我创建了一个身份服务器来发布令牌。使用identityserver3进行设置。我使用带密码的本地.pfx证书来签署令牌。
这工作得很好但不确定为什么我会收到附件中显示的以下错误。
真让我疯了。
下面是授权服务器上startup.cs中的代码。证书文件位于\ bin \ debug文件夹中
public class X509Certificate2Wrapper : IX509Certificate2Wrapper
{
public X509Certificate2 LoadCertificate(string filename, string password)
{
var path = $@"{AppDomain.CurrentDomain.BaseDirectory}{filename}";
return new X509Certificate2(path, password);
}
}
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Identity Manager",
IssuerUri = Common.Constants.IdSrvIssuerUri,
SigningCertificate = X509Certificate2Wrapper.LoadCertificate(CertificateFilename, CertificatePassword),
Factory = factory,
RequireSsl = true,
EnableWelcomePage = false,
AuthenticationOptions = new AuthenticationOptions
{
EnableSignOutPrompt = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 3,
CookieOptions = new IdentityServer3.Core.Configuration.CookieOptions
{
ExpireTimeSpan = new TimeSpan(0, IdentityServerServices.AuthenticationTimeout(), 0),
SlidingExpiration = true
},
//
// Note: Uncomment following line to enable WindowsAuthentication only - logout related settings will also require removal!
//
//EnableLocalLogin = false,
IdentityProviders = ConfigureIdentityProviders
},
Endpoints = new EndpointOptions
{
EnableAccessTokenValidationEndpoint = true,
EnableAuthorizeEndpoint = true,
EnableCheckSessionEndpoint = false,
EnableClientPermissionsEndpoint = false,
EnableCspReportEndpoint = false,
EnableDiscoveryEndpoint = true,
EnableEndSessionEndpoint = true,
EnableIdentityTokenValidationEndpoint = true,
EnableIntrospectionEndpoint = false,
EnableTokenEndpoint = true,
EnableTokenRevocationEndpoint = false,
EnableUserInfoEndpoint = true
}
});
});
不确定这是完美的答案。但我做了以下工作,一切正常。
i)遵循https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates中提到的证书的步骤
ii)为了解决这个问题,我将“localhost”IIS Express证书从个人CertStore移到了受信任的根证书颁发机构,问题就消失了。