Asp.net core 使用OppenidAct中的隐式和客户端凭据流对访问令牌请求进行授权失败
我已经能够在使用Asp.net core 使用OppenidAct中的隐式和客户端凭据流对访问令牌请求进行授权失败,asp.net-core,jwt,asp.net-identity,openiddict,Asp.net Core,Jwt,Asp.net Identity,Openiddict,我已经能够在使用隐式流时成功地处理身份验证,但是当我添加新的流客户端凭据时,在调用令牌时出现了错误 进行令牌呼叫: var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost:54783/connect/token"); request.Content = new FormUrlEncodedContent(new Dictionary<string, string> { ["grant_ty
隐式流
时成功地处理身份验证,但是当我添加新的流客户端凭据
时,在调用令牌时出现了错误
进行令牌呼叫:
var request = new HttpRequestMessage(HttpMethod.Post, "http://localhost:54783/connect/token");
request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "console",
["client_secret"] = "388D45FA-B36B-4988-BA59-B187D329C207"
});
var response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead);
response.EnsureSuccessStatusCode();
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
Startup.cs-ConfigureServices
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
});
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDbContext<DbContext>(options =>
{
// Configure the context to use Microsoft SQL Server.
options.UseSqlServer(connectionString);
options.UseOpenIddict<Guid>();
});
services.AddIdentity<User, Role>()
.AddEntityFrameworkStores<DbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict().AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<DbContext>()
.ReplaceDefaultEntities<Guid>();
}).AddServer(options =>
{
options.UseMvc();
options.EnableAuthorizationEndpoint("/connect/authorize")
.EnableLogoutEndpoint("/connect/logout")
.EnableIntrospectionEndpoint("/connect/introspect")
.EnableUserinfoEndpoint("/api/userinfo")
.EnableTokenEndpoint("/connect/token");
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
options.AddEphemeralSigningKey();
options.AllowClientCredentialsFlow();
options.AllowImplicitFlow();
options.DisableHttpsRequirement();
//options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
});//.AddValidation();
services.AddMvc(config =>
{
var defaultPolicy = new AuthorizationPolicyBuilder(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme })
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(defaultPolicy));
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OAuthValidationDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = Configuration["SettingsConfig:AuthUrl"];
options.Audience = "resource-server-1";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role
};
});
var builder = services.AddIdentityCore<User>(o =>
{
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
});
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
b => b.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.Build());
});
services.AddTransient<UserManager<User>>();
.............
services.AddMvc().AddJsonOptions(选项=>
{
options.SerializerSettings.ContractResolver=新的CamelCasePropertyNamesContractResolver();
});
var connectionString=Configuration.GetConnectionString(“DefaultConnection”);
services.AddDbContext(选项=>
{
//配置上下文以使用Microsoft SQL Server。
使用SQLServer(connectionString);
options.UseOpenIddict();
});
服务.额外性()
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();
配置(选项=>
{
options.ClaimsIdentity.UserNameClaimType=OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType=OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType=OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict().AddCore(选项=>
{
options.UseEntityFrameworkCore()
.UseDbContext()
.ReplaceDefaultEntities();
}).AddServer(选项=>
{
options.UseMvc();
options.EnableAuthorizationEndpoint(“/connect/authorize”)
.EnableLogoutEndpoint(“/connect/logout”)
.EnableIntrospectionEndpoint(“/connect/introspect”)
.EnableUserinfoEndpoint(“/api/userinfo”)
.EnableTokenEndpoint(“/connect/token”);
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
options.AddEphemeralSigningKey();
options.AllowClientCredentialsFlow();
options.allowmplicitflow();
选项。禁用HttpSrequirement();
//options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
});//.AddValidation();
services.AddMvc(配置=>
{
var defaultPolicy=new AuthorizationPolicyBuilder(新[]{JwtBearerDefaults.AuthenticationScheme,IdentityConstants.ApplicationScheme})
.RequireAuthenticatedUser()文件
.Build();
config.Filters.Add(newauthorizefilter(defaultPolicy));
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(选项=>
{
options.DefaultScheme=JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme=JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=OAuthValidationDefaults.AuthenticationScheme;
})
.AddJwtBearer(选项=>
{
options.Authority=Configuration[“SettingsConfig:AuthUrl”];
options.acquisition=“resource-server-1”;
options.RequireHttpsMetadata=false;
options.TokenValidationParameters=新的TokenValidationParameters
{
NameClaimType=OpenIdConnectConstants.Claims.Subject,
RoleClaimType=OpenIdConnectConstants.Claims.Role
};
});
var builder=services.AddIdentityCore(o=>
{
o、 Password.RequireDigit=false;
o、 Password.RequireLowercase=false;
o、 Password.RequireUppercase=false;
o、 Password.RequireNonAlphanumeric=false;
o、 Password.RequiredLength=6;
});
services.AddCors(选项=>
{
options.AddPolicy(“CorsPolicy”,
b=>b.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.Build());
});
services.AddTransient();
.............
我想我可能缺少JWTBearer
上的一些配置,但找不到导致错误的原因
我在同一个项目中还有授权和资源服务器。您的
交换操作是否用[Authorize]
修饰?如果是这样,请删除它以摆脱虚假重定向。不,它没有用[Authorize]
装饰,但我添加了[AllowAnonymous]
,这样做很有效!但是我在控制器中没有[Authorize]
属性,但它是自动重定向的。哦,是的,这是因为您在全局级别添加了它:config.Filters.Add(newauthorizefilter(defaultPolicy))
。
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
});
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDbContext<DbContext>(options =>
{
// Configure the context to use Microsoft SQL Server.
options.UseSqlServer(connectionString);
options.UseOpenIddict<Guid>();
});
services.AddIdentity<User, Role>()
.AddEntityFrameworkStores<DbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict().AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<DbContext>()
.ReplaceDefaultEntities<Guid>();
}).AddServer(options =>
{
options.UseMvc();
options.EnableAuthorizationEndpoint("/connect/authorize")
.EnableLogoutEndpoint("/connect/logout")
.EnableIntrospectionEndpoint("/connect/introspect")
.EnableUserinfoEndpoint("/api/userinfo")
.EnableTokenEndpoint("/connect/token");
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
options.AddEphemeralSigningKey();
options.AllowClientCredentialsFlow();
options.AllowImplicitFlow();
options.DisableHttpsRequirement();
//options.AddDevelopmentSigningCertificate();
options.UseJsonWebTokens();
});//.AddValidation();
services.AddMvc(config =>
{
var defaultPolicy = new AuthorizationPolicyBuilder(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme })
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(defaultPolicy));
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OAuthValidationDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = Configuration["SettingsConfig:AuthUrl"];
options.Audience = "resource-server-1";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = OpenIdConnectConstants.Claims.Subject,
RoleClaimType = OpenIdConnectConstants.Claims.Role
};
});
var builder = services.AddIdentityCore<User>(o =>
{
o.Password.RequireDigit = false;
o.Password.RequireLowercase = false;
o.Password.RequireUppercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequiredLength = 6;
});
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
b => b.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.Build());
});
services.AddTransient<UserManager<User>>();
.............