在我收到“这已经被多次回答”之前,我知道并且我已经查看了这些答案,但它们仍然没有帮助我解决问题。
我的问题是,在我使用用户名和密码成功登录我的用户并重定向到 ReturnUrl 后,它会停留在主页上。有趣的是,如果(成功登录后)我转到浏览器并手动重新输入以前仅授权的端点,然后我看到它正确地转到那里 - 这意味着登录和令牌的委派相应地起作用。
要记住的网址: localhost:44322 是身份服务器 URL localhost:44324 是 MVC 客户端 url。
Startup.cs for Identity API
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<AppDbContext>(opt =>
{
opt.UseInMemoryDatabase("Memory");
});
//registers the services
services.AddIdentity<IdentityUser, IdentityRole>(x => {
x.SignIn.RequireConfirmedEmail = false;
})
.AddEntityFrameworkStores<AppDbContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(x =>
{
x.Cookie.Name="IdentityServer.Cookie";
x.LoginPath="/Auth/Login";
});
services.AddIdentityServer()
.AddAspNetIdentity<IdentityUser>()
//what APIs are we securing
.AddInMemoryApiResources(Constants.GetApis())
//What clients are allowed to get the token
.AddInMemoryClients(Constants.GetClients())
.AddInMemoryIdentityResources(Constants.GetIdentityResources())
.AddDeveloperSigningCredential();
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
常量的定义
public static IEnumerable<IdentityResource> GetIdentityResources() =>
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
public static IEnumerable<ApiResource> GetApis() =>
new List<ApiResource>
{
new ApiResource("ApiOne"),
new ApiResource("ApiTwo")
};
public static IEnumerable<Client> GetClients() =>
new List<Client>
{
new Client
{
ClientId = "client_id",
ClientSecrets = { new Secret("client_secret".ToSha256()) },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "ApiOne" },
RequireConsent = false
},
new Client
{
ClientId = "client_id_mvc",
ClientSecrets = { new Secret("client_secret_mvc".ToSha256()) },
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = { "https://localhost:44324/signin-oidc" },
AllowedScopes = {
"ApiOne",
"ApiTwo",
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
RequireConsent = false
}
};
有问题的身份验证控制器
[HttpPost]
[Route("login")]
public async Task<IActionResult> Login([FromForm]LoginViewModel vm)
{
var result = await signInManager.PasswordSignInAsync(vm.Username, vm.Password, true, false);
if(result.Succeeded)
{
Redirect(vm.ReturnUrl);
}
return View();
}
启动MVC客户端
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(config => {
config.DefaultScheme = "Cookie";
config.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookie")
.AddOpenIdConnect("oidc", config => {
//identity server
config.Authority = "https://localhost:44322/";
config.ClientId = "client_id_mvc";
config.ClientSecret = "client_secret_mvc";
config.SaveTokens = true;
config.ResponseType = "code";
});
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
所以我正在做的流程是我去 https://localhost:44324/home/secret 这是一个 [Authorized] 端点。然后将我重定向到 https://localhost:44322/auth/login,这是我的身份 API 上的登录页面。输入硬编码的测试用户凭据后,登录时显示成功,然后转到重定向。返回地址如下:
/connect/authorize/callback?client_id=client_id_mvc&redirect_uri=https%3A%2F%2Flocalhost%3A44324%2Fsignin-oidc&response_type=code&scope=openid%20profile&code_challenge=ob6wyGhtOaGOSIZGWyXVCzjp1w5Zin_H6VG4z1-xfu8&code_challenge_method=S256&response_mode=form_post&nonce=637567222451405465.ZTZlNWEwZmYtNmEyMy00NDIzLWEwNmItYmQ4YTg4MzZhNTVhMjI0ZmU1MTItZWNjOC00OWY4LThkMjctMDA2YjlhMzFhNzk1&state=CfDJ8EeI8YyfW6NNovbazuf6nJMm8gGjHaRB3fVaN3mBe7JK6sjd3Qhsjd0Gi78T1VDZik858l8sqxQjNtvNAsHnxkRQR-Lql13SLf5lY-ziJpaCN32Xb_xOO4B6rt8lSw4D0HKr-46klGAOloMJ1IkdA4ueJQ-S9zAk0BUvRfKzFIEUuZI7BfFklYcIHODaSVF8-KiQGEHTCgaWN23VJ3qeIerGgPc6bv74iRiK5NNtSljefpRAnf_Bog-eA6y1UjEqoBmbTlIdtvWWF3K2v0RmMKxYkzJVA9o2AbQx--1SPARigd_eYk3PImf_qrsgmZKOSgciP81uC5Gy1fiz7ob7XilyLMrBv3pbmcdJUeWbzi_hp0nUoKKUlvL-xL5-w71lrA&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
我做错了什么?