7

尝试使用 Thinctecture identityserver v3 作为多个 mvc 应用程序的简单 sts。
我能够浏览提供的示例应用程序并且运行良好,但它们都使用嵌入式身份服务器。我需要将身份服务器作为一个单独的应用程序,以便我可以将它用作多个应用程序的 sts。当我尝试运行身份服务器并将示例 mvc 应用程序连接到它时,它似乎缺少一些东西。

示例 mvc 应用程序使用 katana

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions...

但我只是不明白如何正确配置外部应用服务。我的猜测是我没有使用正确的端点。

这是我作为 mvc 的依赖方配置。然后我在这里运行最新的 IS v3::44333

在 mvc 应用程序中,每当我尝试导航到需要授权的视图时,都会出现异常。

堆栈跟踪:

[HttpRequestException: Response status code does not indicate success: 404 (Not Found).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +87960
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +496

[IOException: Unable to get document from: https://localhost:44333/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +830
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +512
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1332

这是 mvc 应用程序中的完整身份验证配置。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    //Authority = "https://localhost:44319/identity",
    Authority = "https://localhost:44333",
    ClientId = "mvc",
    Scope = "openid profile roles",
    RedirectUri = "https://localhost:44319/",

    SignInAsAuthenticationType = "Cookies",
    UseTokenLifetime = false,

    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        SecurityTokenValidated = async n =>
            {
                var id = n.AuthenticationTicket.Identity;

                // we want to keep first name, last name, subject and roles
                var givenName = id.FindFirst(Constants.ClaimTypes.GivenName);
                var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName);
                var sub = id.FindFirst(Constants.ClaimTypes.Subject);
                var roles = id.FindAll(Constants.ClaimTypes.Role);

                // create new identity and set name and role claim type
                var nid = new ClaimsIdentity(
                    id.AuthenticationType,
                    Constants.ClaimTypes.GivenName,
                    Constants.ClaimTypes.Role);

                nid.AddClaim(givenName);
                nid.AddClaim(familyName);
                nid.AddClaim(sub);
                nid.AddClaims(roles);

                // keep the id_token for logout
                nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                // add some other app specific claim
                nid.AddClaim(new Claim("app_specific", "some data"));

                n.AuthenticationTicket = new AuthenticationTicket(
                    nid,
                    n.AuthenticationTicket.Properties);
            },
        RedirectToIdentityProvider = async n =>
            {
                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                {
                    var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                    if (idTokenHint != null)
                    {
                        n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                    }
                }
            }
    }
});
4

1 回答 1

0

/identity您的端点最后缺少

于 2014-12-16T13:47:49.560 回答