无效的受众群体令牌验证

时间:2018-06-05 19:46:02

标签: c# authentication asp.net-core asp.net-identity identityserver4

我有一个标记绑定到标头中的每个请求。我希望能够检索该令牌并使用我所拥有的证书中的公钥对其进行验证。我正在尝试使用asp.net核心通过身份服务器4使用我的公钥验证我的端点。我收到此错误 - >

  

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException:IDX10214:受众验证失败。观众:'[PII默认隐藏。将IdentityModelEventSource.cs中的'ShowPII'标志设置为true以显示它。]'。不匹配:validationParameters.ValidAudience:'[PII默认隐藏。将IdentityModelEventSource.cs中的'ShowPII'标志设置为true以显示它。]'或validationParameters.ValidAudiences:'[PII默认隐藏。将IdentityModelEventSource.cs中的'ShowPII'标志设置为true以显示它。]'。

Startup.cs 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.AspNetCore.Mvc.Formatters;
using Microsoft.AspNetCore.Mvc.Infrastructure;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Newtonsoft.Json;
using Swashbuckle.AspNetCore.Swagger;

namespace Reveal.IDP.ClientAPI
{
    public class Startup
    {
        public static IConfigurationRoot Configuration;
        public static string ConnectionString;

        public static string Uri;

        public Startup(IHostingEnvironment env)
        {
            var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: true)
                .AddEnvironmentVariables();

            Configuration = builder.Build();

            ConnectionString = Configuration["connectionStrings:revealUserDBConnectionString"];
            Uri = Configuration["uri"];
        }
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            var connectionString = ConnectionString;


            services.AddMvcCore()
                .AddAuthorization()
                .AddJsonFormatters();

            services.AddAuthentication("Bearer")
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = "http://localhost:5000";
                    options.RequireHttpsMetadata = false;
                    options.ApiName = "client";
                });



            // Service DI
            services.AddScoped<IUserService, UserService>();

            // Repository DI
            services.AddScoped<IUserRepository, UserRepository>();

            services.AddCors(options =>
            {
                options.AddPolicy("AllowCors", builder => builder.AllowAnyOrigin()
                                                                 .AllowAnyMethod()
                                                                 .AllowAnyHeader()
                                                                 .WithExposedHeaders("x-pagination")
                                                                 .AllowCredentials());
            });

            services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();

            services.AddMvc(config =>
            {
                config.RespectBrowserAcceptHeader = true;
                config.ReturnHttpNotAcceptable = true;
                config.OutputFormatters.Add(new XmlDataContractSerializerOutputFormatter());
            })
                .AddJsonOptions(opt =>
                {
                    opt.SerializerSettings.DateFormatHandling = DateFormatHandling.IsoDateFormat;
                    opt.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Utc;
                });


        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app,
            IHostingEnvironment env,
            ILoggerFactory loggerFactory,
            IApplicationLifetime appLifetime)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            app.UseAuthentication();

            app.UseMiddleware(typeof(ErrorHandlingMiddleware));

            app.UseCors("AllowCors");

            app.UseStaticFiles();

            app.UseMvcWithDefaultRoute();

            app.UseSwagger();

            app.UseSwaggerUI(c =>
            {
                string basePath = Environment.GetEnvironmentVariable("ASPNETCORE_APPL_PATH");
                if (basePath == null) basePath = "/";
                if (basePath == "/") basePath = "";
                c.SwaggerEndpoint($"{basePath}/swagger/v1/swagger.json", "API");
            });
            app.UseMvcWithDefaultRoute();

        }


    }
}

1 个答案:

答案 0 :(得分:0)

通过设置以下标志,[PII is Hidden]字符串将被替换为实际错误。

实际错误可能很简单,因为密钥长度不够长,但其他所有代码均已正确编码。

在将代码发布到生产环境之前,请记住在工作时删除该标志! PII代表个人身份信息。其他相关的安全领域是PCI(信用卡)和PHI(健康)。 

IdentityModelEventSource.ShowPII = true;
相关问题
最新问题