Fatal编程技术网
  • authentication/
  • Identity server发出AuthenticationScheme:承载人因客户端凭据获得的令牌而受到质疑。如何找出潜在的错误?

Identity server发出AuthenticationScheme:承载人因客户端凭据获得的令牌而受到质疑。如何找出潜在的错误?

authentication asp.net-core identityserver4

Identity server发出AuthenticationScheme:承载人因客户端凭据获得的令牌而受到质疑。如何找出潜在的错误?,authentication,asp.net-core,identityserver4,bearer-token,clientcredential,Authentication,Asp.net Core,Identityserver4,Bearer Token,Clientcredential,在使用Identity Server 4(ASP.NET Core 3.1)时,我无法验证某些集成测试请求 我的设置如下: 身份服务器配置 在这里,我收到一个承载令牌,但似乎没有被接受(Identity Server发出以下错误)。如下所示: { "nbf": 1587392198, "exp": 1587395798, "iss": "http://localhost:54916", "aud": "resourceapi", "client_id": "STACKOVER

在使用Identity Server 4(ASP.NET Core 3.1)时,我无法验证某些集成测试请求

我的设置如下:

身份服务器配置 在这里,我收到一个承载令牌,但似乎没有被接受(Identity Server发出以下错误)。如下所示:

{
  "nbf": 1587392198,
  "exp": 1587395798,
  "iss": "http://localhost:54916",
  "aud": "resourceapi",
  "client_id": "STACKOVERFLOW_METRO_MIRROR",
  "scope": [
    "api.read"
  ]
}


> IdentityServer4.Hosting.IdentityServerMiddleware: Information:
> Invoking IdentityServer endpoint:
> IdentityServer4.Endpoints.TokenEndpoint for /connect/token
> IdentityServer4.Validation.TokenRequestValidator: Information: Token
> request validation success, {   "ClientId":
> "STACKOVERFLOW_METRO_MIRROR",   "ClientName": "My Client Name",
> "GrantType": "client_credentials",   "Scopes": "api.read",   "Raw": {
>     "grant_type": "client_credentials",
>     "scope": "api.read",
>     "client_id": "MY_CLIENT_ID",
>     "client_secret": "***REDACTED***"   } } Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request
> starting HTTP/1.1 GET
> http://localhost:44324/api/GeneralData/GetAllTags  
> Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware:
> Information: No cached response available for this request.
> Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:
> Information: Authorization failed.
> Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:
> Information: AuthenticationScheme: Bearer was challenged.
由于我的设置还包括一个能够成功进行身份验证的SPA(通过Identity Server登录表单登录->获取令牌->API成功使用令牌),我解密了这样一个令牌,以查看是否看到任何相关差异,这些差异可能会揭示我在测试身份验证流中缺少的内容:

{
  "nbf": 1587393059,
  "exp": 1587396659,
  "iss": "http://localhost:54916",
  "aud": "resourceapi",
  "client_id": "MY_CLIENT_ID",
  "sub": "fd351b3b-dfb2-4f2f-8987-af9d23c9dc6e",
  "auth_time": 1587393055,
  "idp": "local",
  "given_name": "test",
  "email": "test@example.com",
  "scope": [
    "openid",
    "email",
    "profile",
    "api.read"
  ],
  "amr": [
    "pwd"
  ]
}
ASP.NET核心Web API Startup.cs 
public void配置服务(IServiceCollection服务)
{
services.ConfigureCustomServices();
服务。配置设置(配置);
服务。配置安全性(配置);
services.ConfigureMvc();
services.BindLogging();
services.ConfigureRedisCache(配置);
services.ConfigureApiExplorer();
AddHttpContextAccessor();
AddDbContext(配置);
配置AuditNet();
services.AddCorsAndPolicy();
服务。配置Hangfire(配置);
services.AddSignalR();
服务.AddAutoMapper(类型(问题档案).Assembly);
services.AddHealthChecks();
服务
.AddControllers();
}
public void Configure(IApplicationBuilder应用程序、IWebHostEnvironment环境、,
ILoggingService logger、iHostApplication生命周期、IServiceProvider服务提供商、,
ISOAPIdailyRequestInfo服务(SOAPIDailyRequestInfo服务)
{
app.UseResponseCaching();
app.UseMiddleware();
app.protectChangFireDashboard();
应用程序配置例外页面(环境);
应用程序StartAngfireJobs(服务提供商,配置);
配置应用程序生命周期(记录器、生命周期、SOAPIDailyRequestInfo服务);
app.UseHttpsRedirection();
app.UseRouting();
附录UseCors(“公司政策”);
app.UseAuthentication();
app.UseAuthorization();
app.usermiddleware();
app.UseEndpoints(端点=>
{
endpoints.MapControllers();
endpoints.MapHub(“/post”);
端点。MapHealthChecks(“/health”);
});
app.ConfigureAuditMiddleware();
app.UseSwagger();
}
不幸的是,Identity server提供了一个非常常见的错误,我确实看到了我在这里遗漏的内容

