我正在尝试使用identityserver3作为授权服务从控制台应用程序设置授权到WebAPI端点。这不是自托管API,它将面向公众。我已经尝试按照身份服务器上的文档进行操作,并且我运行了API并且IdentityServer独立运行。我遇到问题的方法是获取api路由以检查授权并从身份服务器请求/接收访问令牌。
在身份服务器中,我将startup.cs文件定义为:
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
var corsPolicyService = new DefaultCorsPolicyService()
{
AllowAll = true
};
var defaultViewServiceOptions = new DefaultViewServiceOptions();
defaultViewServiceOptions.CacheViews = false;
var idServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
idServerServiceFactory.CorsPolicyService = new
Registration<IdentityServer3.Core.Services.ICorsPolicyService>(corsPolicyService);
idServerServiceFactory.ConfigureDefaultViewService(defaultViewServiceOptions);
var options = new IdentityServerOptions
{
Factory = idServerServiceFactory,
SiteName = "Sumbission Security Token Service",
SigningCertificate = LoadCertificate(),
IssuerUri = "https://samplesubmission/identity",
PublicOrigin = "https://localhost:44306",
};
idsrvApp.UseIdentityServer(options);
});
}
X509Certificate2 LoadCertificate()
{
return new X509Certificate2(
string.Format(@"{0}\certificates\idsrv3test.pfx",
AppDomain.CurrentDomain.BaseDirectory), "idsrv3test");
}
在IdSrv的web.config中,我添加了
WebAPI包含以下内容
public class SampleController: ApiController
{
[Route("test")]
public IHttpActionResult Get()
{
var caller = User as ClaimsPrincipal;//grants access to claim from access token
Message msg = new Message
{
Msg = "Connction made with secure api" + DateTime.Now,
// Client = caller.FindFirst("client_id").Value
};
return Json(msg);
}
}
public class Message
{
public string Msg { get; set; }
public string Client { get; set; }
}
startup.cs
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44306/identity",
RequiredScopes = new[] { "vendorsubmission" },
});
}
}
在API中禁用OWIn我可以进行https://localhost:44307/test之类的调用并点击端点。
Console应用程序在program.cs中包含此内容
class Program
{
static void Main(string[] args)
{
var response = GetClientToken();
CallApi(response);
}
static void CallApi(TokenResponse response)
{
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
System.Console.WriteLine(client.GetStringAsync("http://localhost:44307/test").Result);
}
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:44306/identity/connect/token",
"samplecnsl", //client name
"F621F470-9731-4A25-80EF-67A6F7C5F4B8"); //secret
return client.RequestClientCredentialsAsync("vendorsubmission").Result;
}
}
当执行任务错误时(任务被取消)。我收到消息请求的资源不支持GET。我认为这将是一个cors问题,但我在身份服务器上启用了CORS,我甚至在web.config中添加了http协议:
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
是否有人可以提供有关如何让控制台应用程序从身份服务器检索令牌的一些指导?我觉得这是一个授权问题。我在Dev IISExpres中本地运行它,我目前正在使用身份服务器源提供的证书。
由于
答案 0 :(得分:2)
使用所谓的客户端凭据授权
https://tools.ietf.org/html/rfc6749#section-4.4
以下是使用identityserver3
的示例CORS与此方案无关,因为它仅适用于基于浏览器的客户端。因此,您的Web服务器可能存在一些问题。