堆栈内存溢出
  繁体   English   中英

声明为空,用户未在 AuthorizationHandlerContext 的 HandleRequirement 中通过 Duende 身份服务器进行身份验证

[英]Claims is empty and user is not Authenticated in HandleRequirement of AuthorizationHandlerContext with Duende identity server

 原文  2022-05-02 11:31:59       c#/ asp.net/ asp.net-core/ identityserver4/ duende-identity-server

问题描述

我将 Asp.net 核心 6 与 Duenda 身份服务器一起使用

程序.cs

var builder = WebApplication.CreateBuilder(args);
ConfigurationManager serviceConfiguration = builder.Configuration;
builder.Services.ConfigureIdentityServer(serviceConfiguration);

services.AddAuthentication(AuthorizePolicy.TokenSchema)
                .AddJwtBearer(AuthorizePolicy.TokenSchema, options =>
                {
                    options.Authority = "https://localhost:5001";
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateAudience = false
                    };
                });

var app = builder.Build();

app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();

现在在处理程序中,声明是空的。 该请求中包含 Bearer 令牌。

   public class IdentityServerUserClaimHandler : AuthorizationHandler<IdentityServerUserClaimRequirement>
    {
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
            IdentityServerUserClaimRequirement requirement)
        {
            if (context.User.HasClaim(c => c.Type == requirement.ClaimType &&
                                           c.Value == requirement.ClaimValue))
                context.Succeed(requirement);
            return Task.CompletedTask;
        }
    }

在此处输入图像描述

访问令牌编码来自 jwt.io

{
  "iss": "https://localhost:5001",
  "nbf": 1651574541,
  "iat": 1651574541,
  "exp": 1651574741,
  "scope": [
    "openid",
    "profile",
    "email"
  ],
  "amr": [
    "pwd"
  ],
  "client_id": "Falcon_Identity_Server",
  "sub": "9717a359-f83b-43b3-97b3-2f04f1148988",
  "auth_time": 1651574539,
  "idp": "local",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9717a359-f83b-43b3-97b3-2f04f1148988",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@local.com",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "admin@local.com",
  "AspNet.Identity.SecurityStamp": "1999ca9c-398d-4ffe-907a-b1f1b5e8cbfe",
  "identityserver": "owner",
  "fb_product": "owner",
  "fb_order": "owner",
  "fb_payment": "owner",
  "sid": "716EA1A6F89D0A014DDCE43B5B66190F",
  "jti": "6417334FFDDB45054A77348952135CE4"
}

更新

删除令牌架构,现在我只有 cookies 架构如下

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);

app.UseCookiePolicy();

