有人知道如何拥有MVC 4客户端应用程序以将identityserver4用作身份验证提供程序吗?
我尝试了Identityserver3的示例代码,但没有成功。根据请求[Authorize]的操作,它会重定向到Identityserver4(可能是登录端点)并给出未知错误。
据我所知,我无法同时使用Identity Manager4“ start-up.cs”和带有OWIN“ startup.cs”的MVC客户端来定义客户端。
我的IdentityServer4应用中的代码-MVC 4客户端定义
// OpenID Connect hybrid flow and client credentials client (MVC)
new Client
{
ClientId = "mvc4",
ClientName = "MVC 4 Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = false,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:53173/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:53173/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
还有我的MVC 4应用程序“ Startup.cs”中的代码
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "http://localhost:5000/",
RequireHttpsMetadata = false,
ClientId = "mvc4",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "openid profile api1 offline_access",
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies",
});
}
我将MVC 4客户端的Startup.cs更改为:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
RedirectUri = "http://localhost:53173/signin-oidc",
ClientId = "mvc4",
ClientSecret = "secret",
ResponseType = "code id_token"
});
它现在显示一个登录页面,登录用户,然后IdentityServer进入永无止境的循环:
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
RedirectUri = "http://localhost:53173/signin-oidc",
ClientId = "mvc4",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "openid profile api1 offline_access",
AuthenticationMode = AuthenticationMode.Active
});
}
根据建议添加了作用域,但仍然存在一个循环;该请求在MVC4客户端和IdentityServer4之间摆动。
已解决-检查我的答案。
答案 0 :(得分:1)
我终于开始工作了。
首先,OWIN中存在一个错误(Katana错误#197),使其可以“笨拙地”处理令牌。因此,解决方法是Kentor的nuget软件包Kentor.OwinCookieSaver。一个需要在MVC4客户端上安装。
此后,如下修改客户端配置:-
Creator[]按如下所示在MVC4客户端上修改“ Startup.cs”的配置
new Client
{
ClientId = "mvc4",
ClientName = "MVC 4 Web Client",
AllowedGrantTypes = {
GrantType.Hybrid,
GrantType.ClientCredentials
},
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:53173/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:53173/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
重建解决方案>>清洁并运行。现在,您可以将IdentityServer4 oidc用于MVC4客户端。
答案 1 :(得分:0)
我建议您检查所有URL,并确保它们完全相同,并且在Identity或Client配置中没有任何多余的内容。
还有一件事,我看不到“更新2”中的作用域。