我正在将Identity Server 4与Asp.net 4.5 MVC 4 Web应用程序集成。点击授权操作重定向到身份服务器登录页面后,但成功登录后,它不会再次进入客户端MVC应用程序。
我在身份服务器4中的客户端是
new Client { ClientId = "demo",
AllowedScopes = new List<string> { "openid"},
AllowedGrantTypes = GrantTypes.Hybrid,
RedirectUris = new List<string>{"http://localhost:51048/signin-oidc"},}
我的创业公司包含
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "http://localhost:5000", //ID Server
ClientId = "demo",
ResponseType = "id_token code",
SignInAsAuthenticationType = "Cookies",
RedirectUri = "http://localhost:51048/signin-oidc",
Scope = "openid",
});
答案 0 :(得分:1)
成功登录后,默认情况下,IdentityServer中间件尝试重定向到同意页面,在该页面中向用户通知“允许范围”。在此页面中显示了对客户mvc站点将具有访问权的声明:用户标识符,用户配置文件,电子邮件等。如果未进行设置,则在定义MVC客户端时可以设置:“ RequireConsent = false”。在这种情况下,IdentityServer将重定向回“ RedirectUris”,而不会显示同意页面。
示例:
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "mvc",
ClientName = "mvc Client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email
},
RequireConsent = false
}
};
}
我在IdentityServer4演示和快速入门中注意到的另一件事是,您需要以下NuGet软件包:对于客户端网站:IdentityModel,Microsoft.AspNetCore.All
对于IdentityServer身份验证应用程序:IdentityServer4,IdentityServer4.AccessTokenValidation,IdentityServer4.AspNetIdentity,Microsoft.AspNetCore.All
答案 1 :(得分:0)
将AuthenticationScheme和SigninScheme添加到UseOpenIdConnectAuthorization选项:
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies"
// other options omitted...
});
答案 2 :(得分:0)
对于我的情况,导致此错误的原因是添加自定义授权属性,在用户获得授权后打开会话以保存用户信息。
[CustomAuthorize]
public class SecureController
所以我的解决方案是不在AuthorizeCore函数上打开会话,而是在声明中添加所需的数据,如下所示
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = Settings.Default.AuthenticationOptionsClientId,
ClientSecret = Settings.Default.AuthenticationOptionsClientSecret,
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
AuthenticationType = Settings.Default.AuthenticationOptionsAuthenticationType,
Authority = Settings.Default.AuthenticationOptionsAuthority,
RedirectUri = Settings.Default.AuthenticationOptionsRedirectUri,
ResponseType = Settings.Default.AuthenticationOptionsResponseType,
UseTokenLifetime = Settings.Default.AuthenticationOptionsUseTokenLifetime,
AuthenticationMode = AuthenticationMode.Active,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async context =>
{
var claimsIdentity = new ClaimsIdentity(context.AuthenticationTicket.Identity.AuthenticationType);
claimsIdentity.AddClaim(new Claim("UserData", "User Data Content"));
context.AuthenticationTicket = new AuthenticationTicket(
claimsIdentity,
context.AuthenticationTicket.Properties);
}
}
});