IdentityServer4与Asp.Net 4.5 MVC客户端
我正在尝试用MVC框架验证一个使用旧Asp.Net(不是核心版本)构建的现有MVC应用程序 通过以下IdentityServer4和IdentityServer3示例,我成功地使用EntityFramework将用户信息存储在LocalDB中,当我尝试访问客户端应用程序中的受限页面时,我会被重定向到IdentityServer4提供的登录页面。但是,成功登录后(根据我在日志上看到的内容),它不会重定向到相应的页面。地址栏上的内容类似于。。。。然后是大量参数和散列值。端口5000是我运行identity server的地方,我的应用程序托管在端口44300,但我无法回到那里 以前是否有人遇到过此类问题,或者有人能给我指出一个由IdentityServer4和Asp.Net的非核心版本组成的示例 编辑1:实施细节 服务器:IdentityServer4实现几乎是IdentityServer4 Quickstarts 6-AsNetIdentity的克隆 配置文件:IdentityServer4与Asp.Net 4.5 MVC客户端,asp.net,asp.net-mvc,asp.net-mvc-4,identityserver4,Asp.net,Asp.net Mvc,Asp.net Mvc 4,Identityserver4,我正在尝试用MVC框架验证一个使用旧Asp.Net(不是核心版本)构建的现有MVC应用程序 通过以下IdentityServer4和IdentityServer3示例,我成功地使用EntityFramework将用户信息存储在LocalDB中,当我尝试访问客户端应用程序中的受限页面时,我会被重定向到IdentityServer4提供的登录页面。但是,成功登录后(根据我在日志上看到的内容),它不会重定向到相应的页面。地址栏上的内容类似于。。。。然后是大量参数和散列值。端口5000是我运行ident
public class Config
{
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
};
}
// clients want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "webapp",
ClientName = "Client WebApp",
AllowedGrantTypes = GrantTypes.Hybrid,
RedirectUris = { "http://localhost:44300/signin-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
},
AllowOfflineAccess = true
}
};
}
}
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
ClientSecret = "secret",
Authority = "http://localhost:5000", //ID Server
RedirectUri = "http://localhost:44300/signin-oidc",
ClientId = "webapp",
ResponseType = "id_token code",
Scope = "openid profile",
});
}
}
日志输出:单击安全页面->是登录页面->单击登录后的日志输出
...
...
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[3]
HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Identity.Application.
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[8]
AuthenticationScheme: Identity.Application was successfully authenticated.
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/authorize/login matched to endpoint type Authorize
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Mapping found for endpoint: Authorize, creating handler: IdentityServer4.Endpoints.AuthorizeEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize/login
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Start authorize request (after login)
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[8]
AuthenticationScheme: Identity.Application was successfully authenticated.
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
User in authorize request: df21b123-d4b6-40ef-beed-e918bdfd56e9
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Start authorize request protocol validation
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[8]
AuthenticationScheme: Identity.Application was successfully authenticated.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
ValidatedAuthorizeRequest
{
"ClientId": "webapp",
"ClientName": "Client WebApp",
"RedirectUri": "http://localhost:44300/signin-oidc",
"AllowedRedirectUris": [
"http://localhost:44300/signin-oidc"
],
