在我的身份服务器应用程序中使用idsv4并在端口" 5000"上运行有一个客户
new Client
{
ClientId = "client",
// no interactive user, use the clientid/secret for authentication
AllowedGrantTypes = GrantTypes.ClientCredentials,
// secret for authentication
ClientSecrets =
{
new Secret("secret".Sha256())
},
// scopes that client has access to
AllowedScopes = { "api1" }
}`
在我的.Net Framework Api的启动类中使用端口号" 7001" :
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:5000",
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { "api1" }
});`
最后在我的客户端成功捕获令牌:
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:5000/connect/token",
"client",
"secret");
return client.RequestClientCredentialsAsync("api1").Result;
}`
但是当我用这个标记来调用api时:
static void CallApi(TokenResponse response)
{
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
Console.WriteLine(client.GetStringAsync("http://localhost:7001/api/identity/get").Result);
}
客户端抛出异常:
响应状态代码不表示成功:401(未授权)。 我已经在核心api中完成了所有这些,并且每件事都没问题!
答案 0 :(得分:1)
切换到X509证书而不是样本附带的证书后,一切正常。
摆脱.AddDeveloperSigningCredential()并使用.AddSigningCredential(GET_THE_CERT_FROM_YOUR_CERT_STORE)