Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/308.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 如何停止IdentityServer4刷新令牌过期?_C#_Identityserver4 - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 如何停止IdentityServer4刷新令牌过期?

C# 如何停止IdentityServer4刷新令牌过期?

c# identityserver4

C# 如何停止IdentityServer4刷新令牌过期?,c#,identityserver4,C#,Identityserver4,我已经为Amazon Alexa用例实现了IdentityServer 4,并且似乎在刷新令牌过期时遇到了问题: 我的客户端设置如下: new Client { ClientId = AlexaUsername, ClientName = "Amazon Alexa", ClientUri = "https://alexa.amazon.co.uk", LogoUri = "/images/alexa.png", // no interactive use

我已经为Amazon Alexa用例实现了IdentityServer 4,并且似乎在刷新令牌过期时遇到了问题:

我的客户端设置如下:

new Client
{
    ClientId = AlexaUsername,
    ClientName = "Amazon Alexa",
    ClientUri = "https://alexa.amazon.co.uk",
    LogoUri = "/images/alexa.png",
    // no interactive user, use the clientid/secret for authentication
    AllowedGrantTypes = GrantTypes.Code,
    // secret for authentication
    ClientSecrets =
    {
        new Secret(...)
    },
    RedirectUris =  Options.AlexaService.PermittedUris,
    // scopes that client has access to
    AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, AlexaApiScope },
    AlwaysIncludeUserClaimsInIdToken = true,
    AlwaysSendClientClaims = true,
    AllowOfflineAccess = true,
    RefreshTokenExpiration = TokenExpiration.Sliding,
    AbsoluteRefreshTokenLifetime = 0,
    AccessTokenLifetime = 3600,
    AuthorizationCodeLifetime = 360,
    AllowRememberConsent = true
}
我的服务定义如下(not cert不为空):

我的一个想法是,当IIS服务器重新启动而不是持久化时,刷新令牌将变得无效。要获得Alexa所需的永久有效刷新令牌,我需要做哪些更改?

添加
refreshtTokenUsage=TokenUsage。重用
似乎已经解决了问题,还可以从上面的链接复制代码(我还没有证明该代码是否必要)

您将
AccessTokenLifetime
设置为0。为什么?我想我没有!AccessTokenLifetime=3600,我将AbsoluteRefreshTokenLifetime设置为0,因为我不小心写了它,我想写
AbsoluteRefreshTokenLifetime
。谢谢。根据
AbsoluteRefreshTokenLifetime
Zero的文档,当与
RefreshTokenExpiration=slide一起使用时,允许刷新永不过期的令牌参见此问题

services.AddIdentity<ApplicationUser, ApplicationRole>(config =>
{
    //config.SignIn.RequireConfirmedEmail = true;
    //https://docs.microsoft.com/en-us/aspnet/core/security/authentication/accconfirm?tabs=aspnetcore2x%2Csql-server
    config.Lockout.MaxFailedAccessAttempts = 7; 
})
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddRoleManager<ApplicationRoleManager>()
    .AddDefaultTokenProviders();

// Add application services.
services.AddTransient<IEmailSender, EmailSender>();

X509Certificate2 cert = GetCertificateIssuer(settings);
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

var nestedServices = services.BuildServiceProvider();
var DataSecurityService = nestedServices.GetService<IDataSecurityService>();

if (cert == null)
{
    services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryPersistedGrants()
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryApiResources(Config.GetApiResources())
    .AddInMemoryClients(Config.GetClients(DataSecurityService))
    .AddAspNetIdentity<ApplicationUser>();
}
else
{
    services.AddIdentityServer(options => { options.IssuerUri = settings.Authority;
                                           options.PublicOrigin = settings.Authority;
        })
    .AddSigningCredential(cert)
    .AddConfigurationStore(options =>
    {
        options.ConfigureDbContext = builder =>
            builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
                sql => sql.MigrationsAssembly(migrationsAssembly));
    })
    //.AddInMemoryPersistedGrants()
    .AddOperationalStore(options =>
    {
        options.ConfigureDbContext = builder =>
            builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
                sql => sql.MigrationsAssembly(migrationsAssembly));

        // this enables automatic token cleanup. this is optional.
        options.EnableTokenCleanup = true;
        options.TokenCleanupInterval = 30; // interval in seconds
    })
    .AddAspNetIdentity<ApplicationUser>();
}



2018-08-04 09:24:40.091 +01:00 [DBG] Start token request validation
2018-08-04 09:24:40.098 +01:00 [DBG] Start validation of refresh token request
2018-08-04 09:24:40.119 +01:00 [DBG] eny2fizHyrW3t98T2oOqNN+wy8thQvUsNz3HDL8UhjU= found in database: false
2018-08-04 09:24:40.119 +01:00 [DBG] refresh_token grant with value: f9f345127502ac6b72598404ff9be5bba041224393f5332c7262acfa7f6157c5 not found in store.
2018-08-04 09:24:40.119 +01:00 [ERR] Invalid refresh token
2018-08-04 09:24:40.120 +01:00 [ERR] Refresh token validation failed. aborting.
2018-08-04 09:24:40.164 +01:00 [ERR] {
  "ClientId": "xxx",
  "ClientName": "Amazon Alexa",
  "GrantType": "refresh_token",
  "Raw": {
    "grant_type": "refresh_token",
    "refresh_token": "xxx",
    "client_id": "xxxx"
  }
}