尝试使用Thinctecture identityserver v3作为多个mvc应用程序的简单sts.
我能够遍历所提供的示例应用程序并且运行正常,但它们都使用嵌入式身份服务器.我需要将identityserver作为一个单独的应用程序,以便我可以将它用作多个应用程序的sts.当我尝试运行身份服务器并将示例mvc应用程序连接到它时似乎缺少某些东西.
我能够遍历所提供的示例应用程序并且运行正常,但它们都使用嵌入式身份服务器.我需要将identityserver作为一个单独的应用程序,以便我可以将它用作多个应用程序的sts.当我尝试运行身份服务器并将示例mvc应用程序连接到它时似乎缺少某些东西.
示例mvc应用程序使用武士刀
app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions...
但我只是不明白如何正确配置外部应用服务.
我的猜测是我没有使用正确的端点.
这是我的依赖方配置为mvc.
然后我在这里运行最新的IS v3:
:44333
在mvc应用程序中,每当我尝试导航到需要授权的视图时,我都会得到异常.
堆栈跟踪:
[HttpRequestException: Response status code does not indicate success: 404 (Not Found).] System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +87960 Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +496 [IOException: Unable to get document from: https://localhost:44333/.well-known/openid-configuration] Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +830 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52 System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24 Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +512 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52 System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24 Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1332
这是mvc应用程序中的完整身份验证配置.
app.USEOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { //Authority = "https://localhost:44319/identity",Authority = "https://localhost:44333",ClientId = "mvc",Scope = "openid profile roles",RedirectUri = "https://localhost:44319/",SignInAsAuthenticationType = "Cookies",UseTokenLifetime = false,Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async n => { var id = n.AuthenticationTicket.Identity; // we want to keep first name,last name,subject and roles var givenName = id.FindFirst(Constants.ClaimTypes.GivenName); var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName); var sub = id.FindFirst(Constants.ClaimTypes.Subject); var roles = id.FindAll(Constants.ClaimTypes.Role); // create new identity and set name and role claim type var nid = new ClaimsIdentity( id.AuthenticationType,Constants.ClaimTypes.GivenName,Constants.ClaimTypes.Role); nid.AddClaim(givenName); nid.AddClaim(familyName); nid.AddClaim(sub); nid.AddClaims(roles); // keep the id_token for logout nid.AddClaim(new Claim("id_token",n.ProtocolMessage.IdToken)); // add some other app specific claim nid.AddClaim(new Claim("app_specific","some data")); n.AuthenticationTicket = new AuthenticationTicket( nid,n.AuthenticationTicket.Properties); },RedirectToIdentityProvider = async n => { if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.logoutRequest) { var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); if (idTokenHint != null) { n.ProtocolMessage.IdTokenHint = idTokenHint.Value; } } } } });
解决方法
您的端点最后缺少/ identity
