我有一个用于托管IdentityServer3的ASP.NET MVC应用程序,但我想在同一主机上托管Angular WebAPI 2自定义管理应用程序 . 该管理员应用程序正在使用oidc-client库进行身份验证 . 下面是我的Startup类,用于配置IdentityServer并调用UseIdentityServerBearerTokenAuthentication方法 . 正如您所看到的,我在异步任务中调用了该方法,因为在IdentityServer启动之前很快就发生了这种情况 .
身份验证工作,我的Angular ajax请求充满了有效的访问令牌,但我没有得到WebApi控制器上的任何声明 . ClaimsPrincipal具有空的声明列表,并且IsAuthenticated为false . 我的客户端配置也正确设置 . 这个设置有问题吗?
public class Startup
{
public void Configuration(IAppBuilder app)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
var factory = new IdentityServerServiceFactory();
factory.Register<IdentityDatabaseModel>(new Registration<IdentityDatabaseModel>(typeof(IdentityDatabaseModel)));
factory.Register<UserDataService>(new Registration<UserDataService>(typeof(UserDataService)));
factory.Register<TokenDataService>(new Registration<TokenDataService>(typeof(TokenDataService)));
factory.Register<ClaimsDataService>(new Registration<ClaimsDataService>(typeof(ClaimsDataService)));
factory.Register<ClientDataService>(new Registration<ClientDataService>(typeof(ClientDataService)));
factory.UserService = new Registration<IUserService>(typeof(UserService));
factory.RefreshTokenStore = new Registration<IRefreshTokenStore, RefreshTokenStore>();
factory.ClientStore = new Registration<IClientStore, ClientStore>();
factory.UseInMemoryScopes(WebApplication1.Models.IS.Scopes.Get());
var options = new IdentityServerOptions
{
SigningCertificate = Certificate.Get(),
Factory = factory,
RequireSsl = false,
LoggingOptions = new LoggingOptions
{
//EnableHttpLogging = true,
EnableKatanaLogging = true,
EnableWebApiDiagnostics = true,
WebApiDiagnosticsIsVerbose = true
},
EnableWelcomePage = false
};
app.UseIdentityServer(options);
#region IdentityServer authentication
JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();
Task.Factory.StartNew(() => {
System.Threading.Thread.Sleep(5000);
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:17343",
RequiredScopes = new[] { "openid", "email", "roles", "profile" },
ClientId = "lsidentity",
ClientSecret = "secret"
});
});
#endregion
}
}
1 回答
问题是我需要在WebApi配置中配置IssuerName和SigningCertificate,所以它看起来像这样:
在github上有一个问题,但我一开始并没有找到它 . https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/issues/38
也没有必要将其称为任务,它现在工作正常 .