我有一个门户网站,该门户网站将使用IdentityServer3对用户进行身份验证。用户可以在Chrome中正常登录,但是尝试从Internet Explorer(Edge)登录时会收到Bad Request 400-invalid_client。我需要添加一个设置才能使其与IE一起使用吗?
身份服务器设置:
var wIdentityServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
var wDefaultCorsPolicyService = new DefaultCorsPolicyService
{
AllowAll = true
};
wIdentityServerServiceFactory.CorsPolicyService = new Registration<ICorsPolicyService>(wDefaultCorsPolicyService);
var wLocalUserService = new CorporateUserService();
wIdentityServerServiceFactory.UserService = new Registration<IUserService>(resolver => wLocalUserService);
var wIdentityServerOptions = new IdentityServerOptions
{
SiteName = "Cae Security",
SigningCertificate = Certificate.Get(),
Factory = wIdentityServerServiceFactory,
PluginConfiguration = ConfigurePlugins,
EnableWelcomePage = false
};
appBuilder.UseIdentityServer(wIdentityServerOptions);
身份服务器客户端设置:
public static IEnumerable<Client> Get()
{
return new List<Client>
{
new Client
{
ClientName = "Client Name",
ClientId = "clientId",
Enabled = true,
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
Flow = Flows.ResourceOwner,
AllowedScopes = new List<string>
{
"sample.com",
},
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600,
AbsoluteRefreshTokenLifetime = 86400,
SlidingRefreshTokenLifetime = 43200,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
RefreshTokenExpiration = TokenExpiration.Sliding,
},
};
}
答案 0 :(得分:0)
我已启用日志记录并下载了IdentityServer3源代码以调试此问题。
结果表明,如果不需要客户端证书验证,则可以设置SecretParsers。一旦我将以下内容添加到IdentityServerServiceFactory()
,问题就消失了 var wIdentityServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
wIdentityServerServiceFactory.SecretParsers = new List<Registration<ISecretParser>>
{
new Registration<ISecretParser, PostBodySecretParser>()
};