C# OWIN OpenID connect授权无法授权受保护的控制器/操作
我正在从事一个项目,其中第三方提供商将充当基于Oauth2的授权服务器。一个基于Asp.net MVC 5的客户端,它将用户发送到授权服务器进行身份验证(使用登录/密码),身份验证服务器将向MVC客户端返回一个访问令牌。对资源服务器(API)的任何进一步调用都将使用访问令牌进行 为了实现这一点,我使用了Microsoft.Owin.Security.OpenIdConnect和UseOpenIdConnectAuthentication扩展。我能够成功重定向并从身份验证服务器获取访问令牌,但客户端没有创建身份验证Cookie。每次尝试访问安全页面时,我都会得到带有访问令牌的回调页面 我错过了什么?我现在的代码如下 安全控制器操作:C# OWIN OpenID connect授权无法授权受保护的控制器/操作,c#,oauth-2.0,wso2,owin,openid-connect,C#,Oauth 2.0,Wso2,Owin,Openid Connect,我正在从事一个项目,其中第三方提供商将充当基于Oauth2的授权服务器。一个基于Asp.net MVC 5的客户端,它将用户发送到授权服务器进行身份验证(使用登录/密码),身份验证服务器将向MVC客户端返回一个访问令牌。对资源服务器(API)的任何进一步调用都将使用访问令牌进行 为了实现这一点,我使用了Microsoft.Owin.Security.OpenIdConnect和UseOpenIdConnectAuthentication扩展。我能够成功重定向并从身份验证服务器获取访问令牌,但客户
namespace MvcWebApp.Controllers
{
public class SecuredController : Controller
{
// GET: Secured
[Authorize]
public ActionResult Index()
{
return View((User as ClaimsPrincipal).Claims);
}
}
}
启动类:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType("ClientCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = "ClientCookie",
CookieName = CookieAuthenticationDefaults.CookiePrefix + "ClientCookie",
ExpireTimeSpan = TimeSpan.FromMinutes(5)
});
// ***************************************************************************
// Approach 1 : ResponseType = "id_token token"
// ***************************************************************************
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType(),
Authority = "https://thirdparty.com.au/oauth2",
ClientId = "_Th4GVMa0JSrJ8RKcZrzbcexk5ca",
ClientSecret = "a3GVJJbLHkrn9nJRj3IGNvk5eGQa",
RedirectUri = "http://mvcwebapp.local/",
ResponseType = "id_token token",
Scope = "openid",
Configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = "https://thirdparty.com.au/oauth2/authorize",
TokenEndpoint = "https://thirdparty.com.au/oauth2/token",
UserInfoEndpoint = "https://thirdparty.com.au/oauth2/userinfo",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
var token = n.ProtocolMessage.AccessToken;
// persist access token in cookie
if (!string.IsNullOrEmpty(token))
{
n.AuthenticationTicket.Identity.AddClaim(
new Claim("access_token", token));
}
return Task.FromResult(0);
},
AuthenticationFailed = notification =>
{
if (string.Equals(notification.ProtocolMessage.Error, "access_denied", StringComparison.Ordinal))
{
notification.HandleResponse();
notification.Response.Redirect("/");
}
return Task.FromResult<object>(null);
}
}
});
// ***************************************************************************
// Approach 2 : ResponseType = "code"
// ***************************************************************************
//app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
//{
// AuthenticationMode = AuthenticationMode.Active,
// AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
// SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType(),
// Authority = "https://thirdparty.com.au/oauth2",
// ClientId = "_Th4GVMa0JSrJ8RKcZrzbcexk5ca",
// ClientSecret = "a3GVJJbLHkrn9nJRj3IGNvk5eGQa",
// RedirectUri = "http://mvcwebapp.local/",
// ResponseType = "code",
// Scope = "openid",
// Configuration = new OpenIdConnectConfiguration
// {
// AuthorizationEndpoint = "https://thirdparty.com.au/oauth2/authorize",
// TokenEndpoint = "https://thirdparty.com.au/oauth2/token",
// UserInfoEndpoint = "https://thirdparty.com.au/oauth2/userinfo",
// },
// Notifications = new OpenIdConnectAuthenticationNotifications
// {
// AuthorizationCodeReceived = async (notification) =>
// {
// using (var client = new HttpClient())
// {
// var configuration = await notification.Options.ConfigurationManager.GetConfigurationAsync(notification.Request.CallCancelled);
// var request = new HttpRequestMessage(HttpMethod.Get, configuration.TokenEndpoint);
// request.Content = new FormUrlEncodedContent(new Dictionary<string, string>
// {
// {OpenIdConnectParameterNames.ClientId, notification.Options.ClientId},
// {OpenIdConnectParameterNames.ClientSecret, notification.Options.ClientSecret},
// {OpenIdConnectParameterNames.Code, notification.ProtocolMessage.Code},
// {OpenIdConnectParameterNames.GrantType, "authorization_code"},
// {OpenIdConnectParameterNames.ResponseType, "token"},
// {OpenIdConnectParameterNames.RedirectUri, notification.Options.RedirectUri}
// });
// var response = await client.SendAsync(request, notification.Request.CallCancelled);
// response.EnsureSuccessStatusCode();
// var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
// // Add the access token to the returned ClaimsIdentity to make it easier to retrieve.
