我有一个ASP.Net Web表单站点,我想要与Identity Server 3进行身份验证。在Identity Server应用程序中,我有一个Scopes列表(其中一个是“email”)。但是,当我运行我的代码并尝试进行身份验证时,我收到错误。如果我删除Scope属性,它运行正常,但不包括我请求的Scope字段(只有通用声明)。这是我的代码:
Public Sub ConfigureAuth(app As IAppBuilder)
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = New Dictionary(Of String, String)
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationType = "Cookies"
})
Dim OpenIdAuthOption = New OpenIdConnectAuthenticationOptions() With {
.Authority = "https://myidentityserver.azurewebsites.net/core/",
.ClientId = "adfasdfafasdfasfasf",
.RedirectUri = "https://localhost:44321/default.aspx/",
.ResponseType = OpenIdConnectResponseType.IdTokenToken,
.SignInAsAuthenticationType = "Cookies",
.Scope = "email",
.Notifications = New OpenIdConnectAuthenticationNotifications() With {
.SecurityTokenReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.MessageReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.SecurityTokenValidated = Function(ctx)
Dim claimPrincipal = ctx.AuthenticationTicket.Identity
TransformClaims(claimPrincipal)
Return Task.FromResult(0)
End Function,
.AuthorizationCodeReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.RedirectToIdentityProvider = Function(context)
RedirectLogin(context)
Return Task.FromResult(0)
End Function
}
}
app.UseOpenIdConnectAuthentication(OpenIdAuthOption)
End Sub
我得到的错误是:
“OpenIdConnectMessage.Error不为null,表示错误。错误:'invalid_request'.Error_Description(可能为空):''。Error_Uri(可能为空):''。”
任何人都可以解释我如何从Identity Server获取范围值(如“电子邮件”)?
在您的客户端配置范围内添加openid,如果您使用响应类型(IdTokenToken / CodeIdToken / CodeToken / CodeIdTokenToken),则必须具有该范围
你的代码应该是这样的
Dim OpenIdAuthOption = New OpenIdConnectAuthenticationOptions() With {
.Authority = "https://myidentityserver.azurewebsites.net/core/",
.ClientId = "adfasdfafasdfasfasf",
.RedirectUri = "https://localhost:44321/default.aspx/",
.ResponseType = OpenIdConnectResponseType.IdTokenToken,
.SignInAsAuthenticationType = "Cookies",
.Scope = "openid email",
.Notifications = New OpenIdConnectAuthenticationNotifications() With {
.SecurityTokenReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.MessageReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.SecurityTokenValidated = Function(ctx)
Dim claimPrincipal = ctx.AuthenticationTicket.Identity
TransformClaims(claimPrincipal)
Return Task.FromResult(0)
End Function,
.AuthorizationCodeReceived = Function(ctx)
Return Task.FromResult(0)
End Function,
.RedirectToIdentityProvider = Function(context)
RedirectLogin(context)
Return Task.FromResult(0)
End Function
}
}