堆棧內存溢出
  簡體   English   中英

ASP.Net Core-IdentityServer4客戶端憑據授權不起作用

[英]ASP.Net Core - IdentityServer4 client credentials authorization not working

 原文  2019-03-09 03:14:04       c#/ asp.net-core/ identityserver4

問題描述

我正在嘗試為IdentityServer4創建一個管理客戶端(請在此處發布時查看完整代碼: https : //github.com/TheMagnificent11/identity-server-admin/tree/0.0.1 )。

我已使用此處概述的標准步驟設置了ID服務器: http : //docs.identityserver.io/zh/latest/quickstarts/7_entity_framework.html 唯一的區別是,我已經將數據訪問層移到了一個單獨的.Net Standard庫中。

我創建了另一個使用客戶端憑據的網站。 客戶端是在ID Server站點啟動時配置的(在調試配置中運行時)。 這是代碼: 

public static void InitializeDatabase(
    this IApplicationBuilder app,
    string adminApiName,
    string clientId,
    string clientSecret)
{
#if DEBUG
    using (var serviceScope = app.ApplicationServices.GetService<IServiceScopeFactory>().CreateScope())
    {
        var appContext = serviceScope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
        appContext.Database.Migrate();

        var grantContext = serviceScope.ServiceProvider.GetRequiredService<PersistedGrantDbContext>();
        grantContext.Database.Migrate();

        var configContext = serviceScope.ServiceProvider.GetRequiredService<ConfigurationDbContext>();
        configContext.Database.Migrate();

        SeedAdminClient(adminApiName, clientId, clientSecret, configContext);
    }
#endif
}

private static void SeedAdminClient(string adminApiName, string clientId, string clientSecret, ConfigurationDbContext configContext)
{
    if (!configContext.IdentityResources.Any())
    {
        foreach (var resource in DefaultData.IdentityResources)
        {
            configContext.IdentityResources.Add(resource.ToEntity());
        }
    }

    if (!configContext.ApiResources.Any())
    {
        var apiResource = new ApiResource(adminApiName, "Identity Server Admin");
        configContext.ApiResources.Add(apiResource.ToEntity());
    }

    if (!configContext.Clients.Any())
    {
        var adminClient = new Client
        {
            ClientName = "Identity Server Admin",
            ClientId = clientId,
            ClientSecrets =
                {
                    new Secret(clientSecret.Sha256())
                },
            AllowedScopes =
                {
                    adminApiName
                },
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            Claims =
                {
                    new Claim(AdminClientClaims.ManageUsersType, AdminClientClaims.ManageUsersValue)
                }
        };

        configContext.Clients.Add(adminClient.ToEntity());
    }

    configContext.SaveChanges();
}

我可以使用客戶端憑據獲得令牌。 但是,使用令牌調用客戶端API會意外收到404(請求的Postman集合可在此處找到: https//github.com/TheMagnificent11/identity-server-admin/blob/0.0.1/postman_collection.json )。

這是客戶端API的API輸出: 

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST https://localhost:4001/users application/json 151
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint 'IdentityServer.Controllers.Users.UsersController.Post (IdentityServer.Admin)'
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Route matched with {action = "Post", controller = "Users"}. Executing action IdentityServer.Controllers.Users.UsersController.Post (IdentityServer.Admin)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[12]
      AuthenticationScheme: Identity.Application was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action IdentityServer.Controllers.Users.UsersController.Post (IdentityServer.Admin) in 69.589ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint 'IdentityServer.Controllers.Users.UsersController.Post (IdentityServer.Admin)'
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 284.0746ms 302
info: Microsoft.AspNetCore.Server.Kestrel[32]
      Connection id "0HLL47CTA76NM", Request id "0HLL47CTA76NM:00000001": the application completed without reading the entire request body.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET https://localhost:4001/Account/Login?ReturnUrl=%2Fusers

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 25.5762ms 404

有人知道我在做什么錯嗎?

2 個解決方案

解決方案1
 2 已采納  2019-03-09 06:57:07

看起來非常類似於此問題: https : //github.com/IdentityServer/IdentityServer4/issues/2406

我將其拉下並嘗試了以下操作: 

services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
    .AddJwtBearer(options =>
    {
        // etc..

這讓我得到了403,而不是404

解決方案2
 0  2019-03-09 05:14:57

如果您收到404響應,請確保您使用的是正確的GET / POST / PUT請求。 即使路由URL正確,在僅允許POST請求的路由上使用GET方法也會導致404。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 asp.net core 3 和 identityserver4 IdentityServer4 Asp.Net 核心身份 ASP.NET Core Identity的IdentityServer4基於角色的授權=訪問被拒絕 IdentityServer4 基於角色的 Web API 授權與 ASP.NET Core 標識 IdentityServer4 + ASP.Net Core Identity 從客戶端注銷不會在 ID4 上注銷 IdentityServer4 ASP.NET Core Identity 不會重定向回客戶端 如何將IdentityServer4與帶有ClientCredentials ASP.NET Core的Javascript客戶端一起使用 ASP.NET Core IdentityServer4 - 如何使用客戶端登錄頁面而不是 IdentityServer 登錄頁面? 將IdentityServer4集成到ASP.NET Core MVC和API ASP.NET Core-依賴注入-IdentityServer4 DbContext
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM