我是身份验证主题的新手。
我的方法是使用identityserver3来访问资源,我想使用OAuth2的资源所有者客户端流程,但是对于Windows用户,我想要类似于示例的内容,您可以使用登录的Windows获取访问令牌用户。
我尝试将https://github.com/IdentityServer/WindowsAuthentication设置为外部身份提供商,我在我的身份服务器中将其注册为WS-Fed Provider,如https://github.com/IdentityServer/IdentityServer3/issues/1157
中所示class Startup
{
public void Configuration(IAppBuilder app)
{
var factory = InMemoryFactory.Create(
scopes: Scopes.Get(),
clients: Clients.Get(),
users: Users.Get());
var AuthenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions();
AuthenticationOptions.EnableLocalLogin = true;
AuthenticationOptions.EnableLoginHint = true;
AuthenticationOptions.EnableSignOutPrompt = true;
AuthenticationOptions.IdentityProviders = ConfigureIdentityProviders;
var userService = new ExternalRegistrationUserService();
factory.UserService = new Registration<IUserService>(resolver => userService);
var options = new IdentityServerOptions
{
SiteName = "Single Sign On",
Factory = factory,
RequireSsl = false,
EnableWelcomePage = true,
AuthenticationOptions = AuthenticationOptions,
};
app.UseIdentityServer(options);
}
private static Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions GetAuthenticationOptions()
{
var authenticationOptions = new Thinktecture.IdentityServer.Core.Configuration.AuthenticationOptions()
{
EnableSignOutPrompt = true,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
IdentityProviders = ConfigureIdentityProviders
};
return authenticationOptions;
}
private static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var adfs = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs",
Caption = "Windows Account",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "http://localhost:6739", //url to WebHost project
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(adfs);
}
}
我有一个“外部登录”按钮,按下后我收到HTTP 500错误。
问题:
我选择了正确的课程吗?
我认为500错误不正常,下一步是做什么工作?
我现在如何以编程方式获取Acces Token,就像“最简单的OAuth2演练”一样?例如:
public TokenResponse GetToken(string username, string password, string scope)
{
OAuth2Client client = new OAuth2Client(
new Uri("http://localhost.fiddler:44333/windows/authentication"),
//client ID
"carbon",
//client secret
"21B5F798-BE55-42BC-8AA8-0025B903DC3B");
return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;
}