Identity Server 3-令牌端点的已发布数据未读

时间:2018-11-20 08:42:10

标签: iis identityserver3 production

我生产的应用程序有一个奇怪的问题。

该应用程序是一个Asp.net 4.7.2 Webapi,受嵌入式Identity Server 3实例以及用于记录文档的swagger实例保护。

我只需要客户端身份验证,因此我选择client credential作为流程。

这些是应用程序的主要配置数据。

new Client {
    ClientName = "GDPR Logger Client",
    Enabled = true,
    ClientId = "gdpr_logger",
    Flow = Flows.ClientCredentials,
    AccessTokenType = AccessTokenType.Reference,
    ClientSecrets = new List<Secret> {
        new Secret("secret".Sha256())
    },
    AllowedScopes = new List<string> {
        "write"
    },
    AccessTokenLifetime = 30
}

app.Map("/auth", auth => {
    var options = new IdentityServerOptions {
        SiteName = "GDPR LOGGER Authentication Server",
        SigningCertificate = LoadCertificate(),
        RequireSsl = true,
        Factory = new IdentityServerServiceFactory()
            .UseInMemoryUsers(new List<InMemoryUser>())
            .UseInMemoryClients(Clients.Get())
            .UseInMemoryScopes(Scopes.Get());
    };
    auth.UseIdentityServer(options);
});

private static X509Certificate2 LoadCertificate() {
    certificateFilePath = HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["RelativeCertPath"]);
    X509Certificate2 cert = new X509Certificate2();
    cert.Import(certificateFilePath, "GDPRLoggerCert",           X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
    return cert;}

在我的本地计算机上,一切正常,但是一旦我将其放在服务器上,Identity Server就会停止工作。

当我尝试获取客户端的访问令牌(使用client_credentials流)时,当我invalid_clientPOST的所有数据作为https://{my-server}/auth/connect/token时,Identity Server会用application/x-www-form-urlencoded响应我请求grant_type=client_credentials&client_id=gdpr_logger&client_secret=secret&scope=write中的内容。

2018-11-20 09:14:20,035 [244] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - Start token request
2018-11-20 09:14:20,066 [244] DEBUG IdentityServer3.Core.Validation.ClientSecretValidator - Start client validation
2018-11-20 09:14:20,066 [244] DEBUG IdentityServer3.Core.Validation.BasicAuthenticationSecretParser - Start parsing Basic Authentication secret
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.PostBodySecretParser - Start parsing for secret in post body
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.PostBodySecretParser - No secret in post body found
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.X509CertificateSecretParser - Start parsing for X.509 certificate
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.X509CertificateSecretParser - client_id is not found in post body
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Validation.SecretParser - Parser found no secret
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Validation.ClientSecretValidator - No client secret found
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - End token request
2018-11-20 09:14:20,097 [244] INFO  IdentityServer3.Core.Results.TokenErrorResult - Returning error: invalid_client

如果我将client_idclient_secret指定为基本身份验证标头身份服务器,则以unsupported_grant_type答复我。

2018-11-20 09:08:36,113 [323] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - Start token request
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.ClientSecretValidator - Start client validation
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.BasicAuthenticationSecretParser - Start parsing Basic Authentication secret
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.SecretParser - Parser found secret: BasicAuthenticationSecretParser
2018-11-20 09:08:36,144 [323] INFO  IdentityServer3.Core.Validation.SecretParser - Secret id found: gdpr_logger
2018-11-20 09:08:36,160 [323] DEBUG IdentityServer3.Core.Validation.SecretValidator - Secret validator success: HashedSharedSecretValidator
2018-11-20 09:08:36,160 [323] INFO  IdentityServer3.Core.Validation.ClientSecretValidator - Client validation success
2018-11-20 09:08:36,176 [323] INFO  IdentityServer3.Core.Validation.TokenRequestValidator - Start token request validation
2018-11-20 09:08:36,363 [323] ERROR IdentityServer3.Core.Validation.TokenRequestValidator - Grant type is missing.
 {
  "ClientId": "gdpr_logger",
  "ClientName": "GDPR Logger Client",
  "Raw": {}
}
2018-11-20 09:08:36,363 [323] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - End token request
2018-11-20 09:08:36,379 [323] INFO  IdentityServer3.Core.Results.TokenErrorResult - Returning error: unsupported_grant_type

您可以在Raw的最后一个日志中看到,似乎没有从Identity Server中读取/拾取发布中的数据。

我不明白是什么问题。

1 个答案:

答案 0 :(得分:0)

我的服务器管理器解决了这个问题。

第二级域的ModSecurity(在Web应用程序防火墙内的Plesk中),因为在我的情况下,由于其规则再次阻止了发布数据。

禁用或编辑规则可以解决问题。

相关问题
最新问题