttpContext.SignInAsync has following constructors. HttpContext.SignInAsync具有以下构造函数。

My HttpContext seems to be defined in我的HttpContext似乎定义在

Microsoft.AspNetCore.Mvc.RazorPages Microsoft.AspNetCore.Mvc.RazorPages

looks like i have wrong Nugets or something.看起来我有错误的 Nugets 或其他东西。 i am trying to supply a proper ClaimsPrincipal as well but not working.我也在尝试提供适当的 ClaimsPrincipal 但不起作用。

在此处输入图片说明

2 个解决方案

解决方案1
 1 已采纳  2019-03-10 13:55:40

I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri.我看到关于 returnUrl 和 redirect_uri 之间的区别有些混乱。 Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different).尽管最终目标是重定向到客户端的 redirect_uri,但在身份验证后,客户端必须实际重定向到授权端点以进行进一步处理(因此 url 不同的原因)。 You shouldn't need to change the returnUrl at all and can leave it the way it was.您根本不需要更改 returnUrl 并且可以保持原样。

The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication.您现在面临的问题是您在身份验证成功后没有调用HttpContext.SignInAsync The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. SignInAsync方法用于管理带有用户信息的 cookie,该 cookie 告诉 returnUrl 处的端点用户已成功通过身份验证,并且可以将令牌返回给 redirect_uri。 There are a lot of overloads for the SignInAsync , but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims) . SignInAsync有很多重载,但我发现最容易使用的是HttpContext.SignInAsync(string subject, params Claim[] claims) SignInAsync HttpContext.SignInAsync(string subject, params Claim[] claims) After doing this you should be able to finish the authentication.完成此操作后,您应该能够完成身份验证。

解决方案2
 -1  2019-03-12 10:25:38

Identity server configuration身份服务器配置

Set RedirectUris to your angular application hosted url.将 RedirectUris 设置为您的 Angular 应用程序托管 url。

Angular application角度应用

openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url; openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 身份服务器:在 Angular 中登录和注销后重定向? - Identity Server: Redirect after login and logout in Angular? Angular 5登录后未重定向 - Angular 5 not redirecting after login 登录身份服务器后无法重定向回 angular 客户端 - Cannot redirect back to angular client after login in identity server Angular 路由与登录身份服务器 - Angular routing with login to Identity server 使用angular2-meteor登录后重定向 - Redirecting after login with angular2-meteor 如何以角度重定向到身份服务器登录? - How to be redirected to identity server login in angular? Angular 2.0 Router.navigate登录后不重定向 - Angular 2.0 Router.navigate not redirecting after login 用户登录后,Angular 8 和 Firebase AuthGuard 仍重定向到登录 - Angular 8 & Firebase AuthGuard still redirecting to login after user logged in Angular Authgaurd 登录后不重定向或强制应用程序到主页 - Angular Authgaurd not redirecting or forcing application to home page after login 登录并订阅成功后重定向到新的 Angular 应用程序 - Redirecting To a New Angular Application After Login and Subscription Success
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM