我在同一个项目中有Asp.net MVC Web应用程序和webapi。我使用资源所有者凭据流进行身份管理。是否可以在同一个startup.cs中配置webapi,客户端和身份服务器(startup.cs of尝试在同一个startup.cs中配置webapi和身份服务器时,我最终遇到以下错误 “IdentityServer3.AccessTokenValidation.dll中发生类型'System.InvalidOperationException'的异常,但未处理在用户代码中 其他信息:IDX10803:无法创建以从以下位置获取配置:“https://localhost:44303/.well-known/openid-configuration”。“
这是我的startup.cs的代码:
using IdentityServer3.AccessTokenValidation;
using IdentityServer3.Core.Configuration;
using IdentityServer3.Core.Services;
using IdentityServer3.Core.Services.Default;
using MarilynIdentityServer.IdentityServer;
using Microsoft.Owin;
using Owin;
using System;
//using System.IdentityModel.Claims;
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using System.Web.Http;
using System.Linq;
[assembly: OwinStartupAttribute(typeof(MarilynIdentityServer.Startup))]
namespace MarilynIdentityServer
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
var userService = new UserLoginService();
factory.UserService = new Registration<IUserService>(resolver => userService);
factory.CorsPolicyService = new Registration<ICorsPolicyService>(new DefaultCorsPolicyService { AllowAll = true });
var option = new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
SigningCertificate = LoadCertificate(),
Factory = factory,
//AuthenticationOptions = new AuthenticationOptions
//{
// //EnableLocalLogin = false,
// IdentityProviders = ConfigureIdentityProviders
//},
};
app.UseIdentityServer(option);
app.Map("/api", idsrvApi =>
{
// token validation
idsrvApi.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44303/",
RequiredScopes = new[] { "sampleApi" }
});
// add app local claims per request
idsrvApi.UseClaimsTransformation(incoming =>
{
// either add claims to incoming, or create new principal
var appPrincipal = new ClaimsPrincipal(incoming);
incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
return Task.FromResult(appPrincipal);
});
// web api configuration
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
idsrvApi.UseWebApi(config);
});
}
X509Certificate2 LoadCertificate()
{
return new X509Certificate2(
string.Format(@"{0}bin\identityServer\idsrv3test.pfx", AppDomain.CurrentDomain.BaseDirectory), "idsrv3test");
}
}
}
总结是否可以在同一个应用程序中配置WebApi,Webapplication和Identity Server?
任何帮助都将不胜感激。
此致 阿米特
答案 0 :(得分:1)
绝对有可能,但是我无法找到本地身份服务器时遇到类似的问题。
通常解决这个问题的方法是修改管道,让Identity Server拥有自己的app.Map块而不是root。这似乎使身份验证中间件可以发现它。
如果您尝试这样做,请不要忘记更新身份验证中间件中的权限。
答案 1 :(得分:1)
我使用Scott Brady的post和Andras Nemes post的组合达到了此问题所述的目标,两者都非常出色。这是适合我的Startup.cs:
using IdentityServer3.Core.Configuration;
using Owin;
using System.Web.Http;
namespace idsvr3owin
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
// kick the Web API piece of this app
app.Map(
"/api",
apiApp => {
HttpConfiguration httpConfiguration = new HttpConfiguration();
// api.App_Start is a namespace in my app
api.App_Start.WebApiConfig.Register(httpConfiguration);
apiApp.UseWebApi(httpConfiguration);
}
);
// kick the IdentityServer3 piece of this app
app.Map(
"/identity",
identityApp =>
{
identityApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
// idsvr3 is a namespace in my app
SigningCertificate = idsvr3.Cert.LoadCertificate(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryClients(idsvr3.Clients.Get())
.UseInMemoryScopes(idsvr3.Scopes.Get())
.UseInMemoryUsers(idsvr3.Users.Get()),
RequireSsl = true
});
}
);
}
}
}