身份服务器 4 ASP.NET 快速入门 'refused connection'
Identity Server 4 ASP.NET Quickstart 'refused connection'
我正在关注 Identity Server 4 Quickstart,但我遇到了一个奇怪的问题,即使我一步一步地关注它。
它说(翻译自德语)连接被目标计算机拒绝。
奇怪的是,在 API 项目中,“我们”(I) 说 ValidateAudience = false 我认为这意味着令牌根本没有被验证。
// call api
var apiClient = new HttpClient();
apiClient.SetBearerToken(tokenResponse.AccessToken);
var response = await apiClient.GetAsync("https://localhost:6001/identity");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine(response.StatusCode);
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
我真的 confused.The 客户端确实获得了 accessToken 所以这不是问题......我希望。
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[16:15:42 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[16:15:42 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Parser found secret: PostBodySecretParser
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Secret id found: client
[16:15:42 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client client succeeded.
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListValidator
Secret validator success: HashedSharedSecretValidator
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start client credentials token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
client credentials token request validation success
[16:15:42 Information] IdentityServer4.Validation.TokenRequestValidator
Token request validation success, {"ClientId": "client", "ClientName": null, "GrantType": "client_credentials", "Scopes": "api1", "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "client_credentials", "scope": "api1", "client_id": "client", "client_secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}
[16:15:42 Debug] IdentityServer4.Services.DefaultClaimsService
Getting claims for access token for client: client
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Token request success.
我认为设置 ValidateAudience = false 只会忽略观众声明,但仍会验证令牌中的其他内容。
您可以将 IncludeErrorDetails 属性 设置为 true 并像这样:
.AddJwtBearer(options =>
{
options.Audience = "payment";
options.Authority = "https://localhost:6001/";
//True if token validation errors should be returned to the caller.
options.IncludeErrorDetails = true;
当您将其设置为 True 时,您将在响应中获得更多详细信息 header,例如:
HTTP/1.1 401 Unauthorized
Date: Sun, 02 Aug 2020 11:19:06 GMT
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid"
为了进一步帮助您,请post一个示例访问令牌和API配置(启动class)
查看此article了解更多详情
所以在 API/Properties/lauchsettings .... 生成项目时它使用了默认的 sheme 并且在该 sheme 中它设置了一个端口 43033 或 smth
我正在关注 Identity Server 4 Quickstart,但我遇到了一个奇怪的问题,即使我一步一步地关注它。
它说(翻译自德语)连接被目标计算机拒绝。
奇怪的是,在 API 项目中,“我们”(I) 说 ValidateAudience = false 我认为这意味着令牌根本没有被验证。
// call api
var apiClient = new HttpClient();
apiClient.SetBearerToken(tokenResponse.AccessToken);
var response = await apiClient.GetAsync("https://localhost:6001/identity");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine(response.StatusCode);
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
我真的 confused.The 客户端确实获得了 accessToken 所以这不是问题......我希望。
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation
[16:15:42 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret
[16:15:42 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Parser found secret: PostBodySecretParser
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Secret id found: client
[16:15:42 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client client succeeded.
[16:15:42 Debug] IdentityServer4.Validation.ISecretsListValidator
Secret validator success: HashedSharedSecretValidator
[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start client credentials token request validation
[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
client credentials token request validation success
[16:15:42 Information] IdentityServer4.Validation.TokenRequestValidator
Token request validation success, {"ClientId": "client", "ClientName": null, "GrantType": "client_credentials", "Scopes": "api1", "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "client_credentials", "scope": "api1", "client_id": "client", "client_secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}
[16:15:42 Debug] IdentityServer4.Services.DefaultClaimsService
Getting claims for access token for client: client
[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Token request success.
我认为设置 ValidateAudience = false 只会忽略观众声明,但仍会验证令牌中的其他内容。
您可以将 IncludeErrorDetails 属性 设置为 true 并像这样:
.AddJwtBearer(options =>
{
options.Audience = "payment";
options.Authority = "https://localhost:6001/";
//True if token validation errors should be returned to the caller.
options.IncludeErrorDetails = true;
当您将其设置为 True 时,您将在响应中获得更多详细信息 header,例如:
HTTP/1.1 401 Unauthorized
Date: Sun, 02 Aug 2020 11:19:06 GMT
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid"
为了进一步帮助您,请post一个示例访问令牌和API配置(启动class)
查看此article了解更多详情
所以在 API/Properties/lauchsettings .... 生成项目时它使用了默认的 sheme 并且在该 sheme 中它设置了一个端口 43033 或 smth