如何使用IdentityServer进行身份验证和AspNetIdentity项目?

时间:2019-05-22 10:15:27

标签: authentication asp.net-core single-sign-on identityserver4

我有一些客户端应用程序和一个身份服务器应用程序。每个应用程序都需要有一个单点登录流程。到目前为止,我已经能够毫无问题地注册我的其他应用程序。但是,我的身份应用程序遇到了无限循环问题。我的想法是,身份应用程序的AddIdentity()部分在某种程度上干扰了AddAuthentication()方法调用中的IdentityServer4客户端注册。

问题应用程序的唯一责任是管理属于所有应用程序的用户,但不实际登录(使用IdentityServer4登录)。这是配置。

// Config.cs  - problem client configuration
new Client
{

    ClientId = "identity",
    ClientName = "Identity Management",
    AllowedGrantTypes = GrantTypes.Implicit,
    RedirectUris = { "http://localhost:59990/signin-oidc" },
    PostLogoutRedirectUris = { "http://localhost:59990/signout-callback-oidc" },
    AllowedScopes = GetAllowedScopes(),
},

我真的不认为config.cs有什么问题,因为在此之前我的所有应用程序都可以使用相同的客户端注册代码登录。

// ConfigureServices.cs - for client that has redirect loop 
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddDbContext<SafetyContext>(options => options.UseSqlServer(Configuration.GetConnectionString("SafetyPlusConnection")));


services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

services.AddIdentity<SafetyUser, SafetyRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddRoleManager<RoleManager<SafetyRole>>()
    .AddDefaultUI(UIFramework.Bootstrap4)
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.Authority = "http://localhost:5000";
        options.RequireHttpsMetadata = false;
        options.ClientId = "identity";
        options.SaveTokens = true;
    });

services.AddScoped<RoleService>();

剩余的配置只是一些样板代码。

// Configure.cs - in the problem application
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();

// Register.cs - code for registering new users (needs authorization first)
[Authorize]
public class RegisterModel : PageModel

当我导航到用[Authorize]属性修饰的注册页面时,我已正确登录IdentityServer,并要求访问我的openid和配置文件特权。何时,我接受请求,应用程序开始无限循环。

以下三个请求在无限循环中重复。

http:// localhost:59990 / signin-oidc

enter image description here

http:// localhost:59990 / Identity / Account / Register enter image description here

http:// localhost:5000 / connect / authorize?client_id = identity&redirect_uri = http%3A%2F%2Flocalhost%3A59990%2Fsignin-oidc&response_type = id_token&scope = openid%20profile&response_mode = form_post&nonce = ...(省略的编码文本) enter image description here

1 个答案:

答案 0 :(得分:1)

致电AddIdentity<>时,您已经setup authentication有多个选项。因此,请尝试覆盖所有三个默认值:

services.AddAuthentication(sharedOptions =>
{
  sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
  sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
  sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})

sample

中所述
相关问题
最新问题