来自身份服务器的日志

2022-05-05 18:21:45.905 +10:00 [INF] Starting Duende IdentityServer version 6.1.0-preview.3+6a45df770da336604801bddca593a902f1ccb802 (.NET 6.0.3)
2022-05-05 18:21:45.924 +10:00 [WRN] You do not have a valid license key for the Duende software. This is allowed for development and testing scenarios. If you are running in production you are required to have a licensed version. Please start a conversation with us: https://duendesoftware.com/contact
2022-05-05 18:21:45.931 +10:00 [INF] Using the default authentication scheme Cookies for IdentityServer
2022-05-05 18:21:45.931 +10:00 [DBG] Using Cookies as default ASP.NET Core scheme for authentication
2022-05-05 18:21:45.931 +10:00 [DBG] Using Cookies as default ASP.NET Core scheme for sign-in
2022-05-05 18:21:45.931 +10:00 [DBG] Using Cookies as default ASP.NET Core scheme for sign-out
2022-05-05 18:21:45.931 +10:00 [DBG] Using Identity.Application as default ASP.NET Core scheme for challenge
2022-05-05 18:21:45.931 +10:00 [DBG] Using Cookies as default ASP.NET Core scheme for forbid
2022-05-05 18:21:46.065 +10:00 [WRN] You do not have a valid license key for the Duende software. This is allowed for development and testing scenarios. If you are running in production you are required to have a licensed version. Please start a conversation with us: https://duendesoftware.com/contact
2022-05-05 18:21:46.222 +10:00 [INF] Now listening on: https://localhost:5001
2022-05-05 18:21:46.222 +10:00 [INF] Now listening on: http://localhost:5000
2022-05-05 18:21:46.223 +10:00 [INF] Application started. Press Ctrl+C to shut down.
2022-05-05 18:21:46.224 +10:00 [INF] Hosting environment: Development
2022-05-05 18:21:46.224 +10:00 [INF] Content root path: /Users/san/project/Sample/Falcon-Identity/Falcon-Identity/
2022-05-05 18:21:53.225 +10:00 [DBG] Login Url: /Account/Login
2022-05-05 18:21:53.227 +10:00 [DBG] Login Return Url Parameter: ReturnUrl
2022-05-05 18:21:53.227 +10:00 [DBG] Logout Url: /Account/Logout
2022-05-05 18:21:53.227 +10:00 [DBG] ConsentUrl Url: /consent
2022-05-05 18:21:53.227 +10:00 [DBG] Consent Return Url Parameter: returnUrl
2022-05-05 18:21:53.227 +10:00 [DBG] Error Url: /home/error
2022-05-05 18:21:53.227 +10:00 [DBG] Error Id Parameter: errorId
2022-05-05 18:21:53.273 +10:00 [DBG] CORS request made for path: /.well-known/openid-configuration from origin: https://localhost:5002
2022-05-05 18:21:53.333 +10:00 [DBG] Origin https://localhost:5002 is allowed: true
2022-05-05 18:21:53.334 +10:00 [DBG] CorsPolicyService allowed origin: https://localhost:5002
2022-05-05 18:21:53.346 +10:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2022-05-05 18:21:53.347 +10:00 [DBG] Endpoint enabled: Discovery, successfully created handler: Duende.IdentityServer.Endpoints.DiscoveryEndpoint
2022-05-05 18:21:53.349 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2022-05-05 18:21:53.350 +10:00 [DBG] Start discovery request
2022-05-05 18:21:53.443 +10:00 [INF] Active signing key found with kid C1C7E591CAF7B3C98C7ECACE9B6A6AC3 for alg RS256. Expires in "83.22:18:15". Retires in "97.22:18:15"
2022-05-05 18:21:53.478 +10:00 [DBG] Retrieve AuthenticationTicket for key E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:21:53.479 +10:00 [DBG] No ticket found in store for E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:21:53.480 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.481 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.482 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.487 +10:00 [DBG] Request path /connect/authorize matched to endpoint type Authorize
2022-05-05 18:21:53.496 +10:00 [DBG] Endpoint enabled: Authorize, successfully created handler: Duende.IdentityServer.Endpoints.AuthorizeEndpoint
2022-05-05 18:21:53.497 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.AuthorizeEndpoint for /connect/authorize
2022-05-05 18:21:53.498 +10:00 [DBG] Start authorize request
2022-05-05 18:21:53.503 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.505 +10:00 [DBG] No user present in authorize request
2022-05-05 18:21:53.505 +10:00 [DBG] Start authorize request protocol validation
2022-05-05 18:21:53.781 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:21:53.784 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:21:53.788 +10:00 [DBG] Checking for PKCE parameters
2022-05-05 18:21:53.796 +10:00 [DBG] Calling into custom validator: Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator
2022-05-05 18:21:53.802 +10:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"Falcon_Identity_Server","ClientName":"FalconIdentityServer","RedirectUri":"https://localhost:5002/auth-callback","AllowedRedirectUris":["http://localhost:4200/assets/silent-renew.html","http://localhost:4200/auth-callback","https://falconidentity.azurewebsites.net/assets/silent-callback.html","https://falconidentity.azurewebsites.net/swagger/oauth2-redirect.html","https://localhost:5001/swagger/oauth2-redirect.html","https://localhost:5002/assets/silent-callback.html","https://localhost:5002/auth-callback","https://oauth.pstmn.io/v1/callback"],"SubjectId":"anonymous","ResponseType":"code","ResponseMode":"query","GrantType":"authorization_code","RequestedScopes":"openid profile email","State":"aa753cd62b164242a2f04591b6bb0679","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":"","Raw":{"client_id":"Falcon_Identity_Server","redirect_uri":"https://localhost:5002/auth-callback","response_type":"code","scope":"openid profile email","state":"aa753cd62b164242a2f04591b6bb0679","code_challenge":"jD4jnETjtjqswT7vJTTPMpDSegpDpX7L7L3plAueqdI","code_challenge_method":"S256","response_mode":"query"},"$type":"AuthorizeRequestValidationLog"}
