[英]Identity Server 4 (2.0) not reading Asp.Net Core Identity cookies
我正在尝试将Asp .Net Identity Core与Identity Server 4一起使用 。 我可以在日志(Ids)中看到用户已正确登录。
info:Xena.IdentityServer.Controllers.AccountController [0]用户登录。
我的登录控制器然后将用户发送到我的管理控制器。
[Route("[controller]/[action]")]
[Authorize]
//[Authorize(AuthenticationSchemes = "Identity.Application")]
public class ManageController : Controller
{
[HttpGet]
public async Task<IActionResult> Index(ManageMessageId? message = null)
{
.....
}
}
用户永远不会到达,因为登录因某种原因而丢失。
info: Microsoft.AspNetCore.Mvc.RedirectToActionResult[2]
Executing RedirectResult, redirecting to /Manage/Index.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Xena.IdentityServer.Controllers.AccountController.Login (Xena.IdentityServer) in 3493.6102ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 3515.9158ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request starting HTTP/1.1 GET http://localhost:5000/Manage/Index
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[2]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Xena.IdentityServer.Controllers.ManageController.Index (Xena.IdentityServer) in 46.2285ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 58.6793ms 401
我认为部分线索是这一行Authorization failed for user: (null). 我可以看到cookie在浏览器中。 它只是没有被阅读。
据我所知,身份服务器4有自己的cookie和Asp .Net核心身份有它,他们需要读取相同的cookie。 我尝试过使用ASP.NET核心标识,但它没有帮助。
在Identity Server项目中启动
//Adds Asp.net identity
services.AddDbContext<ApplicationDbContext>(builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection")));
// Configuer Asp.net Identity
services.AddIdentity<ApplicationUser, IdentityRole<long>>(config =>
{
config.Password.RequireDigit = true;
config.Password.RequireLowercase = true;
config.Password.RequireNonAlphanumeric = false;
config.Password.RequireUppercase = true;
config.Password.RequiredLength = 8;
config.User.RequireUniqueEmail = true;
config.SignIn.RequireConfirmedEmail = true;
config.SignIn.RequireConfirmedPhoneNumber = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager<ApplicationSignInManager>() // Adds custom SignIn manager.
.AddDefaultTokenProviders();
//https://identityserver4.readthedocs.io/en/release/topics/signin.html
services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityConstants.ApplicationScheme;
})
.AddGoogle("Google", options =>
{
options.AccessType = "offline";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "xxxxx-jvu30c2n19thoqimd97b4jk1r2poh17p.apps.googleusercontent.com";
options.ClientSecret = "g29nXgVoFZBIBNS-hJJxPWXW";
}).AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "OpenID Connect", options =>
{
options.SaveTokens = true;
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.RequireHttpsMetadata = settingsSetup.RequireHttpsMetadata;
options.Authority = settingsSetup.Authority;
options.ClientId = "testclient";
options.Scope.Add("testapi");
options.ResponseType = OpenIdConnectResponseType.IdTokenToken;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
services.AddIdentityServer()
.AddSigningCredential(LoadCertificate())
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection"),
sql => sql.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection"),
sql => sql.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>();
添加以下内容确实解决了我的manage / index问题。 但它不起作用,因为那时打开的Id连接登录不会工作,因为它使用Identity Server中的内部控制器进行身份验证,我不想重载。 我需要弄清楚如何让Identity Server 4使用Aspnet身份设置的cookie,反之亦然。
// [授权(AuthenticationSchemes =“Identity.Application”)]
这个解决方案来自我之前在Stack上提出的问题我已经开了一个新的问题,因为我倾向于这是身份服务器的设置问题,而不是身份cookie的问题
我终于在今天早上发现了问题。 部分问题是由于我有一个使用IdentityConstant cookie的自定义登录管理器。
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
})
需要设置DefaultAuthenticateScheme和DefaultChallengeScheme。 然后一切都按预期工作。
Asp.Net WebApi核心2.0身份与JWTBearer没有cookie
[英]Asp.Net WebApi Core 2.0 Identity With JWTBearer Without cookies
Identity Server 4, ASP.NET Core Identity and registration return url
[英]Identity Server 4, ASP.NET Core Identity and registration return url
Identity Server 4 Asp.Net Identity + EF Core 未播种
[英]Identity Server 4 Asp.Net Identity + EF Core not Seeding
ASP.NET Identity vs ASP.NET Identity Core:与 Identity Server 等的区别和用法?
[英]ASP.NET Identity vs ASP.NET Identity Core: Differences and Usage with Identity Server, etc.?
为什么要使用Identity Server和asp.net core 2在基于令牌的身份验证上使用cookie
[英]Why having cookies on token based authentication using Identity Server and asp.net core 2
在Controller中更改ASP.NET Core 2.0标识连接字符串
[英]Changing ASP.NET Core 2.0 Identity Connection String in Controller
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.