在此问题上的任何帮助将不胜感激。我在这件事上浪费了几天。
使用IdentityServer3对ASP.NET Core 3.1 MVC应用进行身份验证会导致运行时错误。身份服务器返回错误
客户端应用程序未知或未被授权
而不是登录屏幕。我们有一个ASP.NET MVC 5应用程序和一个与身份服务器配合使用的ASP.NET Core API。
我的方法是在.NET Core中重写ASP.NET MVC 5代码。我已尽我所能,没有找到有关如何进行此类翻译的任何文档。请查看下面的代码片段以获取详细信息。
正在运行的ASP.NET MVC 5代码:
//***
//commented all code that was not needed to get login screen to show up
//***
public void Configuration(IAppBuilder app)
{
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
ExpireTimeSpan = new TimeSpan(0, 300, 0),
SlidingExpiration = true
});
var clientBaseUrl = ConfigurationManager.AppSettings[ClientBaseUrlKey];
var identityServerBaseUrl = ConfigurationManager.AppSettings[IdentityServerBaseUrlKey];
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = identityServerBaseUrl,
ClientId = WebSettings.ClientId,
ResponseType = "code id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false//,
RedirectUri = $"{clientBaseUrl}/",
//PostLogoutRedirectUri = clientBaseUrl,
//Scope = "openid profile roles admin_certpay",
//Notifications = new OpenIdConnectAuthenticationNotifications
//{
...为简洁起见...});}
问题ASP.NET Core 3.1 MVC代码:
public void ConfigureServices(IServiceCollection服务){services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = "Cookies";
}).AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
{
o.Authority = "http://localhost/identity/";
o.ClientId = "actual value used here";
o.ResponseType = "code id_token token";
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.UseTokenLifetime = false;
//start - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.SignedOutRedirectUri = "http://localhost/CertPay.Admin/";
o.ReturnUrlParameter = "http://localhost/CertPay.Admin/";
//end - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.RequireHttpsMetadata = false; //fix to runtime error
});
//Played with Core API fix for the hell of it.
//.AddIdentityServerAuthentication(o =>
//{
// o.Authority = "http://localhost/identity/";
// //o.ApiName = "actual value here";
// o.LegacyAudienceValidation = true;
// o.RequireHttpsMetadata = true;
//});
}
[Pedro The Kid在this thread上提供的答案解决了我的问题。可以通过添加事件侦听器来补偿RedirectUri属性的删除。为了方便起见,佩德罗(Pedro)的摘录如下:
x.Events.OnRedirectToIdentityProvider = async n =>
{
n.ProtocolMessage.RedirectUri = <Redirect URI string>;
await Task.FromResult(0);
}