c# - ASP .NET Core MVC 部署到 Azure Identity Server 4
问题描述
当我尝试将 MVC asp .net 核心部署为客户端时,我在 azure 中部署了身份服务器。出现未经授权的客户端错误。我下面的配置有什么问题?
启动客户端 MVC
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options => {
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options => {
options.SignInScheme = "Cookies";
options.Authority = Configuration.GetValue<string>("server:identityurl");
options.RequireHttpsMetadata = false;
options.ClientId = Configuration.GetValue<string>("server:clientid");
options.ClientSecret = Configuration.GetValue<string>("server:clientsecret");
options.ResponseType = Configuration.GetValue<string>("server:responsetype");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add(Configuration.GetValue<string>("server:scope1"));
options.Scope.Add(Configuration.GetValue<string>("server:scope2"));
});
Appsetting.json & Appsetting.Development.Json
"server": {
"identityurl": "https://pdjayaauthapi.azurewebsites.net",
"clientid": "webapp2",
"clientsecret": "web123",
"responsetype": "code id_token",
"scope1": "masterdataapi",
"scope2": "offline_access"
}
身份服务器启动
public void ConfigureServices(IServiceCollection services)
{
var sqlConnectionString = Configuration.GetConnectionString("MySqlCon");
services.AddDbContext<PDJayaDB>(options =>
options.UseMySql(
sqlConnectionString,
b => b.MigrationsAssembly("PDJaya.Identity")
)
);
//my user repository
services.AddScoped<IUserRepository, UserRepository>();
services.AddSingleton<IConfiguration>(Configuration);
services.AddMvc();
// configure identity server with in-memory stores, keys, clients and resources
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetUsers())
.AddProfileService<ProfileService>();
//Inject the classes we just created
services.AddTransient<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddTransient<IProfileService, ProfileService>();
}
这是我定义客户端 asp .net mvc 的身份服务器配置。
身份服务器配置
新客户
ClientId = "webapp2",
ClientName = "web with openid",
AllowedGrantTypes = GrantTypes.Implicit,
ClientSecrets =
{
new Secret("web123".Sha256())
},
RedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signin-oidc" },
PostLogoutRedirectUris = { "http://pdjayaauthapi.azurewebsites.net/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"masterdataapi",
"transactionapi"
},
AllowOfflineAccess = true
解决方案
使用 Hybrid 流而不是 Ryan 所说的设置的隐式流。并重新启动 Web 应用程序。它应该修复错误。
推荐阅读
- r - 如何相对于一列添加不同列的值
- gensim - gensim 模型中向量值的范围
- sql - DB2 中联合查询的重复数据删除
- angular - Angular Universal:捕获滚动或调整大小事件
- python - 从 JSON 文件的元素制作列表
- c# - DI容器每次都提供新实例?
- amazon-web-services - 如何使用 API Gateway 将 Cognito 用户池组传递到 Lambda 上下文?
- c++ - Crypto++:CFB_Mode_ExternalCipher 不工作
- xamarin - iOS 13 披露按钮 (UITableViewCellAccessory.DetailDisclosureButton) 未触发事件 Xamarin
- r - 在具有条件的 dplyr 中使用 mutate