C# 从3.1.4更新identity server 4.0.0后,asp.net core 3与Mongo DB的作用域无效
在发现文档中,未添加范围标识portal.APIC# 从3.1.4更新identity server 4.0.0后,asp.net core 3与Mongo DB的作用域无效,c#,asp.net,asp.net-core,asp.net-identity,identityserver4,C#,Asp.net,Asp.net Core,Asp.net Identity,Identityserver4,在发现文档中,未添加范围标识portal.API { "issuer": "https://localhost:5001", "scopes_supported": ["profile", "openid", "email", "offline_access"], } 但是,配置中允许的范围如下所示 private static st
{
"issuer": "https://localhost:5001",
"scopes_supported": ["profile", "openid", "email", "offline_access"],
}
但是,配置中允许的范围如下所示
private static string apiScope = "IdentityPortal.API";
private static ICollection<string> AllowedScopes()
{
return new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
apiScope
};
}
在identity server中,identity Portal.API未作为受支持的声明添加
这是customPersistedGrantStore.cs
身份服务器设置
配置
问题是您刚刚在IDS4安装程序上添加了api资源,您需要更改代码以添加api作用域。要添加上面的api作用域,可以通过AddInMemoryApiScopes添加它。代码如下所示:
services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
services.AddIdentityServer()//.AddProfileService<ProfileService>()
.AddMongoRepository()
.AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
.AddClients()
.AddInMemoryApiScopes(Config.AllowedScopes)
.AddIdentityApiResources()
.AddPersistedGrants()
.AddDeveloperSigningCredential();
代码更改后,重新生成令牌并对其进行检查。您应该拥有一个道具aud=IdentityPortal.API,以及IdentityPortal.API的作用域
在使用DB时,您需要首先将DB迁移到新版本,以下是相关脚本:
DB更新后,请确保api资源上有数据,并且api资源的作用域与所需的作用域相匹配
查看我的博客文章以获得更详细的解释。
阅读更多官方文件新版本有一些,请查看。您的问题可能与类似。您可以发布您的Identity Server安装程序吗?@nahidf添加了Identity Server的安装代码否这没有帮助我可以在中查看支持的作用域:[配置文件、openid、电子邮件、脱机访问]。它应该包含IdentityPortal.api您的意思是即使在添加AddInMemoryApiScopesConfig.AllowedScopes后它也不在列表中?抱歉再次确认,因为这几乎不可能发生。我这里有一个完整的示例-本周早些时候迁移到v4仍然我得到相同的,更新的代码请看一看我不明白为什么会发生这种情况,也许与我共享您的回购链接,然后我会看一看。顺便说一句,我把迁移过程写在博客上,请随意阅读,以了解更改背后的更深层原因。我查看了ApiScopes和ApiResources配置中的帖子。我可以看到,您在这两种方法中都添加了api1和api2。我是否需要同时添加这两种方法?
scope: "profile openid email IdentityPortal.API offline_access",
public class CustomResourceStore : IResourceStore
{
protected IRepository _dbRepository;
public CustomResourceStore(IRepository repository)
{
_dbRepository = repository;
}
public Task<IEnumerable<IdentityResource>> FindIdentityResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
{
var list = _dbRepository.Where<IdentityResource>(e => scopeNames.Contains(e.Name));
return Task.FromResult(list.AsEnumerable());
}
public Task<IEnumerable<ApiScope>> FindApiScopesByNameAsync(IEnumerable<string> scopeNames)
{
var list = _dbRepository.Where<ApiScope>(a => scopeNames.Contains(a.Name));
return Task.FromResult(list.AsEnumerable());
}
public Task<IEnumerable<ApiResource>> FindApiResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
{
var list = _dbRepository.Where<ApiResource>(a => a.Scopes.Any(s => scopeNames.Contains(s)));
return Task.FromResult(list.AsEnumerable());
}
public Task<IEnumerable<ApiResource>> FindApiResourcesByNameAsync(IEnumerable<string> apiResourceNames)
{
var list = _dbRepository.Where<ApiResource>(a => apiResourceNames.Contains(a.Name));
return Task.FromResult(list.AsEnumerable());
}
public Task<Resources> GetAllResourcesAsync()
{
var result = new Resources(GetAllIdentityResources(), GetAllApiResources(),null);
return Task.FromResult(result);
}
private IEnumerable<IdentityResource> GetAllIdentityResources()
{
return _dbRepository.All<IdentityResource>();
}
private IEnumerable<ApiResource> GetAllApiResources()
{
return _dbRepository.All<ApiResource>();
}
private IEnumerable<ApiScope> GetAllApiScopes()
{
return _dbRepository.All<ApiScope>();
}
}
services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
services.AddIdentityServer()//.AddProfileService<ProfileService>()
.AddMongoRepository()
.AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
.AddClients()
.AddInMemoryApiScopes(Config.AllowedScopes())
.AddIdentityApiResources()
.AddPersistedGrants()
.AddDeveloperSigningCredential();
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
// base-address of your identityserver
options.Authority = "https://localhost:5001";
// name of the API resource
options.ApiName = "IdentityPortal.API";
});
public static IEnumerable<ApiScope> AllowedScopes()
{
return new List<ApiScope>
{
new ApiScope(IdentityServerConstants.StandardScopes.OpenId),
new ApiScope(IdentityServerConstants.StandardScopes.Profile),
new ApiScope(IdentityServerConstants.StandardScopes.Email),
new ApiScope(apiScope)
};
}
services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
services.AddIdentityServer()//.AddProfileService<ProfileService>()
.AddMongoRepository()
.AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
.AddClients()
.AddInMemoryApiScopes(Config.AllowedScopes)
.AddIdentityApiResources()
.AddPersistedGrants()
.AddDeveloperSigningCredential();