我正在尝试使用身份服务器对客户端mvc应用程序进行身份验证。
我的应用程序具有身份服务器mvc应用程序,MVC应用程序,API
我在客户端MVC应用程序中使用了4个作用域(OpenId,电子邮件,配置文件,办公室-办公室是自定义声明类型)。
我使用此代码创建具有身份验证mvc应用程序的身份服务器。
1 identity server run
2 MVC application run
3 Login link click using MVC application
4 Login the identity server using TestUser details
5 after login success always display this screen (not show my all scope to check in client application)
身份服务器-(http://localhost:61632)
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddTestUsers(TestUsers.Users)
.AddInMemoryClients(Config.GetClients())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseIdentityServer();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
TestUser类
public class TestUsers
{
public static List<TestUser> Users = new List<TestUser>
{
new TestUser{SubjectId = "818727", Username = "Kasunjith", Password = "kasunjith",
Claims =
{
new Claim("office_Id","23"),
new Claim(JwtClaimTypes.Name, "Alice Smith"),
new Claim(JwtClaimTypes.GivenName, "Alice"),
new Claim(JwtClaimTypes.FamilyName, "Smith"),
new Claim(JwtClaimTypes.Email, "AliceSmith@email.com"),
new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.WebSite, "http://alice.com"),
new Claim(JwtClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", IdentityServer4.IdentityServerConstants.ClaimValueTypes.Json)
}
},
new TestUser{SubjectId = "88421113", Username = "bimal", Password = "bimal",
Claims =
{
new Claim("office_Id","24"),
new Claim(JwtClaimTypes.Name, "Bob Smith"),
new Claim(JwtClaimTypes.GivenName, "Bob"),
new Claim(JwtClaimTypes.FamilyName, "Smith"),
new Claim(JwtClaimTypes.Email, "BobSmith@email.com"),
new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.WebSite, "http://bob.com"),
new Claim(JwtClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", IdentityServer4.IdentityServerConstants.ClaimValueTypes.Json),
new Claim("location", "somewhere")
}
}
};
}
配置类
public class Config
{
public static IEnumerable<Client> GetClients()
{
return new Client[]
{
new Client
{
ClientId ="mvc",
ClientName="MVC Demo",
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris ={ "http://localhost:62104/signin-oidc" },
AllowedScopes={ "openid","email", "profile","office"},
AllowRememberConsent = true,
}
};
}
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new IdentityResource[]
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
new IdentityResource
{
Name="office",
DisplayName ="office details",
UserClaims = {"office_Id"}
}
};
}
public static IEnumerable<ApiResource> GetApiResources()
{
return new ApiResource[]
{
};
}
}
客户端-Mvc应用程序(http://localhost:62104)
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
//options.DefaultAuthenticateScheme = "Cookies";
}).AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.RequireHttpsMetadata = false;
options.Authority = "http://localhost:61632";
options.ClientId = "mvc";
options.ResponseType = "id_token";
//options.CallbackPath = new PathString("...")
//options.SignedOutCallbackPath = new PathString("...")
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("profile");
options.Scope.Add("office");
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
答案 0 :(得分:0)
发现了问题(很难!)
代码工作正常。无效的部分正在Consent视图中显示范围。问题归结为这一行:
查看/同意/Index.cshtml
<partial name="_ScopeListItem" model="@scope" />
这使用了ASP.NET 2.1中引入的Partial Tag Helper。
您在注释中链接的项目(您的项目)使用ASP.NET 2.0,但是您从IdentityServer复制的QuickStart UI使用ASP.NET Core 2.1,因此它们基本上是不兼容的。要解决此问题,请使用适合您版本的适当的Tag帮助程序,或者(我建议)升级到ASP.NET Core 2.2。为此,您可以:
更改项目文件:
<Project Sdk="Microsoft.NET.Sdk.Web">
<!-- Upgrade the project to .NET Core 2.2-->
<PropertyGroup>
<TargetFramework>netcoreapp2.2</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="IdentityServer4" Version="2.3.2" />
<!-- Change the ASP.NET Core from All to App. -->
<PackageReference Include="Microsoft.AspNetCore.App" />
</ItemGroup>
<ItemGroup>
<DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.2" />
</ItemGroup>
</Project>
还有Startup.cs
public IConfiguration Configuration { get; }
public IHostingEnvironment Environment { get; }
public Startup(IConfiguration configuration, IHostingEnvironment environment)
{
Configuration = configuration;
Environment = environment;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_1);
var builder = services.AddIdentityServer()
.AddTestUsers(TestUsers.Users)
.AddInMemoryClients(Config.GetClients())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources());
// without this you can't sign jwt tokens in dev. still need to configure for prod.
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
}
由于您很喜欢它,因此我也建议您也升级MVC(客户端)应用程序。我在您的GitHub存储库上发送了一个PR,该PR具有上述更改,并希望在您的用户登录后列出范围/声明。