我是Dot net core 2的新手,并且实现了MVC客户端& IdentityServer4。
在获取外部用户访问令牌时遇到两个问题。
问题1
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
//options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
添加以下代码行
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
用户在 ExternalLoginCallback
中成功验证后无法登录问题2
如果我删除了上面一行代码,则用户可以登录await HttpContext.GetTokenAsync("access_token")
返回null。
以下是startup.cs的完整代码
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
//options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = Configuration["Authentication:Google:ClientId"];
googleOptions.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
googleOptions.SaveTokens = true;
})
.AddOpenIdConnect(options =>
{
options.Authority = "http://localhost:xxx/";
options.RequireHttpsMetadata = false;
options.ClientId = "xxx";
options.ClientSecret = "xxx";
options.ResponseType = "code id_token";
options.Scope.Add("xxxx");
options.Scope.Add("email");
options.Scope.Add("offline_access");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvcWithDefaultRoute();
}
任何形式的帮助都将受到赞赏。
答案 0 :(得分:0)
这是从我连接到Identity Server 4的mvc Web应用程序启动。注意.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
Setup.cs
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
//options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\temp-keys\"));
// when the identity has been created from the data we receive,
// persist it with this authentication scheme, hence in a cookie
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// Identity server endpoint
options.Authority = settingsSetup.IdentityServerEndpoint;
// Turns off HTTPS requirement becouse i CBA to set up visual studio.
options.RequireHttpsMetadata = false;
// Client id to login with
options.ClientId = settingsSetup.ClientId;
// Client secret.
options.ClientSecret = settingsSetup.Secret;
// Scope of our API
options.Scope.Add("testapi");
options.Scope.Add("devconsole");
// adding offline_access to get a refresh token
options.Scope.Add("offline_access");
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
});
services.AddAuthorization();
从你的控制器你应该能够以这种方式获得价值。
var accessToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.AccessToken);
var refreshToken = await HttpContext.GetTokenAsync(IdentityConstants.HttpContextHeaders.RefreshToken);
var idToken = await HttpContext.GetTokenAsync(OpenIdConnectParameterNames.IdToken);