// notification.AuthenticationTicket.Identity.AddClaim(new Claim(
// type: OpenIdConnectParameterNames.AccessToken,
// value: payload.Value<string>(OpenIdConnectParameterNames.AccessToken)));
// }
// }
// }
//});
}
}
公共类启动
{
公共无效配置(IAppBuilder应用程序)
{
app.SetDefaultSignInAsAuthenticationType(“ClientCookie”);
app.UseCookieAuthentication(新的CookieAuthenticationOptions
{
AuthenticationMode=AuthenticationMode.Active,
AuthenticationType=“ClientCookie”,
CookieName=CookieAuthenticationDefaults.CookiePrefix+“ClientCookie”,
ExpireTimeSpan=时间跨度从分钟(5)
});
// ***************************************************************************
//方法1:ResponseType=“id\u令牌”
// ***************************************************************************
app.UseOpenIdConnectAuthentication(新的OpenIdConnectAuthenticationOptions
{
AuthenticationMode=AuthenticationMode.Active,
AuthenticationType=OpenIdConnectAuthenticationDefaults.AuthenticationType,
SignInAsAuthenticationType=app.GetDefaultSignInAsAuthenticationType(),
权威=”https://thirdparty.com.au/oauth2",
ClientId=“_th4GVMA0JSRJ8RKCZBRZBCEXK5CA”,
ClientSecret=“a3GVJJbLHkrn9nJRj3IGNvk5eGQa”,
重定向URI=”http://mvcwebapp.local/",
ResponseType=“id\u令牌”,
Scope=“openid”,
配置=新的OpenIdConnectConfiguration
{
授权端点=”https://thirdparty.com.au/oauth2/authorize",
标记端点=”https://thirdparty.com.au/oauth2/token",
UserInfoEndpoint=”https://thirdparty.com.au/oauth2/userinfo",
},
通知=新的OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated=n=>
{
var token=n.ProtocolMessage.AccessToken;
//在cookie中持久化访问令牌
如果(!string.IsNullOrEmpty(令牌))
{
n、 AuthenticationTicket.Identity.AddClaim(
新声明(“访问令牌”,令牌));
}
返回Task.FromResult(0);
},
AuthenticationFailed=通知=>
{
if(string.Equals(notification.ProtocolMessage.Error,“拒绝访问”,StringComparison.Ordinal))
{
notification.HandleResponse();
通知.响应.重定向(“/”);
}
返回Task.FromResult(空);
}
}
});
// ***************************************************************************
//方法2:ResponseType=“代码”
// ***************************************************************************
//app.UseOpenIdConnectAuthentication(新的OpenIdConnectAuthenticationOptions
//{
//AuthenticationMode=AuthenticationMode.Active,
//AuthenticationType=OpenIdConnectAuthenticationDefaults.AuthenticationType,
//SignInAsAuthenticationType=app.GetDefaultSignInAsAuthenticationType(),
//权威=”https://thirdparty.com.au/oauth2",
//ClientId=“_th4GVMA0JSRJ8RKCZBRZBCEXK5CA”,
//ClientSecret=“a3GVJJbLHkrn9nJRj3IGNvk5eGQa”,
//重定向URI=”http://mvcwebapp.local/",
//ResponseType=“code”,
//Scope=“openid”,
//配置=新的OpenIdConnectConfiguration
// {
//授权端点=”https://thirdparty.com.au/oauth2/authorize",
//标记端点=”https://thirdparty.com.au/oauth2/token",
//UserInfoEndpoint=”https://thirdparty.com.au/oauth2/userinfo",
// },
//通知=新的OpenIdConnectAuthenticationNotifications
// {
//AuthorizationCodeReceived=异步(通知)=>
// {
//使用(var client=new HttpClient())
// {
//var configuration=wait notification.Options.ConfigurationManager.GetConfigurationAsync(notification.Request.CallCancelled);
//var request=newhttprequestmessage(HttpMethod.Get,configuration.TokenEndpoint);
//request.Content=newformurlencodedcontent(新字典
// {
//{OpenIdConnectParameterNames.ClientId,notification.Options.ClientId},
//{OpenIdConnectParameterNames.ClientSecret,notification.Options.ClientSecret},
//{OpenIdConnectParameterNames.Code,notification.ProtocolMessage.Code},
//{OpenIdConnectParameterNames.GrantType,“授权码”},
//{OpenIdConnectParameterNames.ResponseType,“令牌”},
//