C# 答复.错误“;“禁止”;在IdentityServer3 Flows.ClientCredentials中
我的身份服务器中有一个客户端3C# 答复.错误“;“禁止”;在IdentityServer3 Flows.ClientCredentials中,c#,openid,access-token,identityserver3,client-certificates,C#,Openid,Access Token,Identityserver3,Client Certificates,我的身份服务器中有一个客户端3 new Client { ClientName = "Client Credentials Flow Client With Certificate", Enabled = true, ClientId = "cc.WithCertificate", Flow = Flows.ClientCredentials, ClientSecrets = new List<Secret> {
new Client
{
ClientName = "Client Credentials Flow Client With Certificate",
Enabled = true,
ClientId = "cc.WithCertificate",
Flow = Flows.ClientCredentials,
ClientSecrets = new List<Secret>
{
new Secret
{
Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29",
Type = Constants.SecretTypes.X509CertificateThumbprint,
Description = "Client Certificate"
},
},
AllowedScopes = new List<string>
{
"read"
}
},
客户端代码是
var cert = new X509Certificate2("Client.pfx");
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);
string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];
var client = new TokenClient(
tokenEndPoint,
"cc.WithCertificate",
handler);
// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;
我按照中的指定进行了配置
到
稍后,响应会出现错误状态代码:response.Error=“Forbidden”
在这里,我附上了响应对象的快照
请帮助我如何解决此问题并使用ClientCertificate获取AccessToken。您正在客户端使用“客户端.pfx
”证书,并且您正在通过HTTP请求将该证书传递给IdentityServer
所述证书具有根证书,即“DevRoot
”,它应该位于所述的受信任的根证书颁发机构中,否则IIS不允许请求并返回状态代码为403禁止的
请查看快照,它显示了“客户端.pfx
的信息”
因此,请确保“受信任的根证书颁发机构”中安装了“DevRoot
”
如果没有,请下载“DevRoot.cer
”并将其导入上述路径(即可信根证书颁发机构
)
DevRoot.cer下载URL:I在使用自签名客户端证书时面临相同的问题-
var cert = new X509Certificate2("Client.pfx");
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);
string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];
var client = new TokenClient(
tokenEndPoint,
"cc.WithCertificate",
handler);
// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;
<location path="core/connect/token">
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert" />
</security>
</system.webServer>
</location>
<section name="access" overrideModeDefault="Deny" />
<section name="access" overrideModeDefault="Allow" />