asp.net mvc从identityserver4登录时发生invalid_request错误

时间:2017-12-05 03:33:19

标签: asp.net-mvc-4 asp.net-core identityserver4

今天我使用identityserver4的演示构建一个验证服务器,我可以使用asp.net核心客户端和openid登录客户端。

但我无法使用openid登录我的asp.net mvc5客户端,提示错误是:invalid_request,

这是我的identityserver4配置代码与getclient()

// clients want to access resources (aka scopes)
    public static IEnumerable<Client> GetClients()
    {
        // client credentials client
        return new List<Client>
        {
            // OpenID Connect hybrid flow and client credentials client (MVC)
            new Client
            {
                ClientId = "mvc",
                ClientName = "MVC Client",
                AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                RequireConsent = true,

                ClientSecrets = 
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "http://localhost:5002/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api1"
                },
                AllowOfflineAccess = true
            }
        };
    }
}

以下代码是我的asp.net mvc5 clent ConfigureAuth(),因为idenetiyServer4定义的ClientSecrets是“secret”.Sha256(),所以在这个mvc客户端,我设置了ClientSecret = GetSHA256HashFromString(“secret”) ,我创建prSate方法GetSHA256HashFromString()将字符串转换为sha256。

这是我的代码:

public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "oidc",
            SignInAsAuthenticationType = "Cookies",
            Authority = "http://localhost:5000", //ID Server SSO Server
            ClientId = "mvc",
            ClientSecret = GetSHA256HashFromString("secret"),
            ResponseType = "code id_token",
            RedirectUri = "http://localhost:5002/signin-oidc", //URL of Client website
            PostLogoutRedirectUri = "http://localhost:5002/signout-callback-oidc", //URL of Client website
            Scope = "api1",
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,



            RequireHttpsMetadata = false,

        });

然后按f5运行mvc客户端,按下登录按钮,浏览器可以跳转到localhost:5000,但是它给我一个错误:

  

抱歉,出现错误:invalid_request,其他错误信息如下:   请求ID:0HL9RHBTJIT3T:00000003 **

非常感谢。

1 个答案:

答案 0 :(得分:1)

ClientSecret的值应为实际密码值,而不是哈希值。

当您使用持久数据存储时,秘密会以哈希的形式存储,以防止攻击者在您的存储受到威胁时获取客户端的密码。

在您的情况下,秘密值是“秘密”。所以代码将是 ClientSecret =“秘密”

相关问题
最新问题