identityserver4 - “AuthenticationScheme:idsrv 未通过身份验证。” 当 Identity Server 4 托管在 IIS 中但工作托管在 Azure 中时
问题描述
我正在尝试将使用 AppAuth.JS 的新移动客户端添加到现有的工作 Identity Server 4 (3.1.2)
如果我在 Azure 中托管我的 Identity Server 实例,它可以工作,但如果我将它托管在本地 IIS 实例中(仍然使用真正的 SSL 证书的 HTTPS,而不是自签名证书),它会失败并出现错误
dbug:Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[9] AuthenticationScheme:idsrv 未通过身份验证。
我的新客户定义为
new Client
{
ClientId = "< a guid>",
ClientName = "Android",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireConsent = false,
RequireClientSecret = false,
ClientSecrets =
{
new Secret("<a guid>".Sha256())
},
RefreshTokenUsage = TokenUsage.ReUse,
RedirectUris = { "net.openid.appauth:/oauth2redirect" },
AllowedScopes = { "openid", "profile", "offline_access"},
AllowOfflineAccess = true
},
有谁知道为什么这适用于 Azure 而不是 ISS?
是否可能是 IIS 配置或 Identity Server 配置问题?
根据要求,这里是startup.cs
启动类如下
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(option => option.EnableEndpointRouting = false);
services.AddSingleton<IConfiguration>(Configuration);
services.AddOptions();
services.Configure<MySettings>(Configuration.GetSection("MySettings"));
// Configure identity server
services.AddApplicationInsightsTelemetry();
_logger.LogInformation("Looged from Configure");
var builder = services.AddIdentityServer()
.AddProfileService<MyProfileService>();
// fix for same site cookies in Chrome 80
services.ConfigureNonBreakingSameSiteCookies();
services.AddTransient<IProfileService, CCCProfileService>();
builder.AddInMemoryClients(Config.GetClients());
builder.AddInMemoryIdentityResources(Config.GetIdentityResources());
// use the dev cert for testing
builder.AddDeveloperSigningCredential();
}
public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
// Initialise the grant and operational databases (all in memory for testing)
app.UseDeveloperExceptionPage();
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute("login", "account/login", defaults: new { controller = "Login", action = "Login" });
routes.MapRoute("logout", "account/logout", defaults: new { controller = "Logout", action = "Logout" });
routes.MapRoute("register", "account/register", defaults: new { controller = "Register", action = "Register" });
routes.MapRoute("forgottenpassword", "account/forgottenpassword", defaults: new { controller = "ForgottenPassword", action = "ForgottenPassword" });
routes.MapRoute("resetpassword", "account/resetpassword/{secret}", defaults: new { controller = "ForgottenPassword", action = "ResetPassword" });
routes.MapRoute("error", "home/error", defaults: new { controller = "Error", action = "Error" });
routes.MapRoute("default", string.Empty, defaults: new { controller = "Home", action = "Index" });
});
}
解决方案
我发现了问题,它取决于startup.cs文件中的顺序。当 IIS/Kestrel 时,Azure 似乎要宽容得多。这个命令有效
public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
// needs to be before everything else
app.UseCookiePolicy();
// Initialise the grant and operational databases
this.InitializeDatabase(app);
app.UseIdentityServer();
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routes =>
{
// the routes
});
}
我在流程中太晚了 UseCookiePolicy。
谢谢,@Tore 为我提供答案的所有建议
推荐阅读
- c# - C# 根据用户输入在类实例中查找数组
- sql-server - 如何删除此特定语句中的重复行
- python - Pyside2 - QOpenGLFunction 对象没有属性 glShaderSource
- python - lifiline 中的 plot_covariate_groups 给出 NameError: name 'self' is not defined
- javascript - jquery如何获取数据表行的data-id值?
- docker - 使用 docker-compose 构建失败
- typescript - 使用 Jest 在 Nx Workspace 项目中对 Svelte 应用程序进行单元测试时出错
- reactjs - 在开发中使用 gatsby-plugin-google-tagmanager
- c# - 实现简单的属性序列化器
- c# - 从字符串转换日期和/或时间时转换失败;使用 SQLCommand.CommandText 和 SQLCommand.Parameters.AddWithValue