.net core IdentityServer4+;布拉佐
我正在尝试构建一个小型微服务体系结构,包括: -IdentityServer 4服务 -一种实用的API服务 -作为另一项服务的web应用程序 我的客户机代码主要来源于@McGuireV10代码: 问题是我遇到了一个问题,无法找到解决方法:.net core IdentityServer4+;布拉佐,.net-core,identityserver4,blazor,.net Core,Identityserver4,Blazor,我正在尝试构建一个小型微服务体系结构,包括: -IdentityServer 4服务 -一种实用的API服务 -作为另一项服务的web应用程序 我的客户机代码主要来源于@McGuireV10代码: 问题是我遇到了一个问题,无法找到解决方法: System.Security.Cryptography.CryptographicException: 'The payload was invalid.' 使用此堆栈跟踪: Microsoft.AspNetCore.DataProtection.dl
System.Security.Cryptography.CryptographicException: 'The payload was invalid.'
使用此堆栈跟踪:
Microsoft.AspNetCore.DataProtection.dll!Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(byte* pbCiphertext, uint cbCiphertext, byte* pbAdditionalAuthenticatedData, uint cbAdditionalAuthenticatedData) Unknown
Microsoft.AspNetCore.DataProtection.dll!Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(System.ArraySegment<byte> ciphertext, System.ArraySegment<byte> additionalAuthenticatedData) Unknown
Microsoft.AspNetCore.DataProtection.dll!Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(byte[] protectedData, bool allowOperationsOnRevokedKeys, out Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectStatus status) Unknown
Microsoft.AspNetCore.DataProtection.dll!Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(byte[] protectedData, bool ignoreRevocationErrors, out bool requiresMigration, out bool wasRevoked) Unknown
Microsoft.AspNetCore.DataProtection.dll!Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(byte[] protectedData) Unknown
Microsoft.AspNetCore.Authentication.dll!Microsoft.AspNetCore.Authentication.SecureDataFormat<Microsoft.AspNetCore.Authentication.AuthenticationTicket>.Unprotect(string protectedText, string purpose) Unknown
Microsoft.AspNetCore.Authentication.Cookies.dll!Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler.ReadCookieTicket() Unknown
Microsoft.AspNetCore.Authentication.Cookies.dll!Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler.HandleAuthenticateAsync() Unknown
Microsoft.AspNetCore.Authentication.dll!Microsoft.AspNetCore.Authentication.AuthenticationHandler<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>.AuthenticateAsync() Unknown
Microsoft.AspNetCore.Authentication.Core.dll!Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(Microsoft.AspNetCore.Http.HttpContext context, string scheme) Unknown
Microsoft.AspNetCore.Authentication.Abstractions.dll!Microsoft.AspNetCore.Authentication.AuthenticationHttpContextExtensions.AuthenticateAsync(Microsoft.AspNetCore.Http.HttpContext context, string scheme) Unknown
Microsoft.AspNetCore.Authentication.dll!Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.Routing.dll!Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.SetRoutingAndContinue(Microsoft.AspNetCore.Http.HttpContext httpContext) Unknown
Microsoft.AspNetCore.Routing.dll!Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext httpContext) Unknown
Microsoft.AspNetCore.StaticFiles.dll!Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.StaticFiles.dll!Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.StaticFiles.dll!Microsoft.AspNetCore.StaticFiles.DefaultFilesMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.HttpsPolicy.dll!Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.Diagnostics.dll!Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Volo.Abp.AspNetCore.dll!Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(Microsoft.AspNetCore.Http.HttpContext context, Microsoft.AspNetCore.Http.RequestDelegate next) Unknown
Microsoft.AspNetCore.Http.Abstractions.dll!Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.UseMiddlewareInterface.AnonymousMethod__1(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.HostFiltering.dll!Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext context) Unknown
Microsoft.AspNetCore.Hosting.dll!Microsoft.AspNetCore.Hosting.HostingApplication.ProcessRequestAsync(Microsoft.AspNetCore.Hosting.HostingApplication.Context context) Unknown
Microsoft.AspNetCore.Server.IIS.dll!Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT<Microsoft.AspNetCore.Hosting.HostingApplication.Context>.ProcessRequestAsync() Unknown
Microsoft.AspNetCore.Server.IIS.dll!Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.HandleRequest() Unknown
Microsoft.AspNetCore.Server.IIS.dll!Microsoft.AspNetCore.Server.IIS.Core.IISHttpContext.Execute() Unknown
然后,web应用程序启动代码:
context.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(365);
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = configuration["App:SelfUrl"];//configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = true;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("role");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("ProductFly");
