angular - 身份服务器 4+.NET Core 2.0 + 身份
问题描述
我有一个我想用 Identity Server 4 授权的 Angular 应用程序。所以,我用 ef 创建了数据库,设法用 Identity 登录,但我不断地从 Identity Server获得“用户未通过身份验证” 。我不使用 mvc 作为 Identity Server 的所有示例,所以只是我想要授权的 Angular 应用程序。我的设置如下所示:
配置文件:
public class Config
{
private readonly IOptions<IdentityServerOption> _options;
public Config(IOptions<IdentityServerOption> options)
{
_options = options;
}
public IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("myApi", "Login API")
};
}
public IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile()
};
}
public IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "webClient",
ClientName = "Web Client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedCorsOrigins = new List<string>
{
"http://localhost:4200"
},
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"myApi"
},
RedirectUris = new List<string>
{
"http://localhost:4200/home/"
},
AllowAccessTokensViaBrowser = true
}
};
}
}
启动.cs
public void ConfigureServices(IServiceCollection services)
{
// database setup works fine, didn't show it
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<MyDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredUniqueChars = 6;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;
// User settings
options.User.RequireUniqueEmail = true;
});
services.AddOptions();
services.AddIdentityServer(o =>
{
o.IssuerUri = "http://localhost:5000";
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>().AddResourceOwnerValidator<CustomResourceOwnerPasswordValidator<ApplicationUser>>();
services.AddCors(options =>
{
// define policy that allows calling through this app
options.AddPolicy("default", policy =>
{
policy.WithOrigins(isOptions.AllowedCorsOrigins)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.ApiName = "myApi";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseAuthentication();
app.UseIdentityServer();
app.UseCors("default");
app.UseMvc();
}
我显然错过了一些东西,有人可以帮忙吗?
更新:
这就是我在控制台中得到的:
信息:Microsoft.AspNetCore.Hosting.Internal.WebHost[1] 请求开始 HTTP/1.1 GET http://localhost:5000/connect/authorize?client_id=webClient&redirect_uri=http%3A%2F%2Flocalhost%3A4300%2Fhrapps%2F&response_type= id_token%20token&scope=profile%20openid%20hrApi&nonce=N0.31465047010288671529050394126&state=15290500220560.42473005339627434 info: IdentityServer4.Hosting.IdentityServerMiddleware[0] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize info: IdentityServer4.Endpoints.AuthorizeEndpoint[0] ValidatedAuthorizeRequest { “ClientId”:“webClient”,“ClientName”:“Web 客户端”,“RedirectUri”:“ http://localhost:4200/home ”,"AllowedRedirectUris": ["http://localhost:4200/home " ], "SubjectId": "anonymous", "ResponseType": "id_token token", "ResponseMode": "fragment", "GrantType": "implicit", "RequestedScopes": " profile openid myApi", "State": "15290500220560.42473005339627434", "Nonce": "N0.31465047010288671529050394126", "Raw": { "client_id": "webClient", "redirect_uri": " http://localhost:4200/home", "response_type": "id_token token", "scope": "profile openid myApi", "nonce": "N0.31465047010288671529050394126", "state": "15290500220560.42473005339627434" } } info: IdentityServer4.ResponseHandling0].Authorize显示登录:用户未通过身份验证信息:Microsoft.AspNetCore.Hosting.Internal.WebHost[2] 请求在 175.2379 毫秒内完成 302 信息:Microsoft.AspNetCore.Hosting.Internal.WebHost[1] 请求开始 HTTP/1.1 GEThttp://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DwebClient%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%252Fhome%252F%26response_type%3Did_token%2520token%26scope%3Dprofile %2520openid%2520myApi%26nonce%3DN0.31465047010288671529050394126%26state%3D15290500220560.42473005339627434
解决方案
推荐阅读
- java - POST (HTTP) + Java:如何发送特定的表单数据?
- java - 如何从这两个数组中生成一串固定数量的数字?
- java - log4j2 滚动文件附加程序
- dart - 使用 FutureBuilder 创建轮播
- linux - rsync:包含和排除
- javascript - 在 cURL 中传递编码的链接
- image - 高效的livewire算法
- javascript - 承诺所有并使用 React.js 正确更新状态
- javascript - Material UI - React Router - 带有 ID 的 BreadCrumbs
- java - 无法解析 MimeMessage、Session、InternetAddress 类