Asp.net core 配置ASP.Net Core以使用OIDC对Thinktecture V2进行身份验证
我正在尝试使用OpenID Connect(我们目前需要WS-Trust,因此无法升级)获取一个ASP.Net核心,以针对Thinktecture V2进行身份验证 我的配置如下Asp.net core 配置ASP.Net Core以使用OIDC对Thinktecture V2进行身份验证,asp.net-core,openid-connect,thinktecture-ident-server,thinktecture,asp.net-core-middleware,Asp.net Core,Openid Connect,Thinktecture Ident Server,Thinktecture,Asp.net Core Middleware,我正在尝试使用OpenID Connect(我们目前需要WS-Trust,因此无法升级)获取一个ASP.Net核心,以针对Thinktecture V2进行身份验证 我的配置如下 app.UseCookieAuthentication(new CookieAuthenticationOptions()); X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
var cert = certStore.Certificates.Find(X509FindType.FindByThumbprint, "CertThumbprint", false);
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
RequireHttpsMetadata = false,
ClientId = _config["OpenID:ClientId"],
ClientSecret = _config["OpenID:ClientSecret"],
Authority = _config["OpenID:Authority"],
ResponseType = OpenIdConnectResponseType.Code,
PostLogoutRedirectUri = _config["OpenID:PostLogoutRedirectUri"],
SignInScheme = "Cookies",
CallbackPath = "/signin-oidc",
TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = new X509SecurityKey(cert[0]),
},
Configuration = new OpenIdConnectConfiguration
{
Issuer = "https://identityserver/IdentityServer/issue",
AuthorizationEndpoint = "https://identityserver/IdentityServer/issue/oidc/authorize",
TokenEndpoint = "https://identityserver/IdentityServer/issue/oidc/token",
UserInfoEndpoint = "https://identityserver/IdentityServer/issue/oidc/userinfo",
}
});
config.json
"OpenID": {
"ClientId": "Test",
"ClientSecret": "{6DD502AB-2AB1-4028-BD4A-85C91790EC7B}",
"Authority": "https://identityserver/IdentityServer/issue/oidc",
"PostLogoutRedirectUri": "https://localhost:44353/" }
当我尝试进行身份验证时,会出现以下异常:
HttpRequestException:响应状态代码不表示成功:400(错误请求)
thinktectureIdentityServer.svclog中的跟踪为
如果有人能提供任何帮助,我将不胜感激。我已经通过处理OnAuthorizationCodeReceivedEvent和手动处理代码赎回,克服了上述错误,我在其中添加了一个基本授权头来授权客户
新的OpenIdConnectOptions
{
...
事件=新的OpenIdConnectEvents
{
OnAuthorizationCodeReceived=异步上下文=>
{
context.HandleCodeRedemption();
var requestMessage=newhttprequestmessage(HttpMethod.Post,context.Options.Configuration.TokenEndpoint);
requestMessage.Content=newformurlencodedcontent(context.TokenEndpointRequest.Parameters);
var authString=string.Format(“{0}”,Convert.ToBase64String(Encoding.ASCII.GetBytes(_-config[“OpenID:ClientId”]+”:“+_-config[“OpenID:ClientSecret”]);
requestMessage.Headers.Authorization=新系统.Net.Http.Headers.AuthenticationHeaderValue(“基本”,authString);
var responseMessage=await context.Backchannel.sendsync(requestMessage);
responseMessage.EnsureAccessStatusCode();
var tokenResonse=await responseMessage.Content.ReadAsStringAsync();
var jsonTokenResponse=JObject.Parse(tokenresponse);
context.TokenEndpointResponse=新的OpenIdConnectMessage(jsonTokenResponse);
}
}
...
});
要进行最后一次调用以检索UserInfo,我必须对Identity Server进行更改,以便在响应中包含与Id令牌中的主题匹配的主题。这涉及更新UserInfoController以在Get方法中添加声明