C# Identityserver4,资源所有者密码在资源服务器中返回401
IDENTITYSERVER4资源所有者密码流与自定义用户存储库 通过以下操作创建了Identityserver 但在资源服务器端,我无法授权API 已成功获取访问令牌 在启动.cs文件中C# Identityserver4,资源所有者密码在资源服务器中返回401,c#,.net-core,identityserver4,C#,.net Core,Identityserver4,IDENTITYSERVER4资源所有者密码流与自定义用户存储库 通过以下操作创建了Identityserver 但在资源服务器端,我无法授权API 已成功获取访问令牌 在启动.cs文件中 public void ConfigureServices(IServiceCollection services) { services.AddIdentityServer(options => { optio
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(QuickstartIdentityServer.Config.GetIdentityResources())
.AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
.AddInMemoryClients(QuickstartIdentityServer.Config.GetClients())
.AddCustomUserStore();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
}
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600, //86400,
IdentityTokenLifetime = 3600, //86400,
UpdateAccessTokenClaimsOnRefresh = false,
SlidingRefreshTokenLifetime = 30,
AllowOfflineAccess = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AlwaysSendClientClaims = true,
Enabled = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1", "openid"}
}
};
}
进入Config.cs文件
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
})
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(QuickstartIdentityServer.Config.GetIdentityResources())
.AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
.AddInMemoryClients(QuickstartIdentityServer.Config.GetClients())
.AddCustomUserStore();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
}
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 3600, //86400,
IdentityTokenLifetime = 3600, //86400,
UpdateAccessTokenClaimsOnRefresh = false,
SlidingRefreshTokenLifetime = 30,
AllowOfflineAccess = true,
RefreshTokenExpiration = TokenExpiration.Absolute,
RefreshTokenUsage = TokenUsage.OneTimeOnly,
AlwaysSendClientClaims = true,
Enabled = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes = { "api1", "openid"}
}
};
}
在API中提到的
[Route("api/")]
[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)]
public class TestController : Controller
// GET: api/v1/users/5
[HttpGet("Hello")]
public async Task<IActionResult> getMessage()
{
return Ok("Hello");
}
[路由(“api/”)]
[授权(AuthenticationSchemes=IdentityServerAuthenticationDefaults.AuthenticationScheme)]
公共类TestController:控制器
//获取:api/v1/users/5
[HttpGet(“你好”)]
公共异步任务getMessage()
{
返回Ok(“你好”);
}
}
当我将相同的accesstoken传递给上面的API时,如下所示,得到401。我需要通过什么吗。或者我错过了任何验证
请帮帮我
谢谢。我认为您应该更新资源服务器startup.cs文件的ConfigureServices方法,如下所示:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5001";
options.RequireHttpsMetadata = false;
options.ApiName = "openid";
});
// services.AddMvc();
}
显然,由于问题的性质,我无法重现您的问题,但因为您可以获得访问令牌,但仍然获得401;我认为这意味着您获得的访问令牌对于您发送请求的api无效。 我猜是
。AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
配置不正确,例如GetApiResources()
需要返回一个ApiResource
,其作用域包含openid
,这是您用于请求访问令牌的作用域。
希望这是有意义的。请考虑使用...你需要展示你是如何向你的API发送请求的。它是否包含来自IdentityServer的访问令牌?@sttl06-是,正如您在上一个屏幕截图(API响应)中看到的那样。我在标题中传递“持票人”。但是服务器如何知道这个accesstoken是有效的。我遗漏了什么吗?是的,这是一样的。我们是否必须在示例APIYea中传递任何其他头以及授权(accesstoken)头?是的,我在GetIdentityResource中引用了相同的范围,而不是API资源。非常感谢:)