Asp.net core OpenIddict+;蒸汽授权失败(jwt承载)
我有一些麻烦。我将Openiddict与AspNet.Security.OpenID.Steam一起使用,并收到了承载令牌,(),但当我发送请求时,我看到了它 System.InvalidOperationException:检索OpenIddict验证上下文时发生未知错误。 在OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.handleAuthenticationAsync()中 位于Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticationAsync() 位于Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticationAsync(HttpContext上下文,字符串方案) 位于Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateTasync(AuthorizationPolicy Policy,HttpContext上下文) 位于Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext上下文) 位于Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext上下文)Asp.net core OpenIddict+;蒸汽授权失败(jwt承载),asp.net-core,jwt,authorization,steam,openiddict,Asp.net Core,Jwt,Authorization,Steam,Openiddict,我有一些麻烦。我将Openiddict与AspNet.Security.OpenID.Steam一起使用,并收到了承载令牌,(),但当我发送请求时,我看到了它 System.InvalidOperationException:检索OpenIddict验证上下文时发生未知错误。 在OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.handleAuthenticationAsync()中 位于Microsof
services.AddAuthentication()
.AddCookie()
.AddSteam(选项=>
{
options.signnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.ApplicationKey=configuration[“Steam:ApiKey”];
});
services.AddOpenIddict()
.AddServer(选项=>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.setAuthorizationEndpointURI(“/connect/authorize”)
.setTokenEndpointURI(“/connect/token”);
options.enableDegradeMode();
options.useApsNetCore();
options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
选项。AddEventHandler(生成器=>
builder.UseInlineHandler(上下文=>
{
如果(!string.Equals(context.RedirectUri)https://localhost:5001",
字符串比较(序号)&&
!string.Equals(context.RedirectUri,“http://localhost:4200“,StringComparison.序数))
{
上下文。拒绝(
错误:OpenIddictConstants.Errors.InvalidClient,
说明:
“指定的'redirect_uri'对此客户端应用程序无效。”);
返回默认值;
}
返回默认值;
}));
选项。AddEventHandler(生成器=>
builder.UseInlineHandler(上下文=>
{
if(!string.Equals(context.ClientId,“angular_client”,StringComparison.Ordinal))
{
上下文。拒绝(
错误:OpenIddictConstants.Errors.InvalidClient,
description:“指定的'client_id'与注册的应用程序不匹配。”);
返回默认值;
}
返回默认值;
}));
选项。AddEventHandler(生成器=>
builder.UseInlineHandler(异步上下文=>
{
var request=context.Transaction.GetHttpRequest()??
抛出新的InvalidOperationException(
“无法检索ASP.NET核心请求。”);
var本金=
(wait request.HttpContext.authenticateSync(SteamAuthenticationDefaults)
.AuthenticationScheme))?.Principal;
if(principal==null)
{
wait request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
.认证方案);
context.HandleRequest();
返回;
}
var identity=newclaimsidentity(TokenValidationParameters.DefaultAuthenticationType);
identity.AddClaim(新的声明(OpenIddictConstants.Claims.Subject),
principal.GetClaim(ClaimTypes.NameIdentifier));
foreach(identity.Claims中的var索赔)
{
SetDestinations(OpenIddictConstants.Destinations.AccessToken);
}
context.Principal=newclaimsprincipal(identity);
}));
})
.AddValidation(选项=>
{
options.UseLocalServer();
options.useApsNetCore();
});
下面是我在github中的代码
求你了,你能帮帮我吗!我花了很多时间来修复它((ASP.NET核心身份验证和授权中间件的顺序不正确:
app.UseAuthentication()
必须在app.UseAuthentication()
之前调用谢谢!你的建议帮助了我!
services.AddAuthentication()
.AddCookie()
.AddSteam(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ApplicationKey = configuration["Steam:ApiKey"];
});
services.AddOpenIddict()
.AddServer(options =>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetTokenEndpointUris("/connect/token");
options.EnableDegradedMode();
options.UseAspNetCore();
options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
options.AddEventHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.RedirectUri, "https://localhost:5001",
StringComparison.Ordinal) &&
!string.Equals(context.RedirectUri, "http://localhost:4200", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description:
"The specified 'redirect_uri' is not valid for this client application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.ValidateTokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.ClientId, "angular_client", StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' doesn't match a registered application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(async context =>
{
var request = context.Transaction.GetHttpRequest() ??
throw new InvalidOperationException(
"The ASP.NET Core request cannot be retrieved.");
var principal =
(await request.HttpContext.AuthenticateAsync(SteamAuthenticationDefaults
.AuthenticationScheme))?.Principal;
if (principal == null)
{
await request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
.AuthenticationScheme);
context.HandleRequest();
return;
}
var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);
identity.AddClaim(new Claim(OpenIddictConstants.Claims.Subject,
principal.GetClaim(ClaimTypes.NameIdentifier)));
foreach (var claim in identity.Claims)
{
claim.SetDestinations(OpenIddictConstants.Destinations.AccessToken);
}
context.Principal = new ClaimsPrincipal(identity);
}));
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});