C# 从3.1.4更新identity server 4.0.0后，asp.net core 3与Mongo DB的作用域无效_C#_Asp.net_Asp.net Core_Asp.net Identity_Identityserver4

C# 从3.1.4更新identity server 4.0.0后，asp.net core 3与Mongo DB的作用域无效

c# asp.net asp.net-core identityserver4

C# 从3.1.4更新identity server 4.0.0后，asp.net core 3与Mongo DB的作用域无效,c#,asp.net,asp.net-core,asp.net-identity,identityserver4,C#,Asp.net,Asp.net Core,Asp.net Identity,Identityserver4,在发现文档中，未添加范围标识portal.API { "issuer": "https://localhost:5001", "scopes_supported": ["profile", "openid", "email", "offline_access"], } 但是，配置中允许的范围如下所示 private static st

在发现文档中，未添加范围标识portal.API

{
    "issuer": "https://localhost:5001",
    "scopes_supported": ["profile", "openid", "email", "offline_access"],   
}

但是，配置中允许的范围如下所示

private static string apiScope = "IdentityPortal.API";
private static ICollection<string> AllowedScopes()
        {
            return new List<string>
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                IdentityServerConstants.StandardScopes.Email,
                apiScope
            };
        }

在identity server中，identity Portal.API未作为受支持的声明添加

这是customPersistedGrantStore.cs

身份服务器设置

配置

问题是您刚刚在IDS4安装程序上添加了api资源，您需要更改代码以添加api作用域。要添加上面的api作用域，可以通过AddInMemoryApiScopes添加它。代码如下所示：

services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
            services.AddIdentityServer()//.AddProfileService<ProfileService>()
                .AddMongoRepository()
                .AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
                .AddClients()
                .AddInMemoryApiScopes(Config.AllowedScopes)
                .AddIdentityApiResources()
                .AddPersistedGrants()
                .AddDeveloperSigningCredential();

代码更改后，重新生成令牌并对其进行检查。您应该拥有一个道具aud=IdentityPortal.API，以及IdentityPortal.API的作用域

在使用DB时，您需要首先将DB迁移到新版本，以下是相关脚本： DB更新后，请确保api资源上有数据，并且api资源的作用域与所需的作用域相匹配

查看我的博客文章以获得更详细的解释。

阅读更多官方文件

新版本有一些，请查看。您的问题可能与类似。您可以发布您的Identity Server安装程序吗？@nahidf添加了Identity Server的安装代码否这没有帮助我可以在中查看支持的作用域：[配置文件、openid、电子邮件、脱机访问]。它应该包含IdentityPortal.api您的意思是即使在添加AddInMemoryApiScopesConfig.AllowedScopes后它也不在列表中？抱歉再次确认，因为这几乎不可能发生。我这里有一个完整的示例-本周早些时候迁移到v4仍然我得到相同的，更新的代码请看一看我不明白为什么会发生这种情况，也许与我共享您的回购链接，然后我会看一看。顺便说一句，我把迁移过程写在博客上，请随意阅读，以了解更改背后的更深层原因。我查看了ApiScopes和ApiResources配置中的帖子。我可以看到，您在这两种方法中都添加了api1和api2。我是否需要同时添加这两种方法？

 scope: "profile openid email IdentityPortal.API offline_access",

public class CustomResourceStore : IResourceStore
{
    protected IRepository _dbRepository;

    public CustomResourceStore(IRepository repository)
    {
        _dbRepository = repository;
    }


    public Task<IEnumerable<IdentityResource>> FindIdentityResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
    {
        var list = _dbRepository.Where<IdentityResource>(e => scopeNames.Contains(e.Name));
        return Task.FromResult(list.AsEnumerable());
    }

    public Task<IEnumerable<ApiScope>> FindApiScopesByNameAsync(IEnumerable<string> scopeNames)
    {
        var list = _dbRepository.Where<ApiScope>(a => scopeNames.Contains(a.Name));
        return Task.FromResult(list.AsEnumerable());
    }

    public Task<IEnumerable<ApiResource>> FindApiResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
    {
        var list = _dbRepository.Where<ApiResource>(a => a.Scopes.Any(s => scopeNames.Contains(s)));
        return Task.FromResult(list.AsEnumerable());
    }

    public Task<IEnumerable<ApiResource>> FindApiResourcesByNameAsync(IEnumerable<string> apiResourceNames)
    {
        var list = _dbRepository.Where<ApiResource>(a => apiResourceNames.Contains(a.Name));
        return Task.FromResult(list.AsEnumerable());
    }

    public Task<Resources> GetAllResourcesAsync()
    {
        var result = new Resources(GetAllIdentityResources(), GetAllApiResources(),null);
        return Task.FromResult(result);
    }
    
    private IEnumerable<IdentityResource> GetAllIdentityResources()
    {
        return _dbRepository.All<IdentityResource>();
    }
    private IEnumerable<ApiResource> GetAllApiResources()
    {
        return _dbRepository.All<ApiResource>();
    }
    private IEnumerable<ApiScope> GetAllApiScopes()
    {
        return _dbRepository.All<ApiScope>();
    }
}

services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
        services.AddIdentityServer()//.AddProfileService<ProfileService>()
            .AddMongoRepository()
            .AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
            .AddClients()
            .AddInMemoryApiScopes(Config.AllowedScopes())
            .AddIdentityApiResources()
            .AddPersistedGrants()
            .AddDeveloperSigningCredential();
        
        services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
            .AddIdentityServerAuthentication(options =>
            {
                // base-address of your identityserver
                options.Authority = "https://localhost:5001";

                // name of the API resource
                options.ApiName = "IdentityPortal.API";
            });

 public static IEnumerable<ApiScope> AllowedScopes()
        {
            return new List<ApiScope>
            {
                new ApiScope(IdentityServerConstants.StandardScopes.OpenId),
                new ApiScope(IdentityServerConstants.StandardScopes.Profile),
                new ApiScope(IdentityServerConstants.StandardScopes.Email),
                new ApiScope(apiScope)
            };
        }

services.Configure<MongoDbConfigurationOptionsViewModel>(Configuration);
            services.AddIdentityServer()//.AddProfileService<ProfileService>()
                .AddMongoRepository()
                .AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
                .AddClients()
                .AddInMemoryApiScopes(Config.AllowedScopes)
                .AddIdentityApiResources()
                .AddPersistedGrants()
                .AddDeveloperSigningCredential();