[英]IdentityServer4 Resource owner password and Win auth: unauthorized
[英]Identityserver4 with resource owner password returning 401 in resource server
具有自定義用戶存儲庫的IDENTITYSERVER4資源所有者密碼流
通過此鏈接創建了Identityserver,但是在資源服務器端,我無法授權API。
成功獲取訪問令牌。
在Start.cs文件中
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(QuickstartIdentityServer.Config.GetIdentityResources())
.AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
.AddInMemoryClients(QuickstartIdentityServer.Config.GetClients())
.AddCustomUserStore();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
}
來到Config.cs文件
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600, //86400,
IdentityTokenLifetime = 3600, //86400,
UpdateAccessTokenClaimsOnRefresh = false,
SlidingRefreshTokenLifetime = 30,
AllowOfflineAccess = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AlwaysSendClientClaims = true,
Enabled = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1", "openid"}
}
};
}
現在在資源服務器startup.cs文件中
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore().AddAuthorization().AddJsonFormatters();
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5001"; //This is the identity server url where we are getting accesstoken.
options.RequireHttpsMetadata = false;
options.ApiName = "openid";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
app.UseMvc();
}
在API中提到像
[Route("api/")]
[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)]
public class TestController : Controller
// GET: api/v1/users/5
[HttpGet("Hello")]
public async Task<IActionResult> getMessage()
{
return Ok("Hello");
}
}
當我將相同的訪問令牌傳遞給上述API時,如下所示,得到401。我需要傳遞任何東西嗎? 或我缺少任何驗證。
請幫我。
謝謝。
顯然,由於問題的性質,我無法重現您的問題,但是由於您可以獲得罰款的訪問令牌,但仍然收到401; 我認為這意味着您獲得的訪問令牌對於您向其發送請求的api無效。 我的猜測是.AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
的配置不正確,例如GetApiResources()
需要返回一個ApiResource
其Scopes
包含openid
,這是您用來請求訪問令牌的作用域。 希望這是有道理的。
我認為您應該更新資源服務器startup.cs文件的ConfigureServices方法,如下所示:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5001";
options.RequireHttpsMetadata = false;
options.ApiName = "openid";
});
// services.AddMvc();
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.