您好:
我看到样本中缺少asp.net Web表单客户端。我有身份服务器设置与asp.net身份和客户端和范围与实体框架保存在数据库中。我在asp.net核心中有api,在核心中有一个mvc应用程序从身份服务器获取令牌。它适用于这些配置:
var oidcOptions = new OpenIdConnectOptions()
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
ClientId = "mvcClient",
ClientSecret = "secret",
//GetClaimsFromUserInfoEndpoint = true,
ResponseType = "code id_token", // hybrid flow
//RemoteSignOutPath = "/Account/LogOff"
//Scope = { "NamfusAPI", "offline_access" },
SaveTokens = true
};
oidcOptions.Scope.Clear();
oidcOptions.Scope.Add("openid");
oidcOptions.Scope.Add("profile");
oidcOptions.Scope.Add("NamfusAPI");
oidcOptions.Scope.Add("offline_access");
app.UseOpenIdConnectAuthentication(oidcOptions);
但是当我尝试使用此配置的asp.net web表单(在.net 4.6.1中开发)时:
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
//LoginPath = new PathString(ConstansValues.BaseAddress + @"permissions/")
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "mvcClient",
ClientSecret = "secret",
Authority = "http://localhost:5000",
RedirectUri = "http://localhost:5969",
PostLogoutRedirectUri = "http://localhost:5969",
ResponseType = "code id_token",
Scope = "openid profile NamfusAPI offline_access",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
var token = n.ProtocolMessage.AccessToken;
// persist access token in cookie
if (!string.IsNullOrEmpty(token))
{
n.AuthenticationTicket.Identity.AddClaim(
new Claim("access_token", token));
}
var nid = new ClaimsIdentity();
nid.AddClaim(new Claim(@"id_token", n.ProtocolMessage.IdToken));
},
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
return Task.FromResult(0);
}
},
});
}
并且此页面加载:
protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
HttpContext.Current.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties
{
RedirectUri = "http://localhost:5000"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
它总是说请求未经过身份验证。
IS中的客户端是这样的:
new Client()
{
ClientId = "mvcClient",
ClientName = "MVC Client",
//AllowedGrantTypes = GrantTypes.Implicit,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List<Secret>()
{
new Secret("secret".Sha256())
},
// RequireConsent = false,
// where to redirect to after login
RedirectUris = { "http://localhost:5002/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:5002" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
StandardScopes.Roles.Name,
"NamfusAPI"
}
和这样的范围:
return new List()
{
StandardScopes.OpenId, // subject id
StandardScopes.Profile, // first name, last name
StandardScopes.OfflineAccess, // requesting refresh tokens for long lived API access
new Scope()
{
Name = "NamfusAPI",
Description = "Namfus API",
Type = ScopeType.Resource,
IncludeAllClaimsForUser = true,
Claims = new List()
{
new ScopeClaim(ClaimTypes.Name),
new ScopeClaim(ClaimTypes.Role)
}
}
};
请建议如何执行此操作。感谢