4

我正在使用邮递员,并且正在尝试从身份管理器中获取用户列表。但我无法正确配置应用程序。我尝试从https://localhost/idm/api/users获取用户

我获得了具有 API+idmgr+openid 范围的令牌,并且在我的声明中具有管理员角色。

这是启动文件:

namespace WebHost
{
    internal class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            LogProvider.SetCurrentLogProvider(new NLogLogProvider());

            string connectionString = ConfigurationManager.AppSettings["MembershipRebootConnection"];

            JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

            app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "oidc",
                Authority = "https://localhost/ids",
                ClientId = "postman",
                RedirectUri = "https://localhost",
                ResponseType = "id_token",
                UseTokenLifetime = false,
                Scope = "openid idmgr",
                SignInAsAuthenticationType = "Jwt",
                Notifications = new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = n =>
                    {
                        n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                        return Task.FromResult(0);
                    }
                }
            });

            X509Certificate2 cert = Certificate.Get();

            app.Map("/idm", adminApp =>
            {
                app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
                {
                    AllowedAudiences = new string[] { "https://localhost/ids" + "/resources" },
                    AuthenticationType = "Jwt",
                    IssuerSecurityTokenProviders = new[] {
                        new X509CertificateSecurityTokenProvider("https://localhost/ids", cert)
                    },
                    AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active
                });

                var factory = new IdentityManagerServiceFactory();
                factory.Configure(connectionString);

                var securityConfig = new ExternalBearerTokenConfiguration
                {
                    Audience = "https://localhost/ids" + "/resources",
                    BearerAuthenticationType = "Jwt",
                    Issuer = "https://localhost/ids",
                    SigningCert = cert,
                    Scope = "openid idmgr",
                    RequireSsl = true,
                };

                adminApp.UseIdentityManager(new IdentityManagerOptions()
                {
                    Factory = factory,
                    SecurityConfiguration = securityConfig
                });
            });

            app.Map(ConfigurationManager.AppSettings["IdentityServerSuffix"], core =>
            {
                IdentityServerServiceFactory idSvrFactory = Factory.Configure();
                idSvrFactory.ConfigureCustomUserService(connectionString);

                var options = new IdentityServerOptions
                {
                    SiteName = "Login",

                    SigningCertificate = Certificate.Get(),
                    Factory = idSvrFactory,
                    EnableWelcomePage = true,
                    RequireSsl = true
                };

                core.UseIdentityServer(options);
            });
        }
    }
}

我错过了什么?

4

2 回答 2

3

对于那些可能想知道我是如何做到的人,我对 Owin 的东西以及 Identity Server 的工作原理进行了很多搜索,发现我的问题并没有那么远。

我删除了 JwtSecurityTokenHandler.InboundClaimTypeMap 我删除了 UseOpenId 的东西(如果您使用的是 openId 外部登录提供程序,请不要删除它(如果您使用的是 google、facebook 或 twitter,有相关的类,只需安装 nuget,它很漂亮)直截了当)

本节让您配置记名令牌,这是我在我的应用程序中使用的默认类型令牌(我决定使用密码身份验证来简化 Postman 请求以进行自动测试,但我仍然在我的应用程序中使用代码身份验证

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                Authority = ConfigurationManager.AppSettings["AuthorityUrl"],
                ValidationMode = ValidationMode.ValidationEndpoint,
                RequiredScopes = new[] { ConfigurationManager.AppSettings["ApiScope"] }
            });

我已禁用 IdentityManagerUi 接口,因为我计划使用 API

 app.Map(ConfigurationManager.AppSettings["IdentityManagerSuffix"].ToString(), idmm =>
            {
                var factory = new IdentityManagerServiceFactory();
                factory.Configure(connectionString);

                idmm.UseIdentityManager(new IdentityManagerOptions()
                {
                    DisableUserInterface = true,
                    Factory = factory,
                    SecurityConfiguration = new HostSecurityConfiguration()
                    {
                        HostAuthenticationType = Constants.BearerAuthenticationType
                    }
                });
            });

我像这样配置身份服务器:

app.Map(ConfigurationManager.AppSettings["IdentityServerSuffix"], core =>
            {
                IdentityServerServiceFactory idSvrFactory = Factory.Configure();
                idSvrFactory.ConfigureCustomUserService(connectionString);

                var options = new IdentityServerOptions
                {
                    SiteName = ConfigurationManager.AppSettings["SiteName"],

                    SigningCertificate = Certificate.Get(),
                    Factory = idSvrFactory,
                    EnableWelcomePage = true,
                    RequireSsl = true,
                };

                core.UseIdentityServer(options);
            });

在 IdentityServerServiceFactory 中,我将这段代码称为:

var clientStore = new InMemoryClientStore(Clients.Get());