"SubjectId": "df21b123-d4b6-40ef-beed-e918bdfd56e9",
"ResponseType": "code id_token",
"ResponseMode": "form_post",
"GrantType": "hybrid",
"RequestedScopes": "openid profile",
"State": "OpenIdConnect.AuthenticationProperties=m1ybV84KFOLgklhcmtb8iR6VFuDBxWSzJKpTy83w7RF3zRTwd9zHBbdSyiAHbuea2D6FM1MjCJvMbql9qjcTntyu95POoCAWGwDML0nkiaYnKPKtJxgZ7FagyvYvz87C6pYlJWmL2zbrTFkYh7IPmX-Qv9rPOfyp4uwhhbZZ731vfL1mSxuhh_p1dPVNFJJav4E8bZXyadg94EXJbqb3ecc_jQHWn1F_eiJsoVMSRdk",
"Nonce": "636268234716844341.OTFhNGE1ZTEtNTMyYy00Y2MyLWFjOGMtMDE1NjBmNDY3ZGM1NWFmNzIxMjItYTgzZC00NjJhLTk4YWMtNDExOTA0N2I4MjNl",
"SessionId": "61d148313b2a7485dd27e3110ea61fff",
"Raw": {
"client_id": "webapp",
"redirect_uri": "http://localhost:44300/signin-oidc",
"response_mode": "form_post",
"response_type": "id_token code",
"scope": "openid profile",
"state": "OpenIdConnect.AuthenticationProperties=m1ybV84KFOLgklhcmtb8iR6VFuDBxWSzJKpTy83w7RF3zRTwd9zHBbdSyiAHbuea2D6FM1MjCJvMbql9qjcTntyu95POoCAWGwDML0nkiaYnKPKtJxgZ7FagyvYvz87C6pYlJWmL2zbrTFkYh7IPmX-Qv9rPOfyp4uwhhbZZ731vfL1mSxuhh_p1dPVNFJJav4E8bZXyadg94EXJbqb3ecc_jQHWn1F_eiJsoVMSRdk",
"nonce": "636268234716844341.OTFhNGE1ZTEtNTMyYy00Y2MyLWFjOGMtMDE1NjBmNDY3ZGM1NWFmNzIxMjItYTgzZC00NjJhLTk4YWMtNDExOTA0N2I4MjNl",
"x-client-SKU": "ID_NET",
"x-client-ver": "1.0.40306.1554"
}
}
info: Microsoft.EntityFrameworkCore.Storage.IRelationalCommandBuilderFactory[1]
Executed DbCommand (0ms) [Parameters=[@__get_Item_0='?' (Size = 450)], CommandType='Text', CommandTimeout='30']
SELECT TOP(1) [e].[Id], [e].[AccessFailedCount], [e].[ConcurrencyStamp], [e].[DefaultDatabaseName], [e].[DefaultDatabaseServer], [e].[Email], [e].[EmailConfirmed], [e].[HierarchyIds], [e].[LockoutEnabled], [e].[LockoutEnd], [e].[NormalizedEmail], [e].[NormalizedUserName], [e].[PasswordHash], [e].[PhoneNumber], [e].[PhoneNumberConfirmed], [e].[SecurityStamp], [e].[TwoFactorEnabled], [e].[UserName]
FROM [AspNetUsers] AS [e]
WHERE [e].[Id] = @__get_Item_0
info: IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator[0]
Showing consent: User has not yet consented
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 138.8585ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fconsent%3Fclient_id%3Dwebapp%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A44300%252Fsignin-oidc%26response_mode%3Dform_post%26response_type%3Did_token%2520code%26scope%3Dopenid%2520profile%26state%3DOpenIdConnect.AuthenticationProperties%253Dm1ybV84KFOLgklhcmtb8iR6VFuDBxWSzJKpTy83w7RF3zRTwd9zHBbdSyiAHbuea2D6FM1MjCJvMbql9qjcTntyu95POoCAWGwDML0nkiaYnKPKtJxgZ7FagyvYvz87C6pYlJWmL2zbrTFkYh7IPmX-Qv9rPOfyp4uwhhbZZ731vfL1mSxuhh_p1dPVNFJJav4E8bZXyadg94EXJbqb3ecc_jQHWn1F_eiJsoVMSRdk%26nonce%3D636268234716844341.OTFhNGE1ZTEtNTMyYy00Y2MyLWFjOGMtMDE1NjBmNDY3ZGM1NWFmNzIxMjItYTgzZC00NjJhLTk4YWMtNDExOTA0N2I4MjNl%26x-client-SKU%3DID_NET%26x-client-ver%3D1.0.40306.1554
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[3]
HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Identity.Application.
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[8]
AuthenticationScheme: Identity.Application was successfully authenticated.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 32.5652ms 404
运行旧版本.NET的应用程序不相关。
,IdentityServer的作者之一演示了如何将WinForm应用程序与IDS4连接起来 与IDS4的通信是通过HTTP请求进行的,您的客户端可以是任何东西,只要它能够处理与IDS4的通信。
我建议您打开fiddler并监视请求以查看传递的参数。
您也可以使用其中一个作为ID的基础,或将其与您的设置进行比较,以检查有何问题。运行较旧版本的.NET的应用程序与此无关。
,IdentityServer的作者之一演示了如何将WinForm应用程序与IDS4连接起来 与IDS4的通信是通过HTTP请求进行的,您的客户端可以是任何东西,只要它能够处理与IDS4的通信。
我建议您打开fiddler并监视请求以查看传递的参数。
您也可以使用其中一个作为ID的基础,或将其与您的设置进行比较,以检查是否有问题。从您的日志中可以看出,您的用户尚未同意所请求的作用域,因此正在尝试导航到Identity Server上用户可以同意的页面
`Request starting HTTP/1.1 GET http://localhost:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fconsent%3Fclient_id%3Dwebapp%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A44300%252Fsignin-oidc%26response_mode%3Dform_post%26response_type%3Did_token%2520code%26scope%3Dopenid%2520profile%26state%3DOpenIdConnect.AuthenticationProperties%253Dm1ybV84KFOLgklhcmtb8iR6VFuDBxWSzJKpTy83w7RF3zRTwd9zHBbdSyiAHbuea2D6FM1MjCJvMbql9qjcTntyu95POoCAWGwDML0nkiaYnKPKtJxgZ7FagyvYvz87C6pYlJWmL2zbrTFkYh7IPmX-Qv9rPOfyp4uwhhbZZ731vfL1mSxuhh_p1dPVNFJJav4E8bZXyadg94EXJbqb3ecc_jQHWn1F_eiJsoVMSRdk%26nonce%3D636268234716844341.OTFhNGE1ZTEtNTMyYy00Y2MyLWFjOGMtMDE1NjBmNDY3ZGM1NWFmNzIxMjItYTgzZC00NjJhLTk4YWMtNDExOTA0N2I4MjNl%26x-client-SKU%3DID_NET%26x-client-ver%3D1.0.40306.1554`
此步骤发生在重定向回您的呼叫网站之前,因此我猜您尚未在IdSvr上实现此页面,从您的日志中可以看出,您的用户尚未同意所请求的范围,因此正在尝试导航到Identity Server上用户可以同意的页面
`Request starting HTTP/1.1 GET http://localhost:5000/consent?returnUrl=%2Fconnect%2Fauthorize%2Fconsent%3Fclient_id%3Dwebapp%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A44300%252Fsignin-oidc%26response_mode%3Dform_post%26response_type%3Did_token%2520code%26scope%3Dopenid%2520profile%26state%3DOpenIdConnect.AuthenticationProperties%253Dm1ybV84KFOLgklhcmtb8iR6VFuDBxWSzJKpTy83w7RF3zRTwd9zHBbdSyiAHbuea2D6FM1MjCJvMbql9qjcTntyu95POoCAWGwDML0nkiaYnKPKtJxgZ7FagyvYvz87C6pYlJWmL2zbrTFkYh7IPmX-Qv9rPOfyp4uwhhbZZ731vfL1mSxuhh_p1dPVNFJJav4E8bZXyadg94EXJbqb3ecc_jQHWn1F_eiJsoVMSRdk%26nonce%3D636268234716844341.OTFhNGE1ZTEtNTMyYy00Y2MyLWFjOGMtMDE1NjBmNDY3ZGM1NWFmNzIxMjItYTgzZC00NjJhLTk4YWMtNDExOTA0N2I4MjNl%26x-client-SKU%3DID_NET%26x-client-ver%3D1.0.40306.1554`
此步骤发生在重定向回您的呼叫网站之前,因此我猜您尚未在IdSvr上实现此页面,您能否提供更多详细信息,例如您正在使用的流量/授权类型,并显示您的客户端定义。我已编辑了我的帖子以提供相关设置代码。您能否提供更多详细信息,例如,您正在使用的流量/赠款类型,并显示您的客户定义。我已编辑我的帖子以提供相关设置代码。正如您所说,我的理解是,客户并不重要,但我无法使其正常工作。我已经按照IdentityServer4和IdentityServer3的示例实现了测试服务器和客户端。正如您所说,我的理解是,客户端并不重要,但我还无法让它工作。我已经按照IdentityServer4和IdentityServer3示例实现了测试服务器和客户端。我已经检查了我遵循的示例,以了解如何创建这些页面。我会继续寻找它,但我注意到了以下信息:Url:它说在客户端配置中使用RequireSend=false,我尝试了它,但结果是一样的。我检查了我遵循的示例,看看如何创建这些页面。我会继续寻找它,但我注意到了以下信息:Url:它说在客户端配置中使用requiresent=false,我尝试过,但结果是一样的。