IdentityServer4 Asp.Net 核心身份
IdentityServer4 Asp.Net Core Identity
我正在尝试使用 Asp.Net Core Identity 创建基本的 IdentityServer4,如 this 教程中所述。
但是当我调用登录方法时:
return Challenge(new AuthenticationProperties {
RedirectUri = "/Home/Index"
}, "oidc");
我收到 404 错误:
http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44391%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520api1%26response_mode%3Dform_post%26nonce%3D636682993147514721.ZDA2MmI5ZTgtMWU3Yi00ZjMzLTkyODMtZjBiNWIzMjUzZTRjZmYxMjIxYWItOTk5NS00OGJlLWE0M2EtOTg3ZTYyM2EzZWVk%26state%3DCfDJ8D1ISazXjTpLmRDTOwhIeT5cVwo-oh7P4hDeZa0Q7cSfU6vKRDTEu3RHraTyz4Wb8oQngGo-qAkzinXV2yFJuqClVRB_1gwLLXIvVK4moxtgGjZUGUJIDmoqQHrQCOxGNJLrGkaBiS74vxd1el8N1wSseoSBlqZD94OlShI53wgPNKXPiDzT0FLOI47MNwHwzW0d5q0n752kZiVp2V31CZemI6wtaEgte3Mb9iouFzrSyAW5XaBMdDEnAGPCNZ2d5Zfgwb2Cmp61B-I9t05aDHqR-5cxYtr0PVVM6PwBKy-1olSFH8uIc8ku0UJn7PY0WA%26x-client-SKU%3DID_NETSTANDARD1_4%26x-client-ver%3D5.2.0.0
我需要任何额外的视图和控制器吗?我认为 Asp.Net Core Identity 中的内容将被使用。
我的 IdentityServer4 配置:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddSigningCredential("CN=tst")
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<IdentityUser>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
//app.UseHttpsRedirection();
//app.UseCookiePolicy();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
//app.UseMvc(routes =>
// {
// routes.MapRoute(
// name: "default",
// template: "{controller=Home}/{action=Index}/{id?}");
// });
}
我的客户端配置:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("oidc")
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", optins =>
{
optins.SignInScheme = "Cookies";
optins.Authority = "http://localhost:5000";
optins.RequireHttpsMetadata = false;
optins.ClientId = "mvc";
optins.ClientSecret = "secret";
optins.ResponseType = "code id_token";
optins.GetClaimsFromUserInfoEndpoint = true;
optins.Scope.Add("openid");
optins.Scope.Add("profile");
//optins.Scope.Add("email");
optins.Scope.Add("api1");
optins.ClaimActions.Add(new JsonKeyClaimAction("role", "role", "role"));
optins.SaveTokens = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
IdentityServer4 控制台没有错误。
引入 ASP.NET Core Identity 2.1 后,不再将视图、控制器等添加到使用 Visual Studio 或 dotnet CLI 生成的项目中。相反,它们是通过 Razor Class Library.
提供的
作为此更改的一部分,/Account/Login(在您的示例中显示)等旧式 URL 也已更改。这些现在以 /Identity 为前缀,并通过位于名为 Identity.
的区域中的 ASP.NET Core Razor Pages 提供
IdentityServer4 defaults to using the old-style URLs,正如我所说,它不再存在(导致您的 404)。要解决此问题,请在代码中配置 IdentityServerOptions 对象以使用新位置:
services.AddIdentityServer(options =>
{
options.UserInteraction.LoginUrl = "/Identity/Account/Login";
options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
})
.AddSigningCredential("CN=tst")
// ...
只有两个身份相关的 URL 可以配置,所以我在上面的代码中添加了它们以确保完整性。
我正在尝试使用 Asp.Net Core Identity 创建基本的 IdentityServer4,如 this 教程中所述。
但是当我调用登录方法时:
return Challenge(new AuthenticationProperties {
RedirectUri = "/Home/Index"
}, "oidc");
我收到 404 错误:
http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dmvc%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44391%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520api1%26response_mode%3Dform_post%26nonce%3D636682993147514721.ZDA2MmI5ZTgtMWU3Yi00ZjMzLTkyODMtZjBiNWIzMjUzZTRjZmYxMjIxYWItOTk5NS00OGJlLWE0M2EtOTg3ZTYyM2EzZWVk%26state%3DCfDJ8D1ISazXjTpLmRDTOwhIeT5cVwo-oh7P4hDeZa0Q7cSfU6vKRDTEu3RHraTyz4Wb8oQngGo-qAkzinXV2yFJuqClVRB_1gwLLXIvVK4moxtgGjZUGUJIDmoqQHrQCOxGNJLrGkaBiS74vxd1el8N1wSseoSBlqZD94OlShI53wgPNKXPiDzT0FLOI47MNwHwzW0d5q0n752kZiVp2V31CZemI6wtaEgte3Mb9iouFzrSyAW5XaBMdDEnAGPCNZ2d5Zfgwb2Cmp61B-I9t05aDHqR-5cxYtr0PVVM6PwBKy-1olSFH8uIc8ku0UJn7PY0WA%26x-client-SKU%3DID_NETSTANDARD1_4%26x-client-ver%3D5.2.0.0
我需要任何额外的视图和控制器吗?我认为 Asp.Net Core Identity 中的内容将被使用。
我的 IdentityServer4 配置:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddSigningCredential("CN=tst")
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<IdentityUser>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
//app.UseHttpsRedirection();
//app.UseCookiePolicy();
app.UseStaticFiles();
app.UseIdentityServer();
app.UseMvcWithDefaultRoute();
//app.UseMvc(routes =>
// {
// routes.MapRoute(
// name: "default",
// template: "{controller=Home}/{action=Index}/{id?}");
// });
}
我的客户端配置:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("oidc")
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", optins =>
{
optins.SignInScheme = "Cookies";
optins.Authority = "http://localhost:5000";
optins.RequireHttpsMetadata = false;
optins.ClientId = "mvc";
optins.ClientSecret = "secret";
optins.ResponseType = "code id_token";
optins.GetClaimsFromUserInfoEndpoint = true;
optins.Scope.Add("openid");
optins.Scope.Add("profile");
//optins.Scope.Add("email");
optins.Scope.Add("api1");
optins.ClaimActions.Add(new JsonKeyClaimAction("role", "role", "role"));
optins.SaveTokens = true;
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
IdentityServer4 控制台没有错误。
引入 ASP.NET Core Identity 2.1 后,不再将视图、控制器等添加到使用 Visual Studio 或 dotnet CLI 生成的项目中。相反,它们是通过 Razor Class Library.
提供的作为此更改的一部分,/Account/Login(在您的示例中显示)等旧式 URL 也已更改。这些现在以 /Identity 为前缀,并通过位于名为 Identity.
IdentityServer4 defaults to using the old-style URLs,正如我所说,它不再存在(导致您的 404)。要解决此问题,请在代码中配置 IdentityServerOptions 对象以使用新位置:
services.AddIdentityServer(options =>
{
options.UserInteraction.LoginUrl = "/Identity/Account/Login";
options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
})
.AddSigningCredential("CN=tst")
// ...
只有两个身份相关的 URL 可以配置,所以我在上面的代码中添加了它们以确保完整性。