2022-05-05 18:21:53.809 +10:00 [INF] Showing login: User is not authenticated
2022-05-05 18:21:53.814 +10:00 [DBG] Retrieve AuthenticationTicket for key E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:21:53.815 +10:00 [DBG] No ticket found in store for E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:21:53.815 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.816 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.817 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.875 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.876 +10:00 [DBG] Start authorize request protocol validation
2022-05-05 18:21:53.942 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:21:53.942 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:21:53.942 +10:00 [DBG] Checking for PKCE parameters
2022-05-05 18:21:53.942 +10:00 [DBG] Calling into custom validator: Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator
2022-05-05 18:21:54.047 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:21:54.047 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:07.023 +10:00 [DBG] Retrieve AuthenticationTicket for key E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:22:07.023 +10:00 [DBG] No ticket found in store for E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B
2022-05-05 18:22:07.023 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.024 +10:00 [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-05 18:22:07.024 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.025 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.055 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.055 +10:00 [DBG] Start authorize request protocol validation
2022-05-05 18:22:07.199 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:07.199 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:07.199 +10:00 [DBG] Checking for PKCE parameters
2022-05-05 18:22:07.199 +10:00 [DBG] Calling into custom validator: Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator
2022-05-05 18:22:07.466 +10:00 [INF] AuthenticationScheme: Identity.Application signed in.
2022-05-05 18:22:07.477 +10:00 [DBG] Augmenting SignInContext
2022-05-05 18:22:07.478 +10:00 [DBG] Adding idp claim with value: local
2022-05-05 18:22:07.478 +10:00 [DBG] Adding amr claim with value: pwd
2022-05-05 18:22:07.478 +10:00 [DBG] Adding auth_time claim with value: 1651738927
2022-05-05 18:22:07.478 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.479 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:22:07.485 +10:00 [DBG] Creating entry in store for AuthenticationTicket, key C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598, with expiration: "2022-05-19T08:22:07.0000000Z"
2022-05-05 18:22:07.492 +10:00 [INF] AuthenticationScheme: Cookies signed in.
2022-05-05 18:22:07.495 +10:00 [DBG] Retrieve AuthenticationTicket for key C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598
2022-05-05 18:22:07.496 +10:00 [DBG] Ticket loaded for key: C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598, with expiration: "2022-05-19T08:22:07.0000000Z"
2022-05-05 18:22:07.499 +10:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize
2022-05-05 18:22:07.499 +10:00 [DBG] Endpoint enabled: Authorize, successfully created handler: Duende.IdentityServer.Endpoints.AuthorizeCallbackEndpoint
2022-05-05 18:22:07.500 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
2022-05-05 18:22:07.501 +10:00 [DBG] Start authorize callback request
2022-05-05 18:22:07.501 +10:00 [DBG] User in authorize request: 9717a359-f83b-43b3-97b3-2f04f1148988
2022-05-05 18:22:07.501 +10:00 [DBG] Start authorize request protocol validation
2022-05-05 18:22:07.758 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:07.758 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:07.758 +10:00 [DBG] Checking for PKCE parameters
2022-05-05 18:22:07.758 +10:00 [DBG] Calling into custom validator: Duende.IdentityServer.Validation.DefaultCustomAuthorizeRequestValidator
