我正在配置一个asp.net mvc app(或依赖方)来使用thinktecture身份服务器。 Identity Server已在本地启动并运行,我可以从其端点检索元数据。
以下是用于注册中间件的代码:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions("localIdp")
{
AuthenticationType = "localIdp",
ClientId = "Welfare4Partners",
MetadataAddress = "https://localhost:44333/core/.well-known/openid-configuration",
//Configuration = new OpenIdConnectConfiguration
//{
// AuthorizationEndpoint = "https://localhost:44333/core/connect/authorize",
// JwksUri = "https://localhost:44333/core/.well-known/jwks",
// TokenEndpoint = "https://localhost:44333/core/connect/token",
// UserInfoEndpoint = "https://localhost:44333/core/connect/userinfo",
// Issuer = "https://localhost:44333/core",
// EndSessionEndpoint = "https://localhost:44333/core/connect/endsession",
//},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = (context) =>
{
return Task.FromResult(context);
},
SecurityTokenReceived = (context) =>
{
return Task.FromResult(context);
},
SecurityTokenValidated = (context) =>
{
return Task.FromResult(context);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.OwinContext.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType, context.Options.AuthenticationType);
context.SkipToNextMiddleware();
return Task.FromResult(context);
},
MessageReceived = (context) =>
{
return Task.FromResult(context);
},
RedirectToIdentityProvider = (context) =>
{
return Task.FromResult(context);
}
},
Authority = "https://localhost:44333",
RedirectUri = AppSettings.PostLoginRedirectUri,
ResponseType = OpenIdConnectResponseTypes.IdToken,
Scope = "openid",
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
正如您所看到的,一旦我设置了MetadataAddress支持,我就评论了Configuration属性。
我在Action中使用以下代码行调用中间件:
var authProperties = new AuthenticationProperties { RedirectUri = AppSettings.PostLoginRedirectUri, IsPersistent = false, };
OwinContext.Authentication.Challenge(authProperties, authenticationType);
我已经验证了authenticationType的值,它包含" localIdp"。在致电挑战后没有任何反应。奇怪的是,如果我评论metadataAddress并取消注释Configuration属性,则会调用中间件。
有没有办法调试OWIN请求以检查代码中的错误?
元数据如下:
{
"issuer": "https://localhost:44333/core",
"jwks_uri": "https://localhost:44333/core/.well-known/jwks",
"authorization_endpoint": "https://localhost:44333/core/connect/authorize",
"token_endpoint": "https://localhost:44333/core/connect/token",
"userinfo_endpoint": "https://localhost:44333/core/connect/userinfo",
"end_session_endpoint": "https://localhost:44333/core/connect/endsession",
"check_session_iframe": "https://localhost:44333/core/connect/checksession",
"revocation_endpoint": "https://localhost:44333/core/connect/revocation",
"introspection_endpoint": "https://localhost:44333/core/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"scopes_supported": ["openid", "profile", "email", "address", "roles", "all_claims", "offline_access", "read", "write"],
"claims_supported": ["sub", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "address", "role"],
"response_types_supported": ["code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported": ["authorization_code", "client_credentials", "password", "refresh_token", "implicit", "custom2", "custom"],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256"],
"code_challenge_methods_supported": ["plain", "S256"],
"token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"]
}