我想要使用Identity Server 4进行授权的角度应用程序。因此,我使用ef创建了数据库,设法使用Identity登录,但我不断从Identity获取“用户未经过身份验证”服务器。我没有使用mvc作为Identity Server的所有示例,所以我想要授权的角度应用程序。我的设置如下:
Config.cs:
public class Config
{
private readonly IOptions<IdentityServerOption> _options;
public Config(IOptions<IdentityServerOption> options)
{
_options = options;
}
public IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myApi", "Login API")
};
}
public IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile()
};
}
public IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "webClient",
ClientName = "Web Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedCorsOrigins = new List<string>
{
"http://localhost:4200"
},
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"myApi"
},
RedirectUris = new List<string>
{
"http://localhost:4200/home/"
},
AllowAccessTokensViaBrowser = true
}
};
}
}
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// database setup works fine, didn't show it
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<MyDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredUniqueChars = 6;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;
// User settings
options.User.RequireUniqueEmail = true;
});
services.AddOptions();
services.AddIdentityServer(o =>
{
o.IssuerUri = "http://localhost:5000";
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>().AddResourceOwnerValidator<CustomResourceOwnerPasswordValidator<ApplicationUser>>();
services.AddCors(options =>
{
// define policy that allows calling through this app
options.AddPolicy("default", policy =>
{
policy.WithOrigins(isOptions.AllowedCorsOrigins)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.ApiName = "myApi";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseIdentityServer();
app.UseCors("default");
app.UseMvc();
}
我显然缺少一些东西,有人可以帮忙吗?
更新:
这是我在控制台中得到的:
info:Microsoft.AspNetCore.Hosting.Internal.WebHost [1] 请求启动HTTP / 1.1 GET http://localhost:5000/connect/authorize?client_id=webClient&redirect_uri=http%3A%2F%2Flocalhost%3A4300%2Fhrapps%2F&response_type=id_token%20token&scope=profile%20openid%20hrApi&nonce=N0.31465047010288671529050394126&state=15290500220560.42473005339627434 info:IdentityServer4.Hosting.IdentityServerMiddleware [0] 调用IdentityServer端点:IdentityServer4.Endpoints.AuthorizeEndpoint用于/ connect / authorize info:IdentityServer4.Endpoints.AuthorizeEndpoint [0] ValidatedAuthorizeRequest { “ClientId”:“webClient”, “ClientName”:“Web客户端”, “RedirectUri”:“http://localhost:4200/home”, “AllowedRedirectUris”:[ “http://localhost:4200/home” ] “SubjectId”:“匿名”, “ResponseType”:“id_token token”, “ResponseMode”:“片段”, “GrantType”:“隐含”, “RequestedScopes”:“profile openid myApi”, “州”:“15290500220560.42473005339627434”, “Nonce”:“N0.31465047010288671529050394126”, “生的”: { “client_id”:“webClient”, “redirect_uri”:“http://localhost:4200/home”, “response_type”:“id_token令牌”, “范围”:“profile openid myApi”, “nonce”:“N0.31465047010288671529050394126”, “州”:“15290500220560.42473005339627434” } } info:IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator [0] 显示登录:用户未经过身份验证 info:Microsoft.AspNetCore.Hosting.Internal.WebHost [2] 要求在175.2379ms 302完成 info:Microsoft.AspNetCore.Hosting.Internal.WebHost [1] 请求启动HTTP / 1.1 GET http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DwebClient%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%252Fhome%252F%26response_type%3Did_token%2520token%26scope%3Dprofile%2520openid%2520myApi%26nonce%3DN0.31465047010288671529050394126%26state%3D15290500220560.42473005339627434