thinktecture identityserver v3

时间:2014-12-03 15:39:59

标签: asp.net-mvc thinktecture-ident-server identityserver3

尝试将Thinctecture identityserver v3用作多个mvc应用程序的简单sts 我能够遍历所提供的示例应用程序并且运行正常,但它们都使用嵌入式身份服务器。我需要将identityserver作为一个单独的应用程序,以便我可以将它用作多个应用程序的sts。当我尝试运行身份服务器并将示例mvc应用程序连接到它时似乎缺少某些东西。

示例mvc应用程序使用katana

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions...

但我只是不了解如何正确配置外部应用服务。 我的猜测是我没有使用正确的端点。

这是我的依赖方配置为mvc。 然后我在这里运行最新的IS v3:      :44333

在mvc应用程序中,每当我尝试导航到需要授权的视图时,我都会得到异常。

堆栈追踪:

[HttpRequestException: Response status code does not indicate success: 404 (Not Found).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +87960
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +496

[IOException: Unable to get document from: https://localhost:44333/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +830
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +512
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1332

这是mvc应用程序中的完整身份验证配置。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    //Authority = "https://localhost:44319/identity",
    Authority = "https://localhost:44333",
    ClientId = "mvc",
    Scope = "openid profile roles",
    RedirectUri = "https://localhost:44319/",

    SignInAsAuthenticationType = "Cookies",
    UseTokenLifetime = false,

    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        SecurityTokenValidated = async n =>
            {
                var id = n.AuthenticationTicket.Identity;

                // we want to keep first name, last name, subject and roles
                var givenName = id.FindFirst(Constants.ClaimTypes.GivenName);
                var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName);
                var sub = id.FindFirst(Constants.ClaimTypes.Subject);
                var roles = id.FindAll(Constants.ClaimTypes.Role);

                // create new identity and set name and role claim type
                var nid = new ClaimsIdentity(
                    id.AuthenticationType,
                    Constants.ClaimTypes.GivenName,
                    Constants.ClaimTypes.Role);

                nid.AddClaim(givenName);
                nid.AddClaim(familyName);
                nid.AddClaim(sub);
                nid.AddClaims(roles);

                // keep the id_token for logout
                nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                // add some other app specific claim
                nid.AddClaim(new Claim("app_specific", "some data"));

                n.AuthenticationTicket = new AuthenticationTicket(
                    nid,
                    n.AuthenticationTicket.Properties);
            },
        RedirectToIdentityProvider = async n =>
            {
                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                {
                    var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                    if (idTokenHint != null)
                    {
                        n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                    }
                }
            }
    }
});

1 个答案:

答案 0 :(得分:0)

您的终端缺少最后的/identity