问题:身份服务器问题
身份验证方案:针对客户端凭据获得的令牌,承载人受到了挑战。如何找出潜在错误?
在stratup.cs配置方法中,请确保app.Use的顺序。。。你说得对


例如,
app.UseAuthentication()
app.UseMvc()之前
能否在stratup.cs中共享您的客户端配置方法?可能应用程序的顺序不正确。请使用………@AnupamMaiti-我已编辑了我的问题。我也考虑过这一点,但是SPA获得的承载令牌被相同的端点视为有效(属于
[Authorize]
d控制器),因此我想我的问题与身份验证流有关,而不是与启动配置有关。请共享Configure()方法,而不是ConfigureServices()@anupamaiti抱歉,忘了那里的订单很重要。谢谢。很抱歉回复太晚,但我终于意识到Refit忽略了授权HeaderValueGetter,并且令牌实际上没有被发送到服务器。无论如何,我还为API测试创建了一个单独的客户端,以避免与开发客户端(SPA)混合。谢谢你的支持。

var client = new HttpClient();
var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
    Address = $"{IdentityServerUrl}/connect/token",
    ClientId = "MY_CLIENT_ID",
    ClientSecret = IdentityServerPass,
    Scope = "api.read"

}).ConfigureAwait(false);
tokenResponse.HttpResponse.EnsureSuccessStatusCode();



{
  "nbf": 1587392198,
  "exp": 1587395798,
  "iss": "http://localhost:54916",
  "aud": "resourceapi",
  "client_id": "STACKOVERFLOW_METRO_MIRROR",
  "scope": [
    "api.read"
  ]
}


> IdentityServer4.Hosting.IdentityServerMiddleware: Information:
> Invoking IdentityServer endpoint:
> IdentityServer4.Endpoints.TokenEndpoint for /connect/token
> IdentityServer4.Validation.TokenRequestValidator: Information: Token
> request validation success, {   "ClientId":
> "STACKOVERFLOW_METRO_MIRROR",   "ClientName": "My Client Name",
> "GrantType": "client_credentials",   "Scopes": "api.read",   "Raw": {
>     "grant_type": "client_credentials",
>     "scope": "api.read",
>     "client_id": "MY_CLIENT_ID",
>     "client_secret": "***REDACTED***"   } } Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request
> starting HTTP/1.1 GET
> http://localhost:44324/api/GeneralData/GetAllTags  
> Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware:
> Information: No cached response available for this request.
> Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:
> Information: Authorization failed.
> Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:
> Information: AuthenticationScheme: Bearer was challenged.



{
  "nbf": 1587393059,
  "exp": 1587396659,
  "iss": "http://localhost:54916",
  "aud": "resourceapi",
  "client_id": "MY_CLIENT_ID",
  "sub": "fd351b3b-dfb2-4f2f-8987-af9d23c9dc6e",
  "auth_time": 1587393055,
  "idp": "local",
  "given_name": "test",
  "email": "test@example.com",
  "scope": [
    "openid",
    "email",
    "profile",
    "api.read"
  ],
  "amr": [
    "pwd"
  ]
}



public void ConfigureServices(IServiceCollection services)
{
    services.ConfigureCustomServices();

    services.ConfigureSettings(Configuration);
    services.ConfigureSecurity(Configuration);
    services.ConfigureMvc();
    services.BindLogging();

    services.ConfigureRedisCache(Configuration);
    services.ConfigureApiExplorer();
    services.AddHttpContextAccessor();

    services.AddDbContext(Configuration);
    ConfigureAuditNet();

    services.AddCorsAndPolicy();

    services.ConfigureHangfire(Configuration);

    services.AddSignalR();
    services.AddAutoMapper(typeof(QuestionProfile).Assembly);
    services.AddHealthChecks();

    services
        .AddControllers();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env,
    ILoggingService logger, IHostApplicationLifetime lifetime, IServiceProvider serviceProvider,
    ISoApiDailyRequestInfoService soApiDailyRequestInfoService)
{
    app.UseResponseCaching();

    app.UseMiddleware<ResponseTimeMiddleware>();

    app.ProtectHangfireDashboard();

    app.ConfigureExceptionPage(env);

    app.StartHangFireJobs(serviceProvider, Configuration);

    ConfigureApplicationLifetime(logger, lifetime, soApiDailyRequestInfoService);

    app.UseHttpsRedirection();

    app.UseRouting();
    app.UseCors("CorsPolicy");

    app.UseAuthentication();
    app.UseAuthorization();
    app.EnsureAppUserMiddleware();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();

        endpoints.MapHub<PostHub>("/post");
        endpoints.MapHealthChecks("/health");
    });

    app.ConfigureAuditMiddleware();
    app.UseSwagger();
}