我从here下载了IdentityServer的代码。在IIS Express中运行IdentityServer3 \ Host.Web解决方案时,我可以使用TokenClient.RequestResourceOwnerPasswordAsync方法从控制台客户端进行身份验证。
但是,只要我将IdentityServer3 \ Host.Web切换为直接在IIS下运行,我就会收到以下错误:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
- Integrated authentication was used.
- the application pool identity is a custom account.
the server is a member of a domain.
我需要以不同方式配置以使IdentityServer3在IIS下工作吗?
答案 0 :(得分:1)
解决方案1:
看起来解决方法是将身份验证类型更改为PostValues:
var client = new TokenClient(
authenticationUrl,
"carbon",
"21B5F798-BE55-42BC-8AA8-0025B903DC3B",
AuthenticationStyle.PostValues);
var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");
请注意,您必须在构造函数中设置AuthenticationStyle。在构造之后设置它是有问题的,因为在构造函数中有条件地创建了认证头。
解决方案2:
禁用"基本身份验证"在IIS设置中。