部署后，identityserver3会出错。客户端应用程序未知或未经授权

Question

我是IdentityServer3的新手。

当我在我的localhost上实现IdentityServer3时 - 一切运行良好，但在我将其部署到IIS并转到授权页面后，它显示错误。 错误的文本是：客户端应用程序未知或未经授权。 但是clientId是正确配置的。

这是我的客户代码：

    new Client
            {
                Enabled = true,
                ClientName = "sth",
                ClientId = "mfc",
                Flow = Flows.Implicit,
                RequireConsent = false,
                AllowRememberConsent = true,
                RedirectUris = new List<string>
                {
                    System.Configuration.ConfigurationManager.AppSettings["sth"]
                },
                 PostLogoutRedirectUris = new List<string>
                {
                    System.Configuration.ConfigurationManager.AppSettings["sth"]
                },
                IdentityTokenLifetime = 360,
                AccessTokenLifetime = 3600,
                AllowedScopes = new List<string>() { "openid", "profile" , "roles", "WebAPI" }
            }

我的客户端项目的启动类是：

        public void Configuration(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Authority =ConfigurationManager.AppSettings["Authority"],
            ClientId = "mfc",

            //In the Scope we ask what to include
            Scope = "openid profile roles WebAPI",
            RedirectUri = ConfigurationManager.AppSettings["RedirectUri"],
            ResponseType = "id_token token",
            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = n =>
                {
                    var id = n.AuthenticationTicket.Identity;
                    var sub = id.FindFirst(IdentityServer3.Core.Constants.ClaimTypes.Subject);
                    var roles = id.FindAll(IdentityServer3.Core.Constants.ClaimTypes.Role);

                    // create new identity and set name and role claim type
                    var nid = new ClaimsIdentity(id.AuthenticationType,
                            IdentityServer3.Core.Constants.ClaimTypes.Name, IdentityServer3.Core.Constants.ClaimTypes.Role);

                    nid.AddClaim(sub);
                    nid.AddClaims(roles);


                    // keep the id_token for logout
                    nid.AddClaim(new System.Security.Claims.Claim("id_token", n.ProtocolMessage.IdToken));

                    nid.AddClaim(new System.Security.Claims.Claim("access_token", n.ProtocolMessage.AccessToken));

                    n.AuthenticationTicket = new AuthenticationTicket(nid, n.AuthenticationTicket.Properties);

                    return Task.FromResult(0);
                },
                RedirectToIdentityProvider = n =>
                {
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                        if (idTokenHint != null)
                        {
                            n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                        }
                    }

                    return Task.FromResult(0);
                }
            }
        });

        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityServer3.Core.Constants.ClaimTypes.Subject;
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        // ConfigureAuth(app);
    }

请帮帮我。谢谢！