identityserver3 Oauth2已登录Windows用户

时间:2015-06-18 16:30:20

标签: c# oauth-2.0 owin windows-authentication identityserver3

我是身份验证主题的新手。

我的方法是使用identityserver3来访问资源,我想使用OAuth2的资源所有者客户端流程,但是对于Windows用户,我想要类似于示例的内容,您可以使用登录的Windows获取访问令牌用户。

我尝试将https://github.com/IdentityServer/WindowsAuthentication设置为外部身份提供商,我在我的身份服务器中将其注册为WS-Fed Provider,如https://github.com/IdentityServer/IdentityServer3/issues/1157

中所示
class Startup
{
    public void Configuration(IAppBuilder app)
    {          
        var factory = InMemoryFactory.Create(   
            scopes: Scopes.Get(),
            clients: Clients.Get(),
            users: Users.Get());

        var AuthenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions();

        AuthenticationOptions.EnableLocalLogin = true;
        AuthenticationOptions.EnableLoginHint = true;
        AuthenticationOptions.EnableSignOutPrompt = true;
        AuthenticationOptions.IdentityProviders = ConfigureIdentityProviders;


        var userService = new ExternalRegistrationUserService();
        factory.UserService = new Registration<IUserService>(resolver => userService);

            var options = new IdentityServerOptions
            {
                SiteName = "Single Sign On",
                Factory = factory,
                RequireSsl = false,
                EnableWelcomePage = true,

                AuthenticationOptions = AuthenticationOptions,

            };

        app.UseIdentityServer(options);

    }

    private static Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions GetAuthenticationOptions()
    {

        var authenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions()
        {
            EnableSignOutPrompt = true,
            EnablePostSignOutAutoRedirect = true,
            PostSignOutAutoRedirectDelay = 0,
            IdentityProviders = ConfigureIdentityProviders

        };
        return authenticationOptions;
    }

    private static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
    {
        var adfs = new WsFederationAuthenticationOptions

        {
            AuthenticationType = "adfs",
            Caption = "Windows Account",
            SignInAsAuthenticationType = signInAsType,
            MetadataAddress = "http://localhost:6739", //url to WebHost project
            Wtrealm = "urn:idsrv3" 
        };

        app.UseWsFederationAuthentication(adfs);
    }
}

我有一个“外部登录”按钮,按下后我收到HTTP 500错误。

问题:

  1. 我选择了正确的课程吗?

  2. 我认为500错误不正常,下一步是做什么工作?

  3. 我现在如何以编程方式获取Acces Token,就像“最简单的OAuth2演练”一样?例如:

    public TokenResponse GetToken(string username, string password, string scope)
    {           
        OAuth2Client client = new OAuth2Client(
    
            new Uri("http://localhost.fiddler:44333/windows/authentication"),
            //client ID
            "carbon",
            //client secret
            "21B5F798-BE55-42BC-8AA8-0025B903DC3B");
    
        return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;            
    }
    

0 个答案:

没有答案