2022-05-05 18:22:07.763 +10:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"Falcon_Identity_Server","ClientName":"FalconIdentityServer","RedirectUri":"https://localhost:5002/auth-callback","AllowedRedirectUris":["http://localhost:4200/assets/silent-renew.html","http://localhost:4200/auth-callback","https://falconidentity.azurewebsites.net/assets/silent-callback.html","https://falconidentity.azurewebsites.net/swagger/oauth2-redirect.html","https://localhost:5001/swagger/oauth2-redirect.html","https://localhost:5002/assets/silent-callback.html","https://localhost:5002/auth-callback","https://oauth.pstmn.io/v1/callback"],"SubjectId":"9717a359-f83b-43b3-97b3-2f04f1148988","ResponseType":"code","ResponseMode":"query","GrantType":"authorization_code","RequestedScopes":"openid profile email","State":"aa753cd62b164242a2f04591b6bb0679","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":"C179DA1B9A4A6B426EB92E47F7AB9F6A","Raw":{"client_id":"Falcon_Identity_Server","redirect_uri":"https://localhost:5002/auth-callback","response_type":"code","scope":"openid profile email","state":"aa753cd62b164242a2f04591b6bb0679","code_challenge":"jD4jnETjtjqswT7vJTTPMpDSegpDpX7L7L3plAueqdI","code_challenge_method":"S256","response_mode":"query"},"$type":"AuthorizeRequestValidationLog"}
2022-05-05 18:22:07.851 +10:00 [DBG] Client is configured to not require consent, no consent is required
2022-05-05 18:22:07.853 +10:00 [DBG] Creating Authorization Code Flow response.
2022-05-05 18:22:07.903 +10:00 [DBG] 3A181978EF26F0DB98A1B2D2509C5ACF958EB7B4450AA81443F5F2C8B6572EDC not found in database
2022-05-05 18:22:08.039 +10:00 [DBG] Authorize endpoint response
{"SubjectId":"9717a359-f83b-43b3-97b3-2f04f1148988","ClientId":"Falcon_Identity_Server","RedirectUri":"https://localhost:5002/auth-callback","State":"aa753cd62b164242a2f04591b6bb0679","Scope":"openid profile email","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"}
2022-05-05 18:22:08.042 +10:00 [DBG] Augmenting SignInContext
2022-05-05 18:22:08.043 +10:00 [DBG] Renewing AuthenticationTicket for key C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598, with expiration: "2022-05-19T08:22:07.0000000Z"
2022-05-05 18:22:08.043 +10:00 [INF] AuthenticationScheme: Cookies signed in.
2022-05-05 18:22:08.231 +10:00 [DBG] CORS request made for path: /.well-known/openid-configuration from origin: https://localhost:5002
2022-05-05 18:22:08.244 +10:00 [DBG] Origin https://localhost:5002 is allowed: true
2022-05-05 18:22:08.244 +10:00 [DBG] CorsPolicyService allowed origin: https://localhost:5002
2022-05-05 18:22:08.244 +10:00 [DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2022-05-05 18:22:08.244 +10:00 [DBG] Endpoint enabled: Discovery, successfully created handler: Duende.IdentityServer.Endpoints.DiscoveryEndpoint
2022-05-05 18:22:08.245 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2022-05-05 18:22:08.246 +10:00 [DBG] Start discovery request
2022-05-05 18:22:08.247 +10:00 [INF] Active signing key found with kid C1C7E591CAF7B3C98C7ECACE9B6A6AC3 for alg RS256. Expires in "83.22:18:00". Retires in "97.22:18:00"
2022-05-05 18:22:08.253 +10:00 [DBG] CORS request made for path: /connect/token from origin: https://localhost:5002
2022-05-05 18:22:08.304 +10:00 [DBG] Origin https://localhost:5002 is allowed: true
2022-05-05 18:22:08.304 +10:00 [DBG] CorsPolicyService allowed origin: https://localhost:5002
2022-05-05 18:22:08.305 +10:00 [DBG] Request path /connect/token matched to endpoint type Token
2022-05-05 18:22:08.307 +10:00 [DBG] Endpoint enabled: Token, successfully created handler: Duende.IdentityServer.Endpoints.TokenEndpoint
2022-05-05 18:22:08.308 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.TokenEndpoint for /connect/token
2022-05-05 18:22:08.310 +10:00 [DBG] Start token request.
2022-05-05 18:22:08.311 +10:00 [DBG] Start client validation
2022-05-05 18:22:08.312 +10:00 [DBG] Start parsing Basic Authentication secret
2022-05-05 18:22:08.312 +10:00 [DBG] Start parsing for secret in post body
2022-05-05 18:22:08.312 +10:00 [DBG] client id without secret found
2022-05-05 18:22:08.312 +10:00 [DBG] Parser found secret: PostBodySecretParser
2022-05-05 18:22:08.313 +10:00 [DBG] Secret id found: Falcon_Identity_Server
2022-05-05 18:22:08.564 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:08.565 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:08.567 +10:00 [DBG] Public Client - skipping secret validation success
2022-05-05 18:22:08.567 +10:00 [DBG] Client validation success
2022-05-05 18:22:08.578 +10:00 [DBG] Start token request validation
2022-05-05 18:22:08.586 +10:00 [DBG] Start validation of authorization code token request
2022-05-05 18:22:08.613 +10:00 [DBG] 3A181978EF26F0DB98A1B2D2509C5ACF958EB7B4450AA81443F5F2C8B6572EDC found in database: true
2022-05-05 18:22:08.629 +10:00 [DBG] removing 3A181978EF26F0DB98A1B2D2509C5ACF958EB7B4450AA81443F5F2C8B6572EDC persisted grant from database
2022-05-05 18:22:08.649 +10:00 [DBG] Client required a proof key for code exchange. Starting PKCE validation
2022-05-05 18:22:08.654 +10:00 [DBG] Validation of authorization code token request success
2022-05-05 18:22:08.660 +10:00 [INF] Token request validation success, {"ClientId":"Falcon_Identity_Server","ClientName":"FalconIdentityServer","GrantType":"authorization_code","Scopes":null,"AuthorizationCode":"****76-1","RefreshToken":"********","UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"client_id":"Falcon_Identity_Server","code":"01F5B7A646A2C431F5F1329346846EF5BDE4A4A9103C3A2E56CFB2B6BCD61676-1","redirect_uri":"https://localhost:5002/auth-callback","code_verifier":"81c77066c9c1467b9fc4a3552869c834151bd60fa0064f708eafbb1f77a7aea5c46e71b9e5c84e93a3056d8d80ee146b","grant_type":"authorization_code"},"$type":"TokenRequestValidationLog"}
