无法使Microsoft.Owin与Identity Server 4连接

时间:2018-12-17 15:28:33

标签: oauth-2.0 identityserver4 openid-connect

我有一个MVC5 ASP.Net Web应用程序,我想通过IdentityServer4使用OAuth2 OpenId Connect。 所以我在Web项目中的启动文件是;

using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using SIR.API.Caller.Helpers;

namespace SIR.API.Caller
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = Settings.SignInAsAuthenticationType    // "Cookies";
            });

            app.UseOpenIdConnectAuthentication(openIdConnectOptions: new OpenIdConnectAuthenticationOptions
            {
                Authority = Settings.AuthorityUrl,      //ID Server,  "https://localhost:44314/";
                ClientId = Settings.ClientId,           // "SIR"
                Scope = Settings.Scope,                 // "openid profile";
                ResponseType = Settings.ResponseType,   // "id_token code";
                SignInAsAuthenticationType = Settings.SignInAsAuthenticationType,
                                                        // "Cookies";
                RedirectUri = Settings.RedirectUri,     //URL of website, http://localhost:53200/signin-oidc;
                RequireHttpsMetadata = Settings.RequireHttpsMetadata
                                                        // true
            });

            app.Use(async (ctx, next) =>
            {
                var message = ctx.Authentication.User.Identity.IsAuthenticated
                    ? $"User: {ctx.Authentication.User.Identity.Name}"
                    : "User Not Authenticated";
                //log.Info(message);
                await next();
            });
        }
    }
}

在Indentity Server 4代码中,启动为;

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Mulalley.OAuth2.Configuration;
using Mulalley.OAuth2.Helpers;
using System.Linq;
using System.Security.Cryptography.X509Certificates;

namespace Mulalley.OAuth2
{
    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();
            services.AddIdentityServer()
                .AddSigningCredential(new X509Certificate2(Settings.CertPath, Settings.Password))
                .AddTestUsers(InMemoryConfiguration.Users().ToList())
                .AddInMemoryClients(InMemoryConfiguration.Clients())
                .AddInMemoryIdentityResources(InMemoryConfiguration.GetIdentityResources());

            services.Configure<IISOptions>(iis =>
            {
                iis.AuthenticationDisplayName = "Windows";
                iis.AutomaticAuthentication = false;
            });
            services.AddAuthentication("Bearer")
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = Settings.AuthorityUrl;
                    options.ApiName = Settings.ApiName;
                    options.RequireHttpsMetadata = false;
                });

            services.AddAuthorization(options =>
            {
                options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
                    .RequireAuthenticatedUser()
                    .Build();
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole();
            loggerFactory.AddDebug();
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseMiddleware<StackifyMiddleware.RequestTracerMiddleware>();
            app.UseIdentityServer();
            app.UseAuthentication();
            app.UseStaticFiles();
            app.UseMvcWithDefaultRoute();
        }
    }
}

使用哪个

using System.Collections.Generic;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;

namespace Mulalley.OAuth2.Configuration
{
    public class InMemoryConfiguration
    {
        public static IEnumerable<ApiResource> ApiResources()
        {
            return new[]
            {
                new ApiResource("SIR", "Service Inspection Report")
            };
        }

        public static IEnumerable<Client> Clients()
        {
            return new[]
            {
                new Client
                {
                    ClientId = "SIR",
                    ClientName = "SIR",
                    AllowedGrantTypes = GrantTypes.Hybrid,
                    AllowedScopes = new[]
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile
                    },
                    RedirectUris = { "https://localhost:44314" }
        }
            };
        }

        public static IEnumerable<TestUser> Users()
        {
            return new[]
            {
                new TestUser
                {
                    SubjectId = "1",
                    Username = "slartibartfast",
                    Password = "password"
                }
            };
        }

        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile()
            };
        }
    }
}

我收到此错误:抱歉,出现错误:authorized_client 未知客户端或未启用客户端

有时我很抱歉,出现了一个错误:authorized_client 无效的redirect_uri

我该如何解决?

1 个答案:

答案 0 :(得分:2)

您收到无效的redirect_uri错误。可以通过更正IdentityServer上客户端的配置来解决此问题。

具体来说,您需要将应用程序的正确重定向uri添加到RedirectUris方法中的InMemoryConfiguration.Clients()集合中。

new Client
{
    ClientId = "SIR",
    ClientName = "SIR",
    AllowedGrantTypes = GrantTypes.Hybrid,
    AllowedScopes = new[]
    {
        IdentityServerConstants.StandardScopes.OpenId,
        IdentityServerConstants.StandardScopes.Profile
    },
    RedirectUris = { 
        "https://localhost:44314",
        "http://localhost:53200/signin-oidc"
    }