[英]ASP.NET Core 3.1 MVC AddOpenIDConnect with IdentityServer3
Any help on this issue would be much appreciated.对这个问题的任何帮助将不胜感激。 I have wasted days on the matter.
我在这件事上浪费了好几天。
Authenticating an ASP.NET Core 3.1 MVC app with IdentityServer3 is causing a runtime error.使用 IdentityServer3 对 ASP.NET Core 3.1 MVC 应用程序进行身份验证会导致运行时错误。 The Identity server is returning an error
身份服务器返回错误
The client application is not known or is not authorized
客户端应用程序未知或未经授权
instead of a login screen.而不是登录屏幕。 We have an ASP.NET MVC 5 app and an ASP.NET Core API that works fine with the identity server.
我们有一个 ASP.NET MVC 5 应用程序和一个 ASP.NET Core API,可以很好地与身份服务器配合使用。
My approach has been to rewrite the ASP.NET MVC 5 code in .NET Core.我的方法是在 .NET Core 中重写 ASP.NET MVC 5 代码。 I have done the best that I can without being able to find any documentation on how to do such a translation.
我已尽力而为,却找不到任何有关如何进行此类翻译的文档。 Please see my code snippets below for details.
有关详细信息,请参阅下面的代码片段。
Working ASP.NET MVC 5 code:工作 ASP.NET MVC 5 代码:
//***
//commented all code that was not needed to get login screen to show up
//***
public void Configuration(IAppBuilder app)
{
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
ExpireTimeSpan = new TimeSpan(0, 300, 0),
SlidingExpiration = true
});
var clientBaseUrl = ConfigurationManager.AppSettings[ClientBaseUrlKey];
var identityServerBaseUrl = ConfigurationManager.AppSettings[IdentityServerBaseUrlKey];
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = identityServerBaseUrl,
ClientId = WebSettings.ClientId,
ResponseType = "code id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false//,
RedirectUri = $"{clientBaseUrl}/",
//PostLogoutRedirectUri = clientBaseUrl,
//Scope = "openid profile roles admin_certpay",
//Notifications = new OpenIdConnectAuthenticationNotifications
//{
...removed for brevity... }); ...为简洁起见删除... }); }
}
Problematic ASP.NET Core 3.1 MVC code:有问题的 ASP.NET Core 3.1 MVC 代码:
public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = "Cookies";
}).AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
{
o.Authority = "http://localhost/identity/";
o.ClientId = "actual value used here";
o.ResponseType = "code id_token token";
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.UseTokenLifetime = false;
//start - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.SignedOutRedirectUri = "http://localhost/CertPay.Admin/";
o.ReturnUrlParameter = "http://localhost/CertPay.Admin/";
//end - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.RequireHttpsMetadata = false; //fix to runtime error
});
//Played with Core API fix for the hell of it.
//.AddIdentityServerAuthentication(o =>
//{
// o.Authority = "http://localhost/identity/";
// //o.ApiName = "actual value here";
// o.LegacyAudienceValidation = true;
// o.RequireHttpsMetadata = true;
//});
}
The answer provided by Pedro The Kid on this thread solved my problem. Pedro The Kid 在此线程上提供的答案解决了我的问题。 The removal of the RedirectUri attribute can be compensated for by adding an event listener.
可以通过添加事件侦听器来补偿 RedirectUri 属性的移除。 For your convenience, an excerpt from Pedro's follows:
为了您的方便,佩德罗的摘录如下:
x.Events.OnRedirectToIdentityProvider = async n =>
{
n.ProtocolMessage.RedirectUri = <Redirect URI string>;
await Task.FromResult(0);
}
Edit: The above solution actual caused an endless loop of the login page loading a bunch of times.编辑:上述解决方案实际导致登录页面无限循环加载多次。 The following solution did not cause that problem:
以下解决方案不会导致该问题:
o.CallbackPath = "/home/index/";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.