Asp.net identity Identity Server 4在API上声明为空
我一直在尝试将Identity Server 4与SPA应用程序集成。我可以在API中对应用程序进行授权,但授权后,Asp.net identity Identity Server 4在API上声明为空,asp.net-identity,entity-framework-core,asp.net-core-2.0,identityserver4,Asp.net Identity,Entity Framework Core,Asp.net Core 2.0,Identityserver4,我一直在尝试将Identity Server 4与SPA应用程序集成。我可以在API中对应用程序进行授权,但授权后,用户将使用该应用程序。虽然我已在范围中添加了声明,但声明始终是空的 我正在API中使用Asp.net标识和实体框架核心 我的项目分布在不同的项目中 Auth(使用Identity Server 4) 项目管理员 Project.Data(我的上下文和迁移所在) 项目域(Enities) Project.Service(存储库和视图模型) Startup.cs用于Project.Ad
用户将使用该应用程序。虽然我已在范围中添加了声明,但声明
始终是空的
我正在API中使用Asp.net标识和实体框架核心
我的项目分布在不同的项目中
Startup.cs
用于Project.Admin
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<MyContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddAuthorization();
services.AddIdentity<User, IdentityRole<Guid>>()
.AddEntityFrameworkStores<MyContext>()
.AddDefaultTokenProviders();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44305";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(options =>
{
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:8080")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddScoped(typeof(IRepository<>), typeof(EfRepository<>));
services.AddScoped<IContractService, ContractService>();
services.AddScoped<IClientService, ClientService>();
services.AddAutoMapper(mapperConfig => mapperConfig.AddProfiles(GetType().Assembly));
services.AddMvcCore()
.AddJsonFormatters();
}
TestUser.cs
public class TestUsers
{
public static List<TestUser> Users = new List<TestUser>
{
new TestUser{SubjectId = Guid.NewGuid().ToString(), Username = "alice", Password = "alice",
Claims =
{
new Claim(JwtClaimTypes.Name, "Alice Smith"),
new Claim(JwtClaimTypes.Role,"Admin"),
new Claim(JwtClaimTypes.GivenName, "Alice"),
new Claim(JwtClaimTypes.FamilyName, "Smith"),
new Claim(JwtClaimTypes.Email, "AliceSmith@email.com"),
new Claim(JwtClaimTypes.EmailVerified, "true", ClaimValueTypes.Boolean),
new Claim(JwtClaimTypes.WebSite, "http://alice.com"),
new Claim(JwtClaimTypes.Address, @"{ 'street_address': 'One Hacker Way', 'locality': 'Heidelberg', 'postal_code': 69118, 'country': 'Germany' }", IdentityServer4.IdentityServerConstants.ClaimValueTypes.Json)
}
}
};
}
ApiResource
new ApiResource("api1", "My API")
IdentityResources
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource> {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource {
Name = "role",
UserClaims = new List<string> {"role"}
}
};
}
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44305";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
为什么API能够授权和验证请求,但没有关于用户和声明的详细信息?我错过了API启动课程的任何内容吗?或者在startup类的优先级上存在一些错误配置
在我将上下文和服务的DI添加到Startup类之前,声明和用户通常具有该值
我再次尝试删除对Project.Service的引用,并删除Project.Admin中Statrup类的所有内容。我能够得到索赔信息。如下图所示
但是,当我将DI添加到上下文和其他服务时。我的索赔信息丢失了。但是,我仍然通过身份验证,并且它正在通过我的授权筛选器
编辑:当我在我的应用程序上检查日志时,我发现一个错误
未对“Identity.Application”进行身份验证。失败消息:“取消票据保护失败”尝试此操作
var user = User.Claims.First(claim => claim.Type=="Name").Value();
我不是专家,但我认为这是处理声明的方式,而不是Asp.Net的旧版本,在旧版本中,放置用户就足够了。我找到了解决此问题的方法。我的代码中遗漏了几点:
IdentityServer4.AccessTokenValidation
的引用重复ConfigureServices
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource> {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource {
Name = "role",
UserClaims = new List<string> {"role"}
}
};
}
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44305";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore().AddAuthorization().AddJsonFormatters();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDbContext<MyContext>(o => o.UseSqlServer(connectionString));
services.AddIdentity<User, IdentityRole<Guid>>().AddEntityFrameworkStores<MyContext>().AddDefaultTokenProviders();
services.AddAuthentication(
options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44305";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:8080")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddScoped(typeof(IRepository<>), typeof(EfRepository<>));
services.AddScoped<IContractService, ContractService>();
services.AddScoped<IClientService, ClientService>();
services.AddAutoMapper(mapperConfig => mapperConfig.AddProfiles(GetType().Assembly));
}
public void配置服务(IServiceCollection服务)
{
services.AddMvcCore().AddAuthorization().AddJsonFormatters();
var connectionString=Configuration.GetConnectionString(“DefaultConnection”);
AddDbContext(o=>o.UseSqlServer(connectionString));
services.AddIdentity().AddEntityFrameworkStores().AddDefaultTokenProviders();
services.AddAuthentication(
选项=>
{
options.DefaultAuthenticateScheme=IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=“oidc”;
})
.AddIdentityServerAuthentication(选项=>
{
选项。权限=”https://localhost:44305";
options.RequireHttpsMetadata=false;
options.ApiName=“api1”;
});
services.AddCors(选项=>
{
//这定义了一个名为“默认”的CORS策略
options.AddPolicy(“默认”,策略=>
{
政策来源(”http://localhost:8080")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
addScope(typeof(IRepository)、typeof(eRepository));
services.addScope();
services.addScope();
AddAutoMapper(mapperConfig=>mapperConfig.AddProfiles(GetType().Assembly));
}
更改上述两件事解决了我在没有承载令牌的情况下丢失声明和授权的问题。你熟悉这篇文章吗:我需要在API启动时使用Oidc身份验证删除承载身份验证吗?让我们来看看。我在应用程序中发现奇怪的事情是,它在API中没有令牌的情况下被授权呼叫
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore().AddAuthorization().AddJsonFormatters();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDbContext<MyContext>(o => o.UseSqlServer(connectionString));
services.AddIdentity<User, IdentityRole<Guid>>().AddEntityFrameworkStores<MyContext>().AddDefaultTokenProviders();
services.AddAuthentication(
options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44305";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
});
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:8080")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
services.AddScoped(typeof(IRepository<>), typeof(EfRepository<>));
services.AddScoped<IContractService, ContractService>();
services.AddScoped<IClientService, ClientService>();
services.AddAutoMapper(mapperConfig => mapperConfig.AddProfiles(GetType().Assembly));
}