IdentityServer对同一主机中的管理应用程序的身份验证-Java 学习之路

我有一个用于托管IdentityServer3的ASP.NET MVC应用程序，但我想在同一主机上托管Angular WebAPI 2自定义管理应用程序 . 该管理员应用程序正在使用oidc-client库进行身份验证 . 下面是我的Startup类，用于配置IdentityServer并调用UseIdentityServerBearerTokenAuthentication方法 . 正如您所看到的，我在异步任务中调用了该方法，因为在IdentityServer启动之前很快就发生了这种情况 .

身份验证工作，我的Angular ajax请求充满了有效的访问令牌，但我没有得到WebApi控制器上的任何声明 . ClaimsPrincipal具有空的声明列表，并且IsAuthenticated为false . 我的客户端配置也正确设置 . 这个设置有问题吗？

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .WriteTo.Trace()
            .CreateLogger();


        var factory = new IdentityServerServiceFactory();

        factory.Register<IdentityDatabaseModel>(new Registration<IdentityDatabaseModel>(typeof(IdentityDatabaseModel)));
        factory.Register<UserDataService>(new Registration<UserDataService>(typeof(UserDataService)));
        factory.Register<TokenDataService>(new Registration<TokenDataService>(typeof(TokenDataService)));
        factory.Register<ClaimsDataService>(new Registration<ClaimsDataService>(typeof(ClaimsDataService)));
        factory.Register<ClientDataService>(new Registration<ClientDataService>(typeof(ClientDataService)));


        factory.UserService = new Registration<IUserService>(typeof(UserService));

        factory.RefreshTokenStore = new Registration<IRefreshTokenStore, RefreshTokenStore>();
        factory.ClientStore = new Registration<IClientStore, ClientStore>();


        factory.UseInMemoryScopes(WebApplication1.Models.IS.Scopes.Get());

        var options = new IdentityServerOptions
        {
            SigningCertificate = Certificate.Get(), 
            Factory = factory,
            RequireSsl = false,
            LoggingOptions = new LoggingOptions
            {
                //EnableHttpLogging = true,
                EnableKatanaLogging = true,
                EnableWebApiDiagnostics = true,
                WebApiDiagnosticsIsVerbose = true
            },
            EnableWelcomePage = false
        };
        app.UseIdentityServer(options);

        #region IdentityServer authentication
        JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

        Task.Factory.StartNew(() => {
            System.Threading.Thread.Sleep(5000);
            app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                Authority = "http://localhost:17343",
                RequiredScopes = new[] { "openid", "email", "roles", "profile" },
                ClientId = "lsidentity",
                ClientSecret = "secret"
            });
        });
        #endregion
    }
}

1 回答

问题是我需要在WebApi配置中配置IssuerName和SigningCertificate，所以它看起来像这样：

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
        {
            Authority = "http://localhost:17343",
            //Authority = "http://192.168.254.3:303",
            RequiredScopes = new[] { "openid",
                "email", "profile" },
            IssuerName = "http://localhost:17343", //added this
            SigningCertificate = Certificate.Get(), // ...and this
            // client credentials for the introspection endpoint
            ClientId = "lsidentity",
            ClientSecret = "secret".Sha256()
        });

在github上有一个问题，但我一开始并没有找到它 . https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/issues/38

也没有必要将其称为任务，它现在工作正常 .

回复于 2024-04-20T14:05:14+08:00

IdentityServer对同一主机中的管理应用程序的身份验证

1 回答

相关问题