我在IIS中运行,如果这会产生任何影响。部署环境将是IIS,未来有可能重新部署到Linux。
当我尝试使用tokenclient进行身份验证时,我收到了401.1响应。
更新:当我从控制台运行时,它可以运行。当我部署到IIS并运行它时,在默认部署下我得到一个503,然后我最终将web.config重新放入,然后401回来。
我抓住了示例代码,一旦我按下step by step,就发现一步一步错过了一步。我没看到它在哪里说我需要app.UseIdentityServer();,但众所周知的配置没有出现,所以我觉得这很关键。
但是,现在我的创业公司有以下内容:
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(SeedData.GetApiResources())
.AddInMemoryClients(SeedData.GetClients());
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseIdentityServer();
}
使用以下代码,我可以获得发现和端点:
var disco = DiscoveryClient.GetAsync(URL.ToLower()).Result;
if (disco.IsError)
Assert.Fail($"Discovery: {disco.Error}");
else
Assert.IsTrue(true, "Auth: Passed");
但是,我无法通过以下方式获得身份验证: var disco = DiscoveryClient.GetAsync(URL.ToLower())。结果;
if (disco.IsError)
Assert.Fail($"Discovery: {disco.Error}");
var client = new TokenClient(
disco.TokenEndpoint,
"client",
"secret");
var token = client
.RequestClientCredentialsAsync(scope: "api1")
.Result;
Assert.IsTrue(
!token.IsError,
$"Auth: \"{token.Error}\"\n"
+ $"Token: \"{token.IdentityToken}\"\n"
+ $"StatusCode: \"{token.HttpStatusCode}\"\n"
+ $"Raw: \n{token.Raw}.");
Assert.IsFalse(string.IsNullOrEmpty(token.IdentityToken));
这是我的种子数据:(除了类重命名,我保持它与示例代码相同。) 公共静态类SeedData { public static IEnumerable GetApiResources() { 返回新列表 { 新的ApiResource(" api1","我的API") }; }
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1" }
}
};
}
}
此外,program.cs文件中的main函数是默认值。我决定不修改。
public class Program
{
public static void Main(string[] args)
{
BuildWebHost(args).Run();
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.Build();
}
这是我的IIS日志
|date|time|s-sitename|s-computername|s-ip|cs-method|cs-uri-stem|cs-uri-query|s-port|cs-username|c-ip|cs-version|cs(User-Agent)|cs(Cookie)|cs(Referer)|cs-host|sc-status|sc-substatus|sc-win32-status|sc-bytes|cs-bytes|time-taken|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|2018-03-28|11:05:19|W3SVC1|DESKTOP-TUNIQJE|::1|GET|/myurl/.well-known/openid-configuration|-|80|-|::1|HTTP/1.1|-|-|-|localhost|200|0|0|1606|111|3|
|2018-03-28|11:05:19|W3SVC1|DESKTOP-TUNIQJE|::1|GET|/myurl/.well-known/openid-configuration/jwks|-|80|-|::1|HTTP/1.1|-|-|-|localhost|200|0|0|640|116|3|
|2018-03-28|11:05:19|W3SVC1|DESKTOP-TUNIQJE|::1|POST|/myurl/connect/token|-|80|client|::1|HTTP/1.1|-|-|-|localhost|401|1|1326|6485|231|1|
由于日志转储不在此处格式化为表格,因此摘要
/myurl/.well-known/openid-configuration给了我一个200,一个适当的json文件用于发现(get)/myurl/.well-known/openid-configuration/jwks正在生成正确的json响应(get)这是我的serilog转储,来自在控制台上运行站点,而不是IIS。它似乎以这种方式工作。
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\me\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
info: IdentityServer4.Startup[0]
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
dbug: IdentityServer4.Startup[0]
Using idsrv as default scheme for authentication
dbug: IdentityServer4.Startup[0]
Using idsrv as default scheme for sign-in
dbug: IdentityServer4.Startup[0]
Using idsrv as default scheme for sign-out
dbug: IdentityServer4.Startup[0]
Using idsrv as default scheme for challenge
dbug: IdentityServer4.Startup[0]
Using idsrv as default scheme for forbid
Hosting environment: Development
Content root path: C:\rep\application
Now listening on: http://localhost:63656
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:63656/
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 170.4696ms 404
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:63656/.well-known/openid-configuration
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
dbug: IdentityServer4.Endpoints.DiscoveryEndpoint[0]
Start discovery request
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 403.6945ms 200 application/json; charset=UTF-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:63656/.well-known/openid-configuration/jwks
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
dbug: IdentityServer4.Endpoints.DiscoveryKeyEndpoint[0]
Start key discovery request
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 147.2603ms 200 application/json; charset=UTF-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:63656/.well-known/openid-configuration
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
dbug: IdentityServer4.Endpoints.DiscoveryEndpoint[0]
Start discovery request
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 84.5783ms 200 application/json; charset=UTF-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:63656/.well-known/openid-configuration/jwks
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
dbug: IdentityServer4.Endpoints.DiscoveryKeyEndpoint[0]
Start key discovery request
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 64.7313ms 200 application/json; charset=UTF-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://localhost:63656/connect/token application/x-www-form-urlencoded 40
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.SecretParser[0]
Parser found secret: BasicAuthenticationSecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
Secret id found: client
dbug: IdentityServer4.Validation.SecretValidator[0]
Secret validator success: HashedSharedSecretValidator
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Client validation success
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
Start token request validation
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
Start client credentials token request validation
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
client credentials token request validation success
info: IdentityServer4.Validation.TokenRequestValidator[0]
Token request validation success
{
"ClientId": "client",
"GrantType": "client_credentials",
"Scopes": "api1",
"Raw": {
"grant_type": "client_credentials",
"scope": "api1"
}
}
dbug: IdentityServer4.Services.DefaultClaimsService[0]
Getting claims for access token for client: client
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Token request success.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 745.8062ms 200 application/json; charset=UTF-8
更新:我添加了Serlog,并且没有任何报告。失败的请求跟踪也没有返回任何内容。
答案 0 :(得分:0)
事实证明我的电脑存在严重问题。当我将代码推送到Azure时,它运行得很好。
目前我正在考虑将其关闭,但是一旦我弄清楚IIS出了什么问题,我会添加评论。
记录m3n7alsnak3应该是得到答案的人,因为这是他投入的时间让我得到这个解决方案。