无法在 IIS 中 运行 IdentityServer3
Unable to run IdentityServer3 in IIS
我已经从 here 下载了 IdentityServer 的代码。 运行在 IIS Express 中使用 IdentityServer3\Host.Web 解决方案时,我可以使用 TokenClient.RequestResourceOwnerPasswordAsync 方法从控制台客户端进行身份验证。
但是,当我直接在IIS下将IdentityServer3\Host.Web切换到运行时,我得到以下错误:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
- Integrated authentication was used.
- the application pool identity is a custom account.
the server is a member of a domain.
我必须进行哪些不同的配置才能让 IdentityServer3 在 IIS 下工作?
解决方案一:
看起来解决这个问题的方法是将身份验证类型更改为 PostValues:
var client = new TokenClient(
authenticationUrl,
"carbon",
"21B5F798-BE55-42BC-8AA8-0025B903DC3B",
AuthenticationStyle.PostValues);
var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");
请注意,您必须在构造函数中设置 AuthenticationStyle。在构造之后设置它是有问题的,因为身份验证 headers 是在构造函数中有条件地创建的。
方案二:
在 IIS 设置中禁用 "Basic Authentication"。
我已经从 here 下载了 IdentityServer 的代码。 运行在 IIS Express 中使用 IdentityServer3\Host.Web 解决方案时,我可以使用 TokenClient.RequestResourceOwnerPasswordAsync 方法从控制台客户端进行身份验证。
但是,当我直接在IIS下将IdentityServer3\Host.Web切换到运行时,我得到以下错误:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
- Integrated authentication was used.
- the application pool identity is a custom account.
the server is a member of a domain.
我必须进行哪些不同的配置才能让 IdentityServer3 在 IIS 下工作?
解决方案一:
看起来解决这个问题的方法是将身份验证类型更改为 PostValues:
var client = new TokenClient(
authenticationUrl,
"carbon",
"21B5F798-BE55-42BC-8AA8-0025B903DC3B",
AuthenticationStyle.PostValues);
var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");
请注意,您必须在构造函数中设置 AuthenticationStyle。在构造之后设置它是有问题的,因为身份验证 headers 是在构造函数中有条件地创建的。
方案二:
在 IIS 设置中禁用 "Basic Authentication"。