C# Identityserver4，资源所有者密码在资源服务器中返回401

IDENTITYSERVER4资源所有者密码流与自定义用户存储库

通过以下操作创建了Identityserver 但在资源服务器端，我无法授权API

已成功获取访问令牌

在启动.cs文件中

 public void ConfigureServices(IServiceCollection services)
        {

        services.AddIdentityServer(options =>
            {
                options.Events.RaiseSuccessEvents = true;
                options.Events.RaiseFailureEvents = true;
                options.Events.RaiseErrorEvents = true;
            })
         .AddDeveloperSigningCredential()
        .AddInMemoryIdentityResources(QuickstartIdentityServer.Config.GetIdentityResources())
        .AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
        .AddInMemoryClients(QuickstartIdentityServer.Config.GetClients())
        .AddCustomUserStore();


    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseIdentityServer();
    }

  public static IEnumerable<Client> GetClients()
    {
        // client credentials client
        return new List<Client>
        {
            new Client
            {
                ClientId = "client",
                AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600, //86400,
                IdentityTokenLifetime = 3600, //86400,
                UpdateAccessTokenClaimsOnRefresh = false,
                SlidingRefreshTokenLifetime = 30,
                AllowOfflineAccess = true,
                RefreshTokenExpiration = TokenExpiration.Absolute,
                RefreshTokenUsage = TokenUsage.OneTimeOnly,
                AlwaysSendClientClaims = true,
                Enabled = true,
                ClientSecrets = 
                {
                    new Secret("secret".Sha256())
                },
                AllowedScopes = { "api1", "openid"}
            }
        };
    }

进入Config.cs文件

 public void ConfigureServices(IServiceCollection services)
        {

        services.AddIdentityServer(options =>
            {
                options.Events.RaiseSuccessEvents = true;
                options.Events.RaiseFailureEvents = true;
                options.Events.RaiseErrorEvents = true;
            })
         .AddDeveloperSigningCredential()
        .AddInMemoryIdentityResources(QuickstartIdentityServer.Config.GetIdentityResources())
        .AddInMemoryApiResources(QuickstartIdentityServer.Config.GetApiResources())
        .AddInMemoryClients(QuickstartIdentityServer.Config.GetClients())
        .AddCustomUserStore();


    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseIdentityServer();
    }

  public static IEnumerable<Client> GetClients()
    {
        // client credentials client
        return new List<Client>
        {
            new Client
            {
                ClientId = "client",
                AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600, //86400,
                IdentityTokenLifetime = 3600, //86400,
                UpdateAccessTokenClaimsOnRefresh = false,
                SlidingRefreshTokenLifetime = 30,
                AllowOfflineAccess = true,
                RefreshTokenExpiration = TokenExpiration.Absolute,
                RefreshTokenUsage = TokenUsage.OneTimeOnly,
                AlwaysSendClientClaims = true,
                Enabled = true,
                ClientSecrets = 
                {
                    new Secret("secret".Sha256())
                },
                AllowedScopes = { "api1", "openid"}
            }
        };
    }

在API中提到的

[Route("api/")]
[Authorize(AuthenticationSchemes = IdentityServerAuthenticationDefaults.AuthenticationScheme)]
public class TestController : Controller


    // GET: api/v1/users/5
    [HttpGet("Hello")]
    public async Task<IActionResult> getMessage()
    {

        return Ok("Hello");
    }

[路由（“api/”）]
[授权（AuthenticationSchemes=IdentityServerAuthenticationDefaults.AuthenticationScheme）]
公共类TestController:控制器
//获取：api/v1/users/5
[HttpGet（“你好”）]
公共异步任务getMessage（）
{
返回Ok（“你好”）；
}

}

当我将相同的accesstoken传递给上面的API时，如下所示，得到401。我需要通过什么吗。或者我错过了任何验证

请帮帮我

---

谢谢。

我认为您应该更新资源服务器startup.cs文件的ConfigureServices方法，如下所示：

 // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvcCore()
            .AddAuthorization()
            .AddJsonFormatters();

        services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "http://localhost:5001";
                options.RequireHttpsMetadata = false;
                options.ApiName = "openid";
            });


        // services.AddMvc();
    }

---

显然，由于问题的性质，我无法重现您的问题，但因为您可以获得访问令牌，但仍然获得401；我认为这意味着您获得的访问令牌对于您发送请求的api无效。 我猜是

。AddInMemoryApiResources（QuickstartIdentityServer.Config.GetApiResources（））

配置不正确，例如

GetApiResources（）

需要返回一个

ApiResource

，其

作用域包含
openid
，这是您用于请求访问令牌的作用域。
希望这是有意义的。
请考虑使用...你需要展示你是如何向你的API发送请求的。它是否包含来自IdentityServer的访问令牌？@sttl06-是，正如您在上一个屏幕截图（API响应）中看到的那样。我在标题中传递“持票人”。但是服务器如何知道这个accesstoken是有效的。我遗漏了什么吗？是的，这是一样的。我们是否必须在示例APIYea中传递任何其他头以及授权（accesstoken）头？是的，我在GetIdentityResource中引用了相同的范围，而不是API资源。非常感谢：）