无法在 IIS 中 运行 IdentityServer3

Unable to run IdentityServer3 in IIS

我已经从 here 下载了 IdentityServer 的代码。 运行在 IIS Express 中使用 IdentityServer3\Host.Web 解决方案时,我可以使用 TokenClient.RequestResourceOwnerPasswordAsync 方法从控制台客户端进行身份验证。

但是,当我直接在IIS下将IdentityServer3\Host.Web切换到运行时,我得到以下错误:

HTTP Error 401.1 - Unauthorized 
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
    - Integrated authentication was used.
    - the application pool identity is a custom account.
    the server is a member of a domain.

我必须进行哪些不同的配置才能让 IdentityServer3 在 IIS 下工作?

解决方案一:

看起来解决这个问题的方法是将身份验证类型更改为 PostValues:

var client = new TokenClient(
            authenticationUrl,
            "carbon",
            "21B5F798-BE55-42BC-8AA8-0025B903DC3B",
            AuthenticationStyle.PostValues);

var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");

请注意,您必须在构造函数中设置 AuthenticationStyle。在构造之后设置它是有问题的,因为身份验证 headers 是在构造函数中有条件地创建的。

方案二:

在 IIS 设置中禁用 "Basic Authentication"。