我是 IdS4 的新手。就我而言,我有 IdS4 和一个使用授权代码进行交互式身份验证方法的 Web 应用程序,使用 Opend Id Connect。本地一切正常。问题是当我在 Linux 服务器中发布 de IdS4 时:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
我可以使用网络浏览器完美访问 Ids4 网址:
https://pruebasids.xxxxx.com/ 和 https://pruebasids.xxxxx.com/.well-known/openid-configuration/
如果我尝试使用 https://pruebasids.xxxxx.com/connect/token 使用客户端凭据获取令牌,效果很好。
这是我的代码:
Ids 客户端配置:
new Client {
ClientId = "myWebapp",
ClientSecrets = { new Secret( "myPassword.Sha256( ) ) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:5444/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:5444/home/index" },
AllowOfflineAccess = true,
AllowedScopes = { "openid", "profile", "myApi.read", "myApi.write", "role" },
RequirePkce = true,
RequireConsent = false,
AllowPlainTextPkce = false
},
Ids4 启动配置
public void ConfigureServices( IServiceCollection services ) {
services.AddDbContext<ApplicationContext>( options =>
options.UseSqlServer( Configuration.GetConnectionString( "myDB" ) )
);
services.AddIdentityServer( )
.AddDeveloperSigningCredential( )
.AddInMemoryApiResources( Config.ApiResources )
.AddInMemoryClients( Config.Clients )
.AddInMemoryIdentityResources( Config.IdentityResources )
.AddInMemoryApiScopes( Config.ApiScopes )
.AddProfileService<ProfileService>( );
services.AddControllersWithViews( );
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure( IApplicationBuilder app, IWebHostEnvironment env ) {
if ( env.IsDevelopment( ) ) {
app.UseDeveloperExceptionPage( );
}
app.UseHttpsRedirection( );
app.UseStaticFiles( );
app.UseRouting( );
app.UseIdentityServer( );
app.UseAuthorization( );
app.UseEndpoints( endpoints => endpoints.MapDefaultControllerRoute( ) );
}
最后,我的 Web 应用程序启动配置:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews().AddJsonOptions(options => options.JsonSerializerOptions.PropertyNamingPolicy = null);
services.AddHttpClient();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookie";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookie", options =>
{
options.AccessDeniedPath = "/home/accessdenied";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://pruebasids.xxxxx.com";
options.MetadataAddress = "https://pruebasids.xxxxx.com/.well-known/openid-configuration";
options.ClientId = "myWebapp";
options.ClientSecret = "myPassword";
options.AccessDeniedPath = "/home/accessdenied";
options.SignedOutCallbackPath = "/home/index";
options.ResponseType = OpenIdConnectResponseType.Code;
options.UsePkce = true;
options.ResponseMode = OpenIdConnectResponseMode.Query;
options.SaveTokens = true;
options.Scope.Add("myApi.read");
options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapUniqueJsonKey("role", "role", "role");
options.TokenValidationParameters.NameClaimType = "name";
options.TokenValidationParameters.RoleClaimType = "role";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Please, any help is welcome.
Thanks
问题可能是由 Web 应用程序不信任的证书引起的。试试这个:
.AddOpenIdConnect("oidc", options =>
{
...
// add this lines
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true
};
});
注意:在生产中您应该始终验证证书。
你找到解决办法了吗?我有这个问题,但没有任何效果。