我正在尝试通过vue.js客户端实现.net核心WebAPi + SignalR聊天服务器。
虽然我可以使用SignalR和IdentityServer4找到许多参考,但是我发现了这个有用的库dotnetify。 doetnetify作者介绍了如何使用ASOS http://dotnetify.net/core/api/security来实现安全页面。但是我坚持使用JwtsecurityTokenHandler进行验证。
我尝试用IdentityServer4替换使用ASOS实现的身份验证服务器部分,并复制了作者提供的所有自定义实现。但是,当Bearer令牌传递给我的聊天API时,使用我手动更改的tokenValidationParameters验证令牌时会发生异常。
我的项目设置如下。 具有以下API和客户端配置的IdentityServer4。
API配置:
return new List<ApiResource>
{
new ApiResource("api1", "API1" ),
new ApiResource("chatapi", "Chat API")
};
客户端配置:
return new List<Client>
{
new Client
{
ClientId = "client",
ClientName = "JavaScript Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
RedirectUris = { "http://localhost:8080/callback" },
PostLogoutRedirectUris = { "http://localhost:8080/login" },
AllowedCorsOrigins = { "http://localhost:8080" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api1",
"chatapi"
}
},
}
dotnetify作者提供的示例实现: statup.cs https://github.com/dsuryd/dotNetify/blob/master/DevApp/server/Startup.cs AddAuthenticationServer.cs https://github.com/dsuryd/dotNetify/blob/master/DevApp/server/AuthServer.cs
我删除了services.AddAuthenticationServer(),并替换为IdentityServer4的AddAuthentication(“ Bearer”),如下所示。
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https:/localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = "chatapi";
});
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:8080",
Configuration["ClientAddress"])
.AllowAnyHeader()
.AllowAnyMethod();
});
});
在“配置”上,我复制了示例,并如下修改了tokenValidationParameters。
app.UseWebSockets();
app.UseSignalR(routes => routes.MapDotNetifyHub());
app.UseDotNetify(config =>
{
var tokenValidationParameters = new TokenValidationParameters {
ValidateIssuer = true,
ValidIssuer = "https://localhost:5000",
ValidAudience = "chatapi",
};
config.UseFilter<AuthorizeFilter>();
config.UseJwtBearerAuthentication(tokenValidationParameters);
config.UseMiddleware<ExtractAccessTokenMiddleware>(tokenValidationParameters);
// Demonstration filter that passes access token from the middleware to the ViewModels.SecurePageVM class instance.
config.UseFilter<SetAccessTokenFilter>();
});
例外如下。
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys:
kid: '[PII is hidden]',
token: '[PII is hidden]'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Foresting.Chat.ExamplePipelines.ExtractAccessTokenMiddleware.ValidateToken(HeaderData headers, SecurityToken& validatedToken) in C:\GitHub\ChatApi\ChatApi\ExamplePipelines\ExtractAccessTokenMiddleware.cs:line 46
at ChatApi.ExamplePipelines.ExtractAccessTokenMiddleware.Invoke(DotNetifyHubContext hubContext, NextDelegate next) in C:\GitHub\ChatApi\ChatApi\ExamplePipelines\ExtractAccessTokenMiddleware.cs:line 27
我怀疑我的tokenValidationParameter设置不正确,但不知道如何正确设置并验证它。
试图理解oid / oauth流,但似乎很难在有限的时间内理解和解决我的问题。
有人可以帮助我在哪里解决这类问题吗?
谢谢。