客户端的代码应该是这样的:

public static Client Get()
        {
            return new Client
            {
                ClientName = "PostMan Application",
                ClientId = "postman",
                ClientSecrets = new List<Secret> {
                        new Secret("ClientSecret".Sha256())
                    },
                Claims = new List<Claim>
                    {
                        new Claim("name", "Identity Manager API"),
                        new Claim("role", IdentityManager.Constants.AdminRoleName),
                    },
                **Flow = Flows.ResourceOwner**, //Password authentication
                PrefixClientClaims = false,
                AccessTokenType = AccessTokenType.Jwt,
                ClientUri = "https://www.getpostman.com/",
                RedirectUris = new List<string>
                    {
                        "https://www.getpostman.com/oauth2/callback",
                        //aproulx - 2015-11-24 -ADDED This line, url has changed on the postman side
                        "https://app.getpostman.com/oauth2/callback"
                    },

                //IdentityProviderRestrictions = new List<string>(){Constants.PrimaryAuthenticationType},
                AllowedScopes = new List<string>()
                    {
                        "postman",
                        "IdentityManager",
                        ConfigurationManager.AppSettings["ApiScope"],
                        Constants.StandardScopes.OpenId,
                        IdentityManager.Constants.IdMgrScope,
                    }
            };
        }

在邮递员方面,只需执行以下操作:

POST /ids/connect/token HTTP/1.1
Host: local-login.net
Cache-Control: no-cache
Postman-Token: 33e98423-701f-c615-8b7a-66814968ba1a
Content-Type: application/x-www-form-urlencoded

client_id=postman&client_secret=SecretPassword&grant_type=password&scope=APISTUFF&username=apiViewer&password=ICanUseTheApi

希望它会帮助某人

于 2016-02-29T20:32:20.873 回答
0

沙尔,

我看到了您的评论,因此我创建了一个项目(确保您克隆了 postmanexample 分支),您可以在其中看到与 Alegrowin 的帖子相关的工作示例。这个想法是使用邮递员访问 IdentityManager Api。

脚步

  • 打开 postman 并选择 POST 动词
  • 把它作为 url: https://localhost:44337/ids/connect/token
  • 在标题中放 key = Content-Type 和 value = application/x-www-form-urlencoded
  • 在正文中,选择 raw 并粘贴此 client_id=postman&client_secret=ClientSecret&grant_type=password&scope=idmgr&username=admin&password=admin
  • 点击发送

在此之后,您将收到类似的东西

{"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJwb3N0bWFuIiwic2NvcGUiOiJpZG1nciIsInN1YiI6Ijk1MWE5NjVmLTFmODQtNDM2MC05MGU0LTNmNmRlYWM3YjliYyIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE1MDU1ODg1MTgsImlkcCI6Imlkc3J2IiwibmFtZSI6IkFkbWluIiwicm9sZSI6IklkZW50aXR5TWFuYWdlckFkbWluaXN0cmF0b3IiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMvcmVzb3VyY2VzIiwiZXhwIjoxNTA1NTkyMTE4LCJuYmYiOjE1MDU1ODg1MTh9.h0KjlnKy3Ml-SnZg6cYSPJW4XxsOFxDB8K9JY4Zx_I1KbMQxctjkDrTVfSylfjFXlwpyBD-qqfxmRkOKsz_6zSZneaJpyWsJt2FTqCNOWJJV9BdPbViWcM_vADFkVpwiiSaTCv7k08xwj8StGCq5zlYLU68k8awYpXzgpz0O8zPZpfc0oSN3ZQJVFEKBfE4ATbPo6ut2i0_Y3lPbQiwjXJgA_wwp-W0L3zY8A5rfYSwKU0KzS51BKBSn6svBCjTu84Dm2KM-zlManMar1Ybjoy108Xvuliq_zBNdbeEt-Daau_RNrasw1tya_cZicK85IB1TJdUSKPGwNG5xEirNzg",
"expires_in": 3600,
"token_type": "Bearer"}

例子

Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJwb3N0bWFuIiwic2NvcGUiOiJpZG1nciIsInN1YiI6Ijk1MWE5NjVmLTFmODQtNDM2MC05MGU0LTNmNmRlYWM3YjliYyIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE1MDU1ODg1MTgsImlkcCI6Imlkc3J2IiwibmFtZSI6IkFkbWluIiwicm9sZSI6IklkZW50aXR5TWFuYWdlckFkbWluaXN0cmF0b3IiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDMzNy9pZHMvcmVzb3VyY2VzIiwiZXhwIjoxNTA1NTkyMTE4LCJuYmYiOjE1MDU1ODg1MTh9.h0KjlnKy3Ml-SnZg6cYSPJW4XxsOFxDB8K9JY4Zx_I1KbMQxctjkDrTVfSylfjFXlwpyBD-qqfxmRkOKsz_6zSZneaJpyWsJt2FTqCNOWJJV9BdPbViWcM_vADFkVpwiiSaTCv7k08xwj8StGCq5zlYLU68k8awYpXzgpz0O8zPZpfc0oSN3ZQJVFEKBfE4ATbPo6ut2i0_Y3lPbQiwjXJgA_wwp-W0L3zY8A5rfYSwKU0KzS51BKBSn6svBCjTu84Dm2KM-zlManMar1Ybjoy108Xvuliq_zBNdbeEt-Daau_RNrasw1tya_cZicK85IB1TJdUSKPGwNG5xEirNzg
  • 点击发送

