C# 声明在使用ASP.NET Core 5使用具有ASP.NET标识的oauth2进行身份验证后丢失
我为ASP.NET核心MVC 5.0提供了两种不同的C#Visual Studio 2019 16.9.4解决方案,一种作为身份提供者,另一种作为客户端。到目前为止,当我对客户端进行身份验证时,声明会持久化到cookie中,但当客户端应用程序中的oauth中间件调用令牌端点时,声明会丢失在HttpContext.User对象中。当我在Authorize/Tokenaction下注释掉代码时,它抛出一个异常,即无法提取JSON令牌,但在刷新客户端应用程序页面时,我能够在客户端应用程序中检索声明。你能帮我找出这个oauth和asp.net标识缺少的地方吗。我不想在access token中保留声明,因为它可能会变大 身份提供者的代码C# 声明在使用ASP.NET Core 5使用具有ASP.NET标识的oauth2进行身份验证后丢失,c#,asp.net-core,oauth-2.0,asp.net-identity,C#,Asp.net Core,Oauth 2.0,Asp.net Identity,我为ASP.NET核心MVC 5.0提供了两种不同的C#Visual Studio 2019 16.9.4解决方案,一种作为身份提供者,另一种作为客户端。到目前为止,当我对客户端进行身份验证时,声明会持久化到cookie中,但当客户端应用程序中的oauth中间件调用令牌端点时,声明会丢失在HttpContext.User对象中。当我在Authorize/Tokenaction下注释掉代码时,它抛出一个异常,即无法提取JSON令牌,但在刷新客户端应用程序页面时,我能够在客户端应用程序中检索声明。你
public class AuthorizeController : Controller
{
private readonly IConfiguration _configuration;
public AuthorizeController(IConfiguration configuration)
{
_configuration = configuration;
}
[HttpGet]
public IActionResult Login(string response_type,
string client_id,
string redirect_uri,
string scope,
string state)
{
return View(new LoginDTO
{
ClientId = client_id,
RedirectUri = redirect_uri,
ResponseType = response_type,
Scope = scope ?? string.Empty,
State = state
});
}
[HttpPost("Login")]
public async Task<IActionResult> Login(LoginDTO login)
{
var claims = new List<Claim>
{
new Claim("username", login.Username),
new Claim("usertype", "administrator"),
new Claim(ClaimTypes.Email, "someuser@somedev.com"),
new Claim(ClaimTypes.NameIdentifier, login.Username)
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
await HttpContext.SignInAsync(claimsPrincipal, new AuthenticationProperties
{
IsPersistent = true
});
var code = "random code here";
//build query string
var queryBuilder = new QueryBuilder();
queryBuilder.Add("code", code);
queryBuilder.Add("state", login.State);
return Redirect($"{ login.RedirectUri }{ queryBuilder.ToString() }");
}
public IActionResult Token(string grant_type,
string code,
string redirect_uri,
string client_id)
{
var user = HttpContext.User;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["ClientKey"]));
var securityToken = new JwtSecurityToken(issuer: _configuration["IdentityIssuer"],
audience: _configuration["IdentityAudience"],
expires: DateTime.UtcNow.AddDays(1),
signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
);
var accessToken = new JwtSecurityTokenHandler().WriteToken(securityToken);
return Ok(new
{
access_token = accessToken,
token_type = "Bearer"
});
//var response = new
//{
// access_token = accessToken,
// token_type = "Bearer"
//};
//Response.StatusCode = (int)HttpStatusCode.OK;
//var responseJson = JsonConvert.SerializeObject(response);
//var bytes = Encoding.UTF8.GetBytes(responseJson);
//await Response.Body.WriteAsync(bytes, 0, bytes.Length);
//return new EmptyResult();
}
}
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(Configuration["KeyFolder"]))
.SetApplicationName("SharedCookieApp");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oauth";
})
.AddCookie("Cookies", options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
})
.AddOAuth("oauth", config =>
{
config.SignInScheme = "Cookies";
config.SaveTokens = true;
config.ClientId = Configuration["ClientId"];
config.ClientSecret = Configuration["ClientKey"];
config.AccessDeniedPath = new PathString("/Home/AccessDenied");
config.CallbackPath = new PathString("/oauth/callback");
config.AuthorizationEndpoint = $"{Configuration["IdentityIssuer]}/authorize/login";
config.TokenEndpoint = $"{Configuration["IdentityIssuer"]}/authorize/token";
config.CorrelationCookie.HttpOnly = true;
config.CorrelationCookie.IsEssential = true;
config.CorrelationCookie.SameSite = SameSiteMode.None;
config.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
config.CorrelationCookie.Name = "Oauth.Correlation.Cookie";
});
services.AddAuthorization(options =>
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
options.AddPolicy("AuthenticatedUser", policy);
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}