C# 答复.错误“；“禁止”；在IdentityServer3 Flows.ClientCredentials中_C#_Openid_Access Token_Identityserver3_Client Certificates

C# 答复.错误“；“禁止”；在IdentityServer3 Flows.ClientCredentials中

c# openid

C# 答复.错误“；“禁止”；在IdentityServer3 Flows.ClientCredentials中,c#,openid,access-token,identityserver3,client-certificates,C#,Openid,Access Token,Identityserver3,Client Certificates,我的身份服务器中有一个客户端3 new Client { ClientName = "Client Credentials Flow Client With Certificate", Enabled = true, ClientId = "cc.WithCertificate", Flow = Flows.ClientCredentials, ClientSecrets = new List<Secret> {

我的身份服务器中有一个客户端3

new Client
{
    ClientName = "Client Credentials Flow Client With Certificate",
    Enabled = true,
    ClientId = "cc.WithCertificate",
    Flow = Flows.ClientCredentials,

    ClientSecrets = new List<Secret>
        {
            new Secret
            {
                Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29",
                Type = Constants.SecretTypes.X509CertificateThumbprint,
                Description = "Client Certificate"
            },
        },

    AllowedScopes = new List<string>
        {
            "read"
        }
},

客户端代码是

var cert = new X509Certificate2("Client.pfx");

var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);

string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];

var client = new TokenClient(
    tokenEndPoint,
    "cc.WithCertificate",
    handler);

// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;

我按照中的指定进行了配置

到

稍后，响应会出现错误状态代码：response.Error=“Forbidden”

在这里，我附上了响应对象的快照

请帮助我如何解决此问题并使用ClientCertificate获取AccessToken。

您正在客户端使用“客户端.pfx
”证书，并且您正在通过

HTTP请求将该证书传递给IdentityServer

所述证书具有根证书，即“DevRoot
”，它应该位于所述的

受信任的根证书颁发机构中，否则IIS不允许请求并返回状态代码为403禁止的

请查看快照，它显示了“客户端.pfx的信息”

因此，请确保“受信任的根证书颁发机构”中安装了“DevRoot”

如果没有，请下载“DevRoot.cer”并将其导入上述路径（即可信根证书颁发机构
）
DevRoot.cer下载URL:I在使用自签名客户端证书时面临相同的问题-
var cert = new X509Certificate2("Client.pfx");

var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);

string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];

var client = new TokenClient(
    tokenEndPoint,
    "cc.WithCertificate",
    handler);

// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;

<location path="core/connect/token">
  <system.webServer>
    <security>
      <access sslFlags="Ssl, SslNegotiateCert" />
    </security>
  </system.webServer>
</location>

<section name="access" overrideModeDefault="Deny" />

<section name="access" overrideModeDefault="Allow" />