我正在使用Visual Studio 2015并启动IdentityServer3。从尽可能多的阅读,这个版本需要Katana和Owin 1.0。然而,一些MS库和nuGet工具引入了重大变化。
我目前还没准备好深入研究.Net Code或IdentityServer4。但是,按照Scott Brady的工作说明,我无法让IdentityServer3在我的MVC应用程序中运行。 TokenValidationParameters有一个重大变化。
我该怎么办?我的一个包裹是否需要降级?
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Antlr" version="3.5.0.2" targetFramework="net452" />
<package id="bootstrap" version="3.3.7" targetFramework="net452" />
<package id="jQuery" version="3.1.1" targetFramework="net452" />
<package id="jQuery.Validation" version="1.16.0" targetFramework="net452" />
<package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net452" />
<package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net452" />
<package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net452" />
<package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net452" />
<package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.3" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Logging" version="1.1.3" targetFramework="net452" />
<package id="Microsoft.IdentityModel.Tokens" version="5.1.3" targetFramework="net452" />
<package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net452" />
<package id="Microsoft.Net.Compilers" version="1.3.2" targetFramework="net452" developmentDependency="true" />
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net452" />
<package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net452" />
<package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net452" />
<package id="Microsoft.Owin.Security.Cookies" version="3.0.1" targetFramework="net452" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net452" />
<package id="Modernizr" version="2.8.3" targetFramework="net452" />
<package id="Newtonsoft.Json" version="9.0.1" targetFramework="net452" />
<package id="Owin" version="1.0" targetFramework="net452" />
<package id="Respond" version="1.4.2" targetFramework="net452" />
<package id="System.IdentityModel.Tokens.Jwt" version="5.1.3" targetFramework="net452" />
<package id="WebGrease" version="1.6.0" targetFramework="net452" />
</packages>
受影响的代码:
private async Task<IEnumerable<Claim>> ValidateIdentityTokenAsync(string token, string state)
{
const string certString = "MIIDBTCCAfGgAwIBAgIQNQb+T2ncIrNA6cKvUA1GWTAJBgUrDgMCHQUAMBIxEDAOBgNVBAMTB0RldlJvb3QwHhcNMTAwMTIwMjIwMDAwWhcNMjAwMTIwMjIwMDAwWjAVMRMwEQYDVQQDEwppZHNydjN0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnTksBdxOiOlsmRNd+mMS2M3o1IDpK4uAr0T4/YqO3zYHAGAWTwsq4ms+NWynqY5HaB4EThNxuq2GWC5JKpO1YirOrwS97B5x9LJyHXPsdJcSikEI9BxOkl6WLQ0UzPxHdYTLpR4/O+0ILAlXw8NU4+jB4AP8Sn9YGYJ5w0fLw5YmWioXeWvocz1wHrZdJPxS8XnqHXwMUozVzQj+x6daOv5FmrHU1r9/bbp0a1GLv4BbTtSh4kMyz1hXylho0EvPg5p9YIKStbNAW9eNWvv5R8HN7PPei21AsUqxekK0oW9jnEdHewckToX7x5zULWKwwZIksll0XnVczVgy7fCFwIDAQABo1wwWjATBgNVHSUEDDAKBggrBgEFBQcDATBDBgNVHQEEPDA6gBDSFgDaV+Q2d2191r6A38tBoRQwEjEQMA4GA1UEAxMHRGV2Um9vdIIQLFk7exPNg41NRNaeNu0I9jAJBgUrDgMCHQUAA4IBAQBUnMSZxY5xosMEW6Mz4WEAjNoNv2QvqNmk23RMZGMgr516ROeWS5D3RlTNyU8FkstNCC4maDM3E0Bi4bbzW3AwrpbluqtcyMN3Pivqdxx+zKWKiORJqqLIvN8CT1fVPxxXb/e9GOdaR8eXSmB0PgNUhM4IjgNkwBbvWC9F/lzvwjlQgciR7d4GfXPYsE1vf8tmdQaY8/PtdAkExmbrb9MihdggSoGXlELrPA91Yce+fiRcKY3rQlNWVd4DOoJ/cPXsXwry8pWjNCo5JD8Q+RQ5yZEy7YPoifwemLhTdsBz3hlZr28oCGJ3kbnpW0xGvQb3VHSTVVbeei0CfXoW6iz1";
var cert = new X509Certificate2(Convert.FromBase64String(certString));
var result = await this.Request
.GetOwinContext()
.Authentication
.AuthenticateAsync("TempCookie");
if (result == null)
{
throw new InvalidOperationException("No temp cookie");
}
if (state != result.Identity.FindFirst("state").Value)
{
throw new InvalidOperationException("invalid state");
}
var parameters = new TokenValidationParameters
{
ValidAudience = "implicitclient",
ValidIssuer = IdServBaseUri,
IssuerSigningKeys = new X509SecurityToken(cert)
};
var handler = new JwtSecurityTokenHandler();
Microsoft.IdentityModel.Tokens.SecurityToken jwt;
var id = handler.ValidateToken(token, parameters, out jwt);
if (id.FindFirst("nonce").Value != result.Identity.FindFirst("nonce").Value)
{
throw new InvalidOperationException("Invalid nonce");
}
this.Request.GetOwinContext().Authentication.SignOut("TempCookie");
return id.Claims;
}
答案 0 :(得分:0)
需要一些挖掘和实验。这是要点。