堆栈内存溢出
  繁体   English   中英

使用IdentityServer3保护IdentityManager

[英]Secure IdentityManager with IdentityServer3

 原文  2016-02-28 00:41:51       asp.net/ thinktecture-ident-server/ identityserver3/ thinktecture/ identitymanager

问题描述

在我的设置中,我在IdentityServer的同一主机上具有IdentityManager。 所有必需的配置都在数据库上。

为了创建我的安装程序,我在stackoverflow.com上考虑了这个问题 ,然后关注了有关此github问题的所有相关讨论。

我还订阅了Gitter,以查找所提及的SO问题中提到的对话。 我的设置几乎与@ilter的设置相同。

但是就我而言,我不断

错误:您无权使用此服务。

通过查看日志,我没有发现任何错误,但似乎一切正常 

iisexpress.exe Information: 0 : 2016-02-28 01:15:48.578 +01:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.587 +01:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.588 +01:00 [Information] Redirecting to login page
2016-02-28 01:15:48.598 +01:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",\"ClientId\":\"idmgr_client\",\"AcrValues\":[],\"Created\":635922153485649371}"
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.636 +01:00 [Information] Login page requested
2016-02-28 01:15:48.657 +01:00 [Debug] signin message passed to login: "{
  \"ReturnUrl\": \"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",
  \"ClientId\": \"idmgr_client\",
  \"IdP\": null,
  \"Tenant\": null,
  \"LoginHint\": null,
  \"DisplayMode\": null,
  \"UiLocales\": null,
  \"AcrValues\": [],
  \"Created\": 635922153485649371
}"
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.676 +01:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.024 +01:00 [Information] Login page submitted
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.117 +01:00 [Information] Login credentials successfully validated by user service
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.123 +01:00 [Information] Calling PostAuthenticateAsync on the user service
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.127 +01:00 [Information] issuing primary signin cookie
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.131 +01:00 [Information] redirecting to: https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https:%2F%2Flocalhost:44304&response_mode=form_post&response_type=id_token&scope=openid idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request protocol validation
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.165 +01:00 [Information] "Authorize request validation success"
 "{
  \"ClientId\": \"idmgr_client\",
  \"ClientName\": \"IdentityManager\",
  \"RedirectUri\": \"https://localhost:44304\",
  \"AllowedRedirectUris\": [
    \"https://localhost:44304\"
  ],
  \"SubjectId\": \"8029ac3e-72cb-4fc9-907b-eb99feecbbd6\",
  \"ResponseType\": \"id_token\",
  \"ResponseMode\": \"form_post\",
  \"Flow\": \"Implicit\",
  \"RequestedScopes\": \"openid idmgr\",
  \"State\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\",
  \"Nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",
  \"SessionId\": \"3c7c7e15d39b88d0989e7051b02502bd\",
  \"Raw\": {
    \"client_id\": \"idmgr_client\",
    \"redirect_uri\": \"https://localhost:44304\",
    \"response_mode\": \"form_post\",
    \"response_type\": \"id_token\",
    \"scope\": \"openid idmgr\",
    \"state\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\",
    \"nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\"
  }
}"
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Creating Implicit Flow response.
2016-02-28 01:17:42.170 +01:00 [Debug] Creating identity token
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Getting claims for identity token for subject: 8029ac3e-72cb-4fc9-907b-eb99feecbbd6
2016-02-28 01:17:42.177 +01:00 [Debug] Creating JWT identity token
2016-02-28 01:17:42.189 +01:00 [Debug] Adding client "idmgr_client" to client list cookie for subject "8029ac3e-72cb-4fc9-907b-eb99feecbbd6"
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] Posting to https://localhost:44304
2016-02-28 01:17:42.190 +01:00 [Debug] Using DefaultViewService to render authorization response HTML
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.438 +01:00 [Information] User is authenticated from Cookies

有什么建议吗?

2 个解决方案

解决方案1
 2 已采纳  2016-02-28 06:19:02

可能您的用户没有角色: IdentityManagerAdministrator 在IdentityManager Web API配置中,我可以看到以下授权过滤器,其中管理员角色名称为IdentityManagerAdministrator。 

config.Filters.Add(new AuthorizeAttribute() { Roles = options.SecurityConfiguration.AdminRoleName });

尝试将该角色声明添加到您的登录用户,或更改过滤器以检查当前用户具有的其他任何角色。

解决方案2
 2  2016-03-21 02:13:12

看来您没有正确的管理员角色

您可以在SecurityConfiguration指定AdminRoleName 

app.Map("/idm", manageApp => {
    manageApp.UseIdentityManager(new IdentityManagerOptions {
        SecurityConfiguration = new HostSecurityConfiguration {
            // Identity Manager Role
            AdminRoleName = "IdmAdmin"
        }
    });
});

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用IdentityServer v3保护IdentityManager IdentityServer3 的 ASP.NET Identity 插件 UI (IdentityManager) 在部署到 Azure (WebApp) 后不起作用 UseIdentityServerBearerTokenAuthentication对IdentityServer3不起作用 IdentityServer3 xBehave测试 IdentityServer3 + AzureAD和RedirectUri混淆 IdentityServer3 - 客户端证书验证 使用没有密码的 IdentityServer3 生成访问令牌 Identityserver3在运行时获取和更改本地化 在IdentityServer3中注册新用户的API方法 为什么identityserver3没有返回刷新令牌?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM