有人可以帮助我使用当前的配置来保护使用Identity Server 4的服务器,当前我正在使用IdentityServer4 2.3.0软件包。我发现当我使用有效令牌访问我的一个api时,它总是返回401 Unauthorized或302 Found。我对以下清单的评论显示了我的问题:
services
.AddAuthentication()
.AddOpenIdConnect(
"oidc",
"OpenID Connect",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, it hitted.
x.SignInScheme = "Cookies";
x.ClientId = "myclient;
x.SaveTokens = true;
x.GetClaimsFromUserInfoEndpoint = true;
x.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
})
.AddIdentityServerAuthentication(
"Bearer",
x =>
{
x.Authority = "https://localhost:44378"; // Try to set breakpoint here, not hitted.
x.ApiName = "api1";
x.ApiSecret = "apisecret";
x.RequireHttpsMetadata = true;
})
;
答案 0 :(得分:0)
以下是我如何使混合流工作的示例:
services
.AddAuthentication(
(options) =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(
(options) =>
{
options.AccessDeniedPath = new PathString("/home/accessdenied");
})
.AddOpenIdConnect(
"oidc",
(options) =>
{
options.SignInScheme = "Cookies";
options.Authority = applicationConfiguration.IdentityServerBaseUri;
options.RequireHttpsMetadata = false;
options.ClientId = "<id>";
options.ClientSecret = "<secret>";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("lithium-datalookup-vatnumber");
options.Scope.Add("offline_access");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("subscription");
});