我正在尝试将一个子目录添加到我的身份服务器,因此可以将其与nginx一起使用。
注意,这是具有UI的身份服务器,请参阅(quickstart ui)
仔细研究了身份服务器的github问题之后,我设法找到了实际添加该子目录的代码。
这是我的配置:
public void Configure(IApplicationBuilder app)
{
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.Map("/auth", app =>
{
app.UseRouting();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
app.UseIdentityServer();
});
}
但是,当我导航到http://xxx:8888/auth/account/login并尝试登录并接收身份cookie时,URL保持不变,并且显示空白屏幕且没有cookie。应该发生的是,应该以特定用户登录后将我重定向回首页。
这似乎仅在我添加子目录时发生。
注意,众所周知的端点在通过password获得访问令牌为resource owner或/auth时可以正常工作。
这是我的配置服务,这里缺少什么吗?:
public void ConfigureServices(IServiceCollection services)
{
string connectionString = Configuration.GetConnectionString("AzureConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
services.AddControllersWithViews().AddRazorRuntimeCompilation();
services.AddRazorPages()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
});
services.AddDbContext<IdentityDbContext>(options => options.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)));
services.AddDbContext<ConfigurationDbContext>(options => options.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)));
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.SignIn.RequireConfirmedEmail = true;
})
.AddEntityFrameworkStores<IdentityDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddOpenIdConnect("azuread", "Azure AD", options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>("azuread", options =>
{
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.HandleResponse();
context.Response.Redirect("/Account/Logout");
return Task.FromResult(0);
}
};
});
var builder = services.AddIdentityServer(options =>
{
options.IssuerUri = "http://xxx:8888";
options.PublicOrigin = "http://xxx:8888";
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.UserInteraction.LoginUrl = "/Account/Login";
options.UserInteraction.LogoutUrl = "/Account/Logout";
options.Authentication = new IdentityServer4.Configuration.AuthenticationOptions()
{
CookieLifetime = TimeSpan.FromHours(10), // ID server cookie timeout set to 10 hours
CookieSlidingExpiration = true
};
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly));
options.EnableTokenCleanup = true;
})
.AddAspNetIdentity<ApplicationUser>();
}
实际上,可根据要求在具有公共URL的VM上对其进行测试。
我的第一个观察结果是,您应该将各种app.UseXXXX语句放在App.Map方法之前。我还在下面的代码中重新排列了中间件。
public void Configure(IApplicationBuilder app)
{
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.Map("/auth", app =>
{
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
});
}
而且,UseIdentityServer包括对UseAuthentication的调用,因此不必同时拥有两者。