2022-05-05 18:22:08.792 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:08.792 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:08.795 +10:00 [DBG] Getting claims for access token for client: Falcon_Identity_Server
2022-05-05 18:22:08.796 +10:00 [DBG] Getting claims for access token for subject: 9717a359-f83b-43b3-97b3-2f04f1148988
2022-05-05 18:22:08.811 +10:00 [DBG] Claim types from profile service that were filtered: ["sub"]
2022-05-05 18:22:09.011 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:09.011 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:09.014 +10:00 [DBG] Getting claims for identity token for subject: 9717a359-f83b-43b3-97b3-2f04f1148988 and client: Falcon_Identity_Server
2022-05-05 18:22:09.014 +10:00 [DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
2022-05-05 18:22:09.017 +10:00 [DBG] Token request success.
2022-05-05 18:22:09.024 +10:00 [DBG] CORS request made for path: /connect/userinfo from origin: https://localhost:5002
2022-05-05 18:22:09.034 +10:00 [DBG] Origin https://localhost:5002 is allowed: true
2022-05-05 18:22:09.034 +10:00 [DBG] CorsPolicyService allowed origin: https://localhost:5002
2022-05-05 18:22:09.034 +10:00 [DBG] Request path /connect/userinfo matched to endpoint type Userinfo
2022-05-05 18:22:09.035 +10:00 [DBG] Endpoint enabled: Userinfo, successfully created handler: Duende.IdentityServer.Endpoints.UserInfoEndpoint
2022-05-05 18:22:09.036 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.UserInfoEndpoint for /connect/userinfo
2022-05-05 18:22:09.037 +10:00 [DBG] Start userinfo request
2022-05-05 18:22:09.038 +10:00 [DBG] Bearer token found in header
2022-05-05 18:22:09.188 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:09.188 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:09.311 +10:00 [DBG] Falcon_Identity_Server found in database: true
2022-05-05 18:22:09.311 +10:00 [DBG] client configuration validation for client Falcon_Identity_Server succeeded.
2022-05-05 18:22:09.321 +10:00 [DBG] Calling into custom token validator: Duende.IdentityServer.Validation.DefaultCustomTokenValidator
2022-05-05 18:22:09.322 +10:00 [DBG] Token validation success
{"ClientId":null,"ClientName":null,"ValidateLifetime":true,"AccessTokenType":"Jwt","ExpectedScope":"openid","TokenHandle":null,"JwtId":"614C94729DCAAA8A4D821A6CB515CADF","Claims":{"iss":"https://localhost:5001","nbf":1651738928,"iat":1651738928,"exp":1651739128,"scope":["openid","profile","email"],"amr":"pwd","client_id":"Falcon_Identity_Server","sub":"9717a359-f83b-43b3-97b3-2f04f1148988","auth_time":1651738927,"idp":"local","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier":"9717a359-f83b-43b3-97b3-2f04f1148988","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":"admin@local.com","http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress":"admin@local.com","AspNet.Identity.SecurityStamp":"1999ca9c-398d-4ffe-907a-b1f1b5e8cbfe","identityserver":"owner","fb_product":"owner","fb_order":"owner","fb_payment":"owner","sid":"C179DA1B9A4A6B426EB92E47F7AB9F6A","jti":"614C94729DCAAA8A4D821A6CB515CADF"},"$type":"TokenValidationLog"}
2022-05-05 18:22:09.324 +10:00 [DBG] Creating userinfo response
2022-05-05 18:22:09.325 +10:00 [DBG] Scopes in access token: openid profile email
2022-05-05 18:22:09.326 +10:00 [DBG] Requested claim types: 
2022-05-05 18:22:09.381 +10:00 [INF] Profile service returned the following claim types: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress AspNet.Identity.SecurityStamp sub identityserver fb_product fb_order fb_payment
2022-05-05 18:22:09.381 +10:00 [DBG] End userinfo request
2022-05-05 18:22:09.397 +10:00 [DBG] Retrieve AuthenticationTicket for key C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598
2022-05-05 18:22:09.398 +10:00 [DBG] Ticket loaded for key: C1BEC550ECB78D2E76A8FEFA6489CA9648CE9919F78115615A58A4B762D48598, with expiration: "2022-05-19T08:22:07.0000000Z"
2022-05-05 18:22:09.398 +10:00 [DBG] Request path /connect/checksession matched to endpoint type Checksession
2022-05-05 18:22:09.399 +10:00 [DBG] Endpoint enabled: Checksession, successfully created handler: Duende.IdentityServer.Endpoints.CheckSessionEndpoint
2022-05-05 18:22:09.399 +10:00 [INF] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.CheckSessionEndpoint for /connect/checksession
2022-05-05 18:22:09.400 +10:00 [DBG] Rendering check session result
2022-05-05 18:22:12.315 +10:00 [DBG] CORS request made for path: /UserManagement/GetAllUsers from origin: https://localhost:5002 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-05 18:22:12.348 +10:00 [INF] AuthenticationScheme: Identity.Application was challenged.
2022-05-05 18:22:12.352 +10:00 [DBG] CORS request made for path: /Account/Login from origin: https://localhost:5002 but was ignored because path was not for an allowed IdentityServer CORS endpoint

