我们有一个ASP.NET MVC应用程序,在没有针对IdentityServer3的问题的情况下进行身份验证,但是如果用户在大约3分钟后继续使用AJAX功能之前等待,则使用ApiController的应用程序的Web API部分开始失败(在3分钟之前,一切似乎都很好。)
Chrome中出现的错误是:
XMLHttpRequest无法加载 https://test-auth.myauthapp.com/auth/connect/authorize?client_id=ecan-farmda ... gwLTk5ZjMtN2QxZjUyMjgxNGE4MDg2NjFhZTAtOTEzNi00MDE3LTkzNGQtNTc5ODAzZTE1Mzgw。 No' Access-Control-Allow-Origin'标题出现在请求的上 资源。起源' http://test.myapp.com'因此是不允许的 访问。
在IE上我收到以下错误:
SCRIPT7002:XMLHttpRequest:网络错误0x4c7,操作是 被用户取消。
查看IdentityServer3的日志我看到如下条目:
2015-08-10 16:42 [警告] (Thinktecture.IdentityServer.Core.Configuration.Hosting.CorsPolicyProvider) 对路径的CORS请求:/ connect / authorize from origin: http://test.myapp.com但由于无效的CORS路径而被拒绝
在IdentityServer3 Web应用程序中,我向客户提供了AllowedCorsOrigins:
Thinktecture.IdentityServer.Core.Models.Client client = new Thinktecture.IdentityServer.Core.Models.Client()
{
Enabled = configClient.Enabled,
ClientId = configClient.Id,
ClientName = configClient.Name,
RedirectUris = new List<string>(),
PostLogoutRedirectUris = new List<string>(),
AllowedCorsOrigins = new List<string>(),
RequireConsent = false, // Don't show consents screen to user
RefreshTokenExpiration = Thinktecture.IdentityServer.Core.Models.TokenExpiration.Sliding
};
foreach (Configuration.RegisteredUri uri in configClient.RedirectUris)
{
client.RedirectUris.Add(uri.Uri);
}
foreach (Configuration.RegisteredUri uri in configClient.PostLogoutRedirectUris)
{
client.PostLogoutRedirectUris.Add(uri.Uri);
}
// Quick hack to try and get CORS working
client.AllowedCorsOrigins.Add("http://test.myapp.com");
client.AllowedCorsOrigins.Add("http://test.myapp.com/"); // Don't think trailing / needed, but added just in case
clients.Add(client);
在注册服务时,我添加了InMemoryCorsPolicyService:
app.Map("/auth", idsrvApp =>
{
var factory = new IdentityServerServiceFactory();
factory.Register(new Registration<AuthContext>(resolver => AuthObjects.AuthContext));
factory.Register(new Registration<AuthUserStore>());
factory.Register(new Registration<AuthRoleStore>());
factory.Register(new Registration<AuthUserManager>());
factory.Register(new Registration<AuthRoleManager>());
// Custom user service used to inject custom registration workflow
factory.UserService = new Registration<IUserService>(resolver => AuthObjects.AuthUserService);
var scopeStore = new InMemoryScopeStore(Scopes.Get());
factory.ScopeStore = new Registration<IScopeStore>(scopeStore);
var clientStore = new InMemoryClientStore(Clients.Get());
factory.ClientStore = new Registration<IClientStore>(clientStore);
var cors = new InMemoryCorsPolicyService(Clients.Get());
factory.CorsPolicyService = new Registration<ICorsPolicyService>(cors);
...
var options = new IdentityServerOptions
{
SiteName = "Authentication",
SigningCertificate = LoadCertificate(),
Factory = factory,
AuthenticationOptions = authOptions
};
...
});
我注意到IdentityServer3日志条目说&#34;为路径做出的CORS请求:/ connect / authorize&#34;而不是&#34; CORS请求路径:/ auth / connect / authorize&#34;。但是查看IdentityServer3源代码表明这可能不是问题。
也许InMemoryCorsPolicyService没有被选中?
为什么事情不适用于AJAX的任何想法都叫做ApiController?
使用NuGet安装了Thinktecture.IdevtityServer3 v1.6.2。
更新
我正在与IdentityServer3开发人员进行对话,但我仍然遇到了解决问题的问题。万一有帮助:
https://github.com/IdentityServer/IdentityServer3/issues/1697