options.ClaimActions.MapAbpClaimTypes();
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{
// called if user clicks Cancel during login
OnAccessDenied = context =>
{
context.HandleResponse();
context.Response.Redirect("/");
return System.Threading.Tasks.Task.CompletedTask;
}
};
});
context.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(365);
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = true;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("role");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("ProductFly");
options.ClaimActions.MapAbpClaimTypes();
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{
// called if user clicks Cancel during login
OnAccessDenied = context =>
{
context.HandleResponse();
context.Response.Redirect("/");
return System.Threading.Tasks.Task.CompletedTask;
}
};
});
另外,注意到我有自己的登录页面,我用它来坚持我的原则:
SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,新建
ClaimsPrincipal(索赔实体)、authProperties
以下是IdentityServer设置代码:
专用静态void AddIdentityServer(IServiceCollection服务)
{
var configuration=services.GetConfiguration();
var builderOptions=services.ExecutePreConfiguredActions()
var-identityServerBuilder=services.AddIdentityServer(选项=>
{
options.Events.RaiseErrorEvents=true;
options.Events.RaiseInformationEvents=true;
options.Events.RaiseFailureEvents=true;
options.Events.RaiseSuccessEvents=true;
});
if(builderOptions.AddDeveloperSigningCredential)
{
identityServerBuilder=identityServerBuilder.AddDeveloperSigningCredential();
}
identityServerBuilder.AddInMemoryClients(configuration.GetSection(“IdentityServer:Clients”);
服务。ExecuteReconfigurationActions(identityServerBuilder);
如果(!services.IsAdded())
{
identityServerBuilder.AddInMemoryPersistedGrants();
}
如果(!services.IsAdded())
{
identityServerBuilder.AddInMemoryClients(configuration.GetSection(“IdentityServer:Clients”);
}
如果(!services.IsAdded())
{
identityServerBuilder.AddInMemoryApiResources(configuration.GetSection(“IdentityServer:ApiResources”);
identityServerBuilder.AddInMemoryIdentityResources(configuration.GetSection(“IdentityServer:IdentityResources”);
}
}
并使用以下记录进行设置:
“GrantType”:“客户端凭据”“客户端ID”:“产品应用程序”
“客户端名称”:“产品应用程序”“说明”:“产品应用程序”
“ClientUri”:null,“LogoUri”:null,“Enabled”:true,
“原型”:“oidc”,“RequiredClientSecret”:真,
“RequireSend”:false,“AllowRememberApprove”:true,
“AlwaysIncludeUserClaimsInIdToken”:真,“RequiredRepkce”:假,
“AllowPlainTextPkce”:false,“AllowAccessTokensViaBrowser”:false,
“FrontChannelLogoutUri”:空,
“FrontChannelLogoutSessionRequired”:true,“BackChannelLogoutUri”:null,
“BackChannelLogoutSessionRequired”:true,“AllowOfflineAccess”:true,
“IdentityTokenLifetime”:{“$numberprint”:“300”},
“AccessTokenLifetime”:{“$numberprint”:“31536000”},
“AuthorizationCodeLifetime”:{“$numberprint”:“300”},
“生命周期”:空,
“绝对寿命”:{“$numberprint”:“31536000”},
“SlidingRefreshTokenLifetime”:{“$numberPrint”:“1296000”},
“RefreshTokenUsage”:{“$numberPrint”:“1”},
“UpdateAccessTokenClaimsOnRefresh”:false,
“RefreshTokenExpiration”:{“$numberPrint”:“1”},
“AccessTokenType”:{“$NumberPrint”:“0”},“EnableLocalLogin”:true,
“IncludeJwtId”:false,“AlwaysSendClientClaimes”:false,
“ClientClaimsPrefix”:“client_u”,“pairwissubjectsalt”:null,
“UserSsoLifetime”:null,“UserCodeType”:null,
“DeviceCodeLifetime”:{“$numberprint”:“300”}
有人有办法解决这个问题吗?或者至少调试一下
PS:我搜索了几天都没有成功 您的IS4启动不好,这是混合流服务的启动使用内存中的快速启动模板开始:谢谢,但我不明白。混合的我在我的服务之间使用OIDC,在我的两个web应用程序(身份登录应用程序和web应用程序)之间使用Cookie。怎么了?(为什么?)。附:示例使用谷歌,我使用我自己的登录/密码页面!感谢您正在IS4服务器中使用MVC应用程序的启动代码示例不使用Google,而是外部Idp的设置,您可以使用也可以不使用。您应该从阅读以下内容开始:您的IS4启动不好,这是混合流服务的启动使用内存中的快速启动模板开始:谢谢,但我不明白。混合的我在我的服务之间使用OIDC,在我的两个web应用程序(身份登录应用程序和web应用程序)之间使用Cookie。怎么了?(为什么?)。附:示例使用谷歌,我使用我自己的登录/密码页面!感谢您正在IS4服务器中使用MVC应用程序的启动代码示例不使用Google,而是外部Idp的设置,您可以使用也可以不使用。您应该从阅读
var identityServerBuilder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
});
if (builderOptions.AddDeveloperSigningCredential)
{
identityServerBuilder = identityServerBuilder.AddDeveloperSigningCredential();
}
identityServerBuilder.AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"));
services.ExecutePreConfiguredActions(identityServerBuilder);
if (!services.IsAdded<IPersistedGrantService>())
{
identityServerBuilder.AddInMemoryPersistedGrants();
}
if (!services.IsAdded<IClientStore>())
{
identityServerBuilder.AddInMemoryClients(configuration.GetSection("IdentityServer:Clients"));
}
if (!services.IsAdded<IResourceStore>())
{
identityServerBuilder.AddInMemoryApiResources(configuration.GetSection("IdentityServer:ApiResources"));
identityServerBuilder.AddInMemoryIdentityResources(configuration.GetSection("IdentityServer:IdentityResources"));
}
}