你应该收到这样的东西

{
"data": {
    "items": [
        {
            "data": {
                "subject": "081d965f-1f84-4360-90e4-8f6deac7b9bc",
                "username": "alice",
                "name": "Alice Smith"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/081d965f-1f84-4360-90e4-8f6deac7b9bc",
                "delete": "https://localhost:44337/idm/api/users/081d965f-1f84-4360-90e4-8f6deac7b9bc"
            }
        },
        {
            "data": {
                "subject": "5f292677-d3d2-4bf9-a6f8-e982d08e1306",
                "username": "bob",
                "name": "Bob Smith"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/5f292677-d3d2-4bf9-a6f8-e982d08e1306",
                "delete": "https://localhost:44337/idm/api/users/5f292677-d3d2-4bf9-a6f8-e982d08e1306"
            }
        },
        {
            "data": {
                "subject": "e3c7fd2b-3942-456f-8871-62e64c351e8c",
                "username": "xoetuvm",
                "name": "Uylocms Xcyfhpc"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/e3c7fd2b-3942-456f-8871-62e64c351e8c",
                "delete": "https://localhost:44337/idm/api/users/e3c7fd2b-3942-456f-8871-62e64c351e8c"
            }
        },
        {
            "data": {
                "subject": "0777d8de-91be-41e2-82ae-01c4576c7aca",
                "username": "xdbktbb",
                "name": "Qbcqwrg Mypxduu"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/0777d8de-91be-41e2-82ae-01c4576c7aca",
                "delete": "https://localhost:44337/idm/api/users/0777d8de-91be-41e2-82ae-01c4576c7aca"
            }
        },
        {
            "data": {
                "subject": "10d2760a-2b3f-4912-af2a-2bcd9d113af9",
                "username": "acrkkzf",
                "name": "Qcmwcha Kdibtke"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/10d2760a-2b3f-4912-af2a-2bcd9d113af9",
                "delete": "https://localhost:44337/idm/api/users/10d2760a-2b3f-4912-af2a-2bcd9d113af9"
            }
        },
        {
            "data": {
                "subject": "5e16f086-a487-4429-b2a6-b05a739e1e71",
                "username": "wjxfulk",
                "name": "Eihevix Bjzjbwz"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/5e16f086-a487-4429-b2a6-b05a739e1e71",
                "delete": "https://localhost:44337/idm/api/users/5e16f086-a487-4429-b2a6-b05a739e1e71"
            }
        },
        {
            "data": {
                "subject": "256e23de-410a-461d-92cc-55684de8be6f",
                "username": "zputkfb",
                "name": "Vhwjjpd Stfpoum"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/256e23de-410a-461d-92cc-55684de8be6f",
                "delete": "https://localhost:44337/idm/api/users/256e23de-410a-461d-92cc-55684de8be6f"
            }
        },
        {
            "data": {
                "subject": "725cc088-96c3-490d-bc66-a376c8ca34ff",
                "username": "teshydj",
                "name": "Tirsnex Tdlkfii"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/725cc088-96c3-490d-bc66-a376c8ca34ff",
                "delete": "https://localhost:44337/idm/api/users/725cc088-96c3-490d-bc66-a376c8ca34ff"
            }
        },
        {
            "data": {
                "subject": "ac773092-e3db-4711-9c95-a2a57c1ff25f",
                "username": "blulsuj",
                "name": "Puuncng Lbmlcsb"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/ac773092-e3db-4711-9c95-a2a57c1ff25f",
                "delete": "https://localhost:44337/idm/api/users/ac773092-e3db-4711-9c95-a2a57c1ff25f"
            }
        },
        {
            "data": {
                "subject": "81f878b1-016e-4fea-9929-54e3b1d55cce",
                "username": "yeqwlfy",
                "name": "Qtfimdr Sxvgizd"
            },
            "links": {
                "detail": "https://localhost:44337/idm/api/users/81f878b1-016e-4fea-9929-54e3b1d55cce",
                "delete": "https://localhost:44337/idm/api/users/81f878b1-016e-4fea-9929-54e3b1d55cce"
            }
        }
    ],
    "start": 0,
    "count": 10,
    "total": 18806,
    "filter": null
},
"links": {
    "create": {
        "href": "https://localhost:44337/idm/api/users",
        "meta": [
            {
                "type": "username",
                "name": "Username",
                "dataType": 0,
                "required": true
            },
            {
                "type": "password",
                "name": "Password",
                "dataType": 1,
                "required": true
            },
            {
                "type": "name",
                "name": "Name",
                "dataType": 0,
                "required": true
            },
            {
                "type": "Age",
                "name": "Age",
                "dataType": 4,
                "required": true
            },
            {
                "type": "IsNice",
                "name": "IsNice",
                "dataType": 5,
                "required": true
            },
            {
                "type": "role.admin",
                "name": "Is Administrator",
                "dataType": 5,
                "required": true
            }
        ]
    }
}
}

亲切的问候丹尼尔

于 2017-09-16T19:18:45.833 回答