从上面的日志

2022-05-05 18:21:53.482 +10:00 [INF] Cookies was not authenticated. Failure message: Identity missing in session store
2022-05-05 18:21:53.505 +10:00 [DBG] No user present in authorize request
2022-05-05 18:21:53.479 +10:00 [DBG] No ticket found in store for E1183024D7FD528A15F9313DD6985CBA9C6E3D0B90C33469371D8C392B9F604B

1 个解决方案

解决方案1
 0  2022-05-04 08:54:01

为了更好地排除系统故障,我建议您将客户端应用程序、IdentityServer 和 API 放在单独的 ASP.NET Core 项目中。

为什么? 它使您的系统更容易推理、排除故障和理解。

我认为重点是当你构建一个身份解决方案时,你必须理解它,当你把它全部放在一个服务中时,它真的很难理解。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户未通过身份验证服务器 4 AuthorizationHandlerContext 身份服务器中无法访问自定义声明 4 JWT 身份服务器4并未显示所有用户声明 Identity Server 4 向用户添加自定义声明 对于区域/身份之外的每个页面,User.Claims 都是空的 用户的声明身份 使用 Duende 身份服务器和 RSK SAML 身份提供程序存储 Duende 身份服务器:如何将外部提供者令牌与 Duende 令牌一起返回到 Angular/WPF/MVC 客户端 向 Duende Identity Server 添加多个外部 oidc 提供 如何从 asp.net web api 中的身份声明获取 JWT 身份验证的登录用户
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM