Identity server发出AuthenticationScheme:承载人因客户端凭据获得的令牌而受到质疑。如何找出潜在的错误?
在使用Identity Server 4(ASP.NET Core 3.1)时,我无法验证某些集成测试请求 我的设置如下: 身份服务器配置 在这里,我收到一个承载令牌,但似乎没有被接受(Identity Server发出以下错误)。如下所示:Identity server发出AuthenticationScheme:承载人因客户端凭据获得的令牌而受到质疑。如何找出潜在的错误?,authentication,asp.net-core,identityserver4,bearer-token,clientcredential,Authentication,Asp.net Core,Identityserver4,Bearer Token,Clientcredential,在使用Identity Server 4(ASP.NET Core 3.1)时,我无法验证某些集成测试请求 我的设置如下: 身份服务器配置 在这里,我收到一个承载令牌,但似乎没有被接受(Identity Server发出以下错误)。如下所示: { "nbf": 1587392198, "exp": 1587395798, "iss": "http://localhost:54916", "aud": "resourceapi", "client_id": "STACKOVER
{
"nbf": 1587392198,
"exp": 1587395798,
"iss": "http://localhost:54916",
"aud": "resourceapi",
"client_id": "STACKOVERFLOW_METRO_MIRROR",
"scope": [
"api.read"
]
}
> IdentityServer4.Hosting.IdentityServerMiddleware: Information:
> Invoking IdentityServer endpoint:
> IdentityServer4.Endpoints.TokenEndpoint for /connect/token
> IdentityServer4.Validation.TokenRequestValidator: Information: Token
> request validation success, { "ClientId":
> "STACKOVERFLOW_METRO_MIRROR", "ClientName": "My Client Name",
> "GrantType": "client_credentials", "Scopes": "api.read", "Raw": {
> "grant_type": "client_credentials",
> "scope": "api.read",
> "client_id": "MY_CLIENT_ID",
> "client_secret": "***REDACTED***" } } Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request
> starting HTTP/1.1 GET
> http://localhost:44324/api/GeneralData/GetAllTags
> Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware:
> Information: No cached response available for this request.
> Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:
> Information: Authorization failed.
> Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:
> Information: AuthenticationScheme: Bearer was challenged.
由于我的设置还包括一个能够成功进行身份验证的SPA(通过Identity Server登录表单登录->获取令牌->API成功使用令牌),我解密了这样一个令牌,以查看是否看到任何相关差异,这些差异可能会揭示我在测试身份验证流中缺少的内容:
{
"nbf": 1587393059,
"exp": 1587396659,
"iss": "http://localhost:54916",
"aud": "resourceapi",
"client_id": "MY_CLIENT_ID",
"sub": "fd351b3b-dfb2-4f2f-8987-af9d23c9dc6e",
"auth_time": 1587393055,
"idp": "local",
"given_name": "test",
"email": "test@example.com",
"scope": [
"openid",
"email",
"profile",
"api.read"
],
"amr": [
"pwd"
]
}
ASP.NET核心Web API Startup.cs
public void配置服务(IServiceCollection服务)
{
services.ConfigureCustomServices();
服务。配置设置(配置);
服务。配置安全性(配置);
services.ConfigureMvc();
services.BindLogging();
services.ConfigureRedisCache(配置);
services.ConfigureApiExplorer();
AddHttpContextAccessor();
AddDbContext(配置);
配置AuditNet();
services.AddCorsAndPolicy();
服务。配置Hangfire(配置);
services.AddSignalR();
服务.AddAutoMapper(类型(问题档案).Assembly);
services.AddHealthChecks();
服务
.AddControllers();
}
public void Configure(IApplicationBuilder应用程序、IWebHostEnvironment环境、,
ILoggingService logger、iHostApplication生命周期、IServiceProvider服务提供商、,
ISOAPIdailyRequestInfo服务(SOAPIDailyRequestInfo服务)
{
app.UseResponseCaching();
app.UseMiddleware();
app.protectChangFireDashboard();
应用程序配置例外页面(环境);
应用程序StartAngfireJobs(服务提供商,配置);
配置应用程序生命周期(记录器、生命周期、SOAPIDailyRequestInfo服务);
app.UseHttpsRedirection();
app.UseRouting();
附录UseCors(“公司政策”);
app.UseAuthentication();
app.UseAuthorization();
app.usermiddleware();
app.UseEndpoints(端点=>
{
endpoints.MapControllers();
endpoints.MapHub(“/post”);
端点。MapHealthChecks(“/health”);
});
app.ConfigureAuditMiddleware();
app.UseSwagger();
}
不幸的是,Identity server提供了一个非常常见的错误,我确实看到了我在这里遗漏的内容
问题:身份服务器问题
身份验证方案:针对客户端凭据获得的令牌,承载人受到了挑战。如何找出潜在错误?在stratup.cs配置方法中,请确保app.Use的顺序。。。你说得对
例如,app.UseAuthentication()
在app.UseMvc()之前
能否在stratup.cs中共享您的客户端配置方法?可能应用程序的顺序不正确。请使用………@AnupamMaiti-我已编辑了我的问题。我也考虑过这一点,但是SPA获得的承载令牌被相同的端点视为有效(属于[Authorize]
d控制器),因此我想我的问题与身份验证流有关,而不是与启动配置有关。请共享Configure()方法,而不是ConfigureServices()@anupamaiti抱歉,忘了那里的订单很重要。谢谢。很抱歉回复太晚,但我终于意识到Refit忽略了授权HeaderValueGetter,并且令牌实际上没有被发送到服务器。无论如何,我还为API测试创建了一个单独的客户端,以避免与开发客户端(SPA)混合。谢谢你的支持。
var client = new HttpClient();
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = $"{IdentityServerUrl}/connect/token",
ClientId = "MY_CLIENT_ID",
ClientSecret = IdentityServerPass,
Scope = "api.read"
}).ConfigureAwait(false);
tokenResponse.HttpResponse.EnsureSuccessStatusCode();
{
"nbf": 1587392198,
"exp": 1587395798,
"iss": "http://localhost:54916",
"aud": "resourceapi",
"client_id": "STACKOVERFLOW_METRO_MIRROR",
"scope": [
"api.read"
]
}
> IdentityServer4.Hosting.IdentityServerMiddleware: Information:
> Invoking IdentityServer endpoint:
> IdentityServer4.Endpoints.TokenEndpoint for /connect/token
> IdentityServer4.Validation.TokenRequestValidator: Information: Token
> request validation success, { "ClientId":
> "STACKOVERFLOW_METRO_MIRROR", "ClientName": "My Client Name",
> "GrantType": "client_credentials", "Scopes": "api.read", "Raw": {
> "grant_type": "client_credentials",
> "scope": "api.read",
> "client_id": "MY_CLIENT_ID",
> "client_secret": "***REDACTED***" } } Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request
> starting HTTP/1.1 GET
> http://localhost:44324/api/GeneralData/GetAllTags
> Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware:
> Information: No cached response available for this request.
> Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:
> Information: Authorization failed.
> Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:
> Information: AuthenticationScheme: Bearer was challenged.
{
"nbf": 1587393059,
"exp": 1587396659,
"iss": "http://localhost:54916",
"aud": "resourceapi",
"client_id": "MY_CLIENT_ID",
"sub": "fd351b3b-dfb2-4f2f-8987-af9d23c9dc6e",
"auth_time": 1587393055,
"idp": "local",
"given_name": "test",
"email": "test@example.com",
"scope": [
"openid",
"email",
"profile",
"api.read"
],
"amr": [
"pwd"
]
}
public void ConfigureServices(IServiceCollection services)
{
services.ConfigureCustomServices();
services.ConfigureSettings(Configuration);
services.ConfigureSecurity(Configuration);
services.ConfigureMvc();
services.BindLogging();
services.ConfigureRedisCache(Configuration);
services.ConfigureApiExplorer();
services.AddHttpContextAccessor();
services.AddDbContext(Configuration);
ConfigureAuditNet();
services.AddCorsAndPolicy();
services.ConfigureHangfire(Configuration);
services.AddSignalR();
services.AddAutoMapper(typeof(QuestionProfile).Assembly);
services.AddHealthChecks();
services
.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env,
ILoggingService logger, IHostApplicationLifetime lifetime, IServiceProvider serviceProvider,
ISoApiDailyRequestInfoService soApiDailyRequestInfoService)
{
app.UseResponseCaching();
app.UseMiddleware<ResponseTimeMiddleware>();
app.ProtectHangfireDashboard();
app.ConfigureExceptionPage(env);
app.StartHangFireJobs(serviceProvider, Configuration);
ConfigureApplicationLifetime(logger, lifetime, soApiDailyRequestInfoService);
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CorsPolicy");
app.UseAuthentication();
app.UseAuthorization();
app.EnsureAppUserMiddleware();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapHub<PostHub>("/post");
endpoints.MapHealthChecks("/health");
});
app.ConfigureAuditMiddleware();
app.UseSwagger();
}