OpenID Connect服务器与ASOS,.NET Core管道

时间:2016-08-12 01:32:11

标签: oauth-2.0 asp.net-core openid-connect aspnet-contrib

我已经开始使用ASOS通过实施资源所有者密码凭据授权来使用OpenID Connect服务器。然而,当我使用邮递员测试它时,我得到通用的500内部服务器错误。

这是我的调试乐趣代码。感谢您的反馈。

由于

-Biruk

这是我的Startup.cs

    public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.

        services.AddAuthentication(options => {
            options.SignInScheme = "ServerCookie";
        });


        services.AddApplicationInsightsTelemetry(Configuration);

        services.AddMvc();

        services.AddSession(options => {
            options.IdleTimeout = TimeSpan.FromMinutes(30);
        });
    }




    public void Configure(IApplicationBuilder app, IHostingEnvironment env, LoggerFactory loggerFactory)
    {

        app.UseOAuthValidation();


        app.UseOpenIdConnectServer(options => {
            // Create your own authorization provider by subclassing
            // the OpenIdConnectServerProvider base class.
            options.Provider = new AuthorizationProvider();

            // Enable the authorization and token endpoints.
           // options.AuthorizationEndpointPath = "/connect/authorize";
            options.TokenEndpointPath = "/connect/token";

            // During development, you can set AllowInsecureHttp
            // to true to disable the HTTPS requirement.
            options.ApplicationCanDisplayErrors = true;
            options.AllowInsecureHttp = true;

            // Note: uncomment this line to issue JWT tokens.
            // options.AccessTokenHandler = new JwtSecurityTokenHandler();
        });

        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        app.UseApplicationInsightsRequestTelemetry();

        app.UseApplicationInsightsExceptionTelemetry();

        app.UseMvc();
    }

这是我的AuthorizationProvider.cs

public sealed class AuthorizationProvider : OpenIdConnectServerProvider
{
    public Task<User> GetUser()
    {

        return Task.Run(()=> new User { UserName = "biruk60", Password = "adminUser123" });
    }
    // Implement OnValidateAuthorizationRequest to support interactive flows (code/implicit/hybrid).
    public override Task ValidateTokenRequest(ValidateTokenRequestContext context)
    {
        // Reject the token request that don't use grant_type=password or grant_type=refresh_token.
        if (!context.Request.IsPasswordGrantType() && !context.Request.IsRefreshTokenGrantType())
        {
            context.Reject(
                error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
                description: "Only resource owner password credentials and refresh token " +
                             "are accepted by this authorization server");

            return Task.FromResult(0);
        }

        // Since there's only one application and since it's a public client
        // (i.e a client that cannot keep its credentials private), call Skip()
        // to inform the server the request should be accepted without 
        // enforcing client authentication.
        context.Skip();

        return Task.FromResult(0);
    }



    public override async Task HandleTokenRequest(HandleTokenRequestContext context)
    {
        //// Resolve ASP.NET Core Identity's user manager from the DI container.
        //var manager = context.HttpContext.RequestServices.GetRequiredService<UserManager<ApplicationUser>>();

        // Only handle grant_type=password requests and let ASOS
        // process grant_type=refresh_token requests automatically.
        if (context.Request.IsPasswordGrantType())
        {
            // var user = await manager.FindByNameAsync(context.Request.Username);

            var user = await GetUser();//new { userName = "briuk60@gmail.com", password = "adminUser123" };
            if (user == null)
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidGrant,
                    description: "Invalid credentials.");

                return;
            }

            if (user != null && (user.Password == context.Request.Password))
            {




                var identity = new ClaimsIdentity(context.Options.AuthenticationScheme);

                // Note: the name identifier is always included in both identity and
                // access tokens, even if an explicit destination is not specified.
               // identity.AddClaim(ClaimTypes.NameIdentifier, await manager.GetUserId(user));

                // When adding custom claims, you MUST specify one or more destinations.
                // Read "part 7" for more information about custom claims and scopes.
                identity.AddClaim("username", "biruk60",
                    OpenIdConnectConstants.Destinations.AccessToken,
                    OpenIdConnectConstants.Destinations.IdentityToken);

                // Create a new authentication ticket holding the user identity.
                var ticket = new AuthenticationTicket(
                    new ClaimsPrincipal(identity),
                    new AuthenticationProperties(),
                    context.Options.AuthenticationScheme);

                // Set the list of scopes granted to the client application.
                ticket.SetScopes(
                    /* openid: */ OpenIdConnectConstants.Scopes.OpenId,
                    /* email: */ OpenIdConnectConstants.Scopes.Email,
                    /* profile: */ OpenIdConnectConstants.Scopes.Profile);

                // Set the resource servers the access token should be issued for.
               // ticket.SetResources("resource_server");

                context.Validate(ticket);
            }
        }
    }


}

我做错了什么。我可以将它置于调试模式并逐步执行它,而不会出现任何错误,它只是在fiddler和postman中的500内部服务器错误。

1 个答案:

答案 0 :(得分:1)

以下是您可能会看到的例外情况:

  

System.InvalidOperationException:找不到唯一标识符来生成“子”声明:请务必添加“ClaimTypes.NameIdentifier”声明。

添加ClaimTypes.NameIdentifier声明,它应该有效。