我有一个我想用Identity Server 4授权的角度应用程序 . 所以,我用ef创建了数据库,设法用Identity登录,但我不断从Identity Server获得 "User is not authenticated" . 我不使用mvc作为Identity Server的所有示例,所以我想要授权的角度应用程序 . 我的设置如下:
Config.cs:
public class Config
{
private readonly IOptions<IdentityServerOption> _options;
public Config(IOptions<IdentityServerOption> options)
{
_options = options;
}
public IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myApi", "Login API")
};
}
public IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile()
};
}
public IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "webClient",
ClientName = "Web Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedCorsOrigins = new List<string>
{
"http://localhost:4200"
},
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"myApi"
},
RedirectUris = new List<string>
{
"http://localhost:4200/home/"
},
AllowAccessTokensViaBrowser = true
}
};
}
}
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// database setup works fine, didn't show it
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<MyDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredUniqueChars = 6;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;
// User settings
options.User.RequireUniqueEmail = true;
});
services.AddOptions();
services.AddIdentityServer(o =>
{
o.IssuerUri = "http://localhost:5000";
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>().AddResourceOwnerValidator<CustomResourceOwnerPasswordValidator<ApplicationUser>>();
services.AddCors(options =>
{
// define policy that allows calling through this app
options.AddPolicy("default", policy =>
{
policy.WithOrigins(isOptions.AllowedCorsOrigins)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.ApiName = "myApi";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseIdentityServer();
app.UseCors("default");
app.UseMvc();
}
我显然缺少一些东西,任何人都可以帮忙吗?
更新:
这是我在控制台中得到的:
info:Microsoft.AspNetCore.Hosting.Internal.WebHost [1]请求启动HTTP / 1.1 GET http://localhost:5000/connect/authorize?client_id=webClient&redirect_uri=http%3A%2F%2Flocalhost%3A4300%2Fhrapps%2F&response_type=id_token%20token&scope=profile%20openid%20hrApi&nonce=N0.31465047010288671529050394126&state=15290500220560.42473005339627434 info:IdentityServer4.Hosting.IdentityServerMiddleware [0]调用IdentityServer endpoints :IdentityServer4.Endpoints.AuthorizeEndpoint for / connect / authorize info:IdentityServer4.Endpoints .AuthorizeEndpoint [0] ValidatedAuthorizeRequest {"ClientId":"webClient","ClientName":"Web Client","RedirectUri":“http://localhost:4200/home ", " AllowedRedirectUris ": [ " http://localhost:4200/home " ], " SubjectId ": "匿名", "的responseType ": " id_token令牌", " ResponseMode ": "片段", " GrantType ": "隐", " RequestedScopes ": "轮廓的OpenID myApi ", "国家": " 15290500220560.42473005339627434 ", " Nonce ": " N0.31465047010288671529050394126 ", " Raw ": { " client_id ": " webClient ", " redirect_uri ": " http://localhost:4200/home ", " response_type ": " id_token token ", " scope ": " profile openid myApi ", " nonce ": " N0.3 1465047010288671529050394126 ", " state ": " 15290500220560.42473005339627434“}} info:IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator [0]显示登录:用户未经过身份验证的信息:Microsoft.AspNetCore.Hosting.Internal.WebHost [2]请求已完成175.2379ms 302信息:Microsoft.AspNetCore .Hosting.Internal.WebHost [1]请求启动HTTP / 1.1 GET http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DwebClient%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%252Fhome%252F%26response_type%3Did_token%2520token%26scope%3Dprofile%2520openid%2520myApi%26nonce%3DN0.31465047010288671529050394126%26state%3D15290500220560.42473005339627434