Identityserver4 Mtls令牌请求失败,出现错误-AuthenticationScheme:x509被禁止
我正在尝试使用Identityserver4的新的相互TLS客户端身份验证。我遵循了Identityserver4 Mtls令牌请求失败,出现错误-AuthenticationScheme:x509被禁止,identityserver4,Identityserver4,我正在尝试使用Identityserver4的新的相互TLS客户端身份验证。我遵循了Identityserver4网站()中的文档 当我试图为mtls客户机获取访问令牌时,出现错误“禁止”。当我检查IdentityServer4日志文件时: 2019-06-11 10:19:26.690 +00:00 [INF] Request finished in 23.3151ms 200 application/json; charset=UTF-8 2019-06-11 10:19:26.784 +0
Identityserver4
网站()中的文档
当我试图为mtls客户机获取访问令牌时,出现错误“禁止”。当我检查IdentityServer4
日志文件时:
2019-06-11 10:19:26.690 +00:00 [INF] Request finished in 23.3151ms 200 application/json; charset=UTF-8
2019-06-11 10:19:26.784 +00:00 [INF] Request starting HTTP/1.1 GET http://open-banking-authorisation-server-host/.well-known/openid-configuration/jwks
2019-06-11 10:19:26.786 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
2019-06-11 10:19:26.816 +00:00 [INF] Request finished in 32.05ms 200 application/jwk-set+json; charset=UTF-8
2019-06-11 10:20:41.797 +00:00 [INF] Request starting HTTP/1.1 POST http://open-banking-authorisation-server-host/connect/mtls/token application/x-www-form-urlencoded 80
2019-06-11 10:20:41.814 +00:00 [INF] AuthenticationScheme: x509 was forbidden.
有人能帮忙吗
var clientId = "adsjasdjakafklfalvf";
FileStream f = new FileStream("client_cert.crt", FileMode.Open, FileAccess.Read);
int size = (int)f.Length;
byte[] data = new byte[size];
size = f.Read(data, 0, size);
f.Close();
var cert = new X509Certificate2(data);
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(cert);
var newClient = new HttpClient(handler);
var tokenResponse = await newClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
Address = $"{_authorityBaseUri}/connect/mtls/token",
ClientId = clientId,
Scope = "accounts"
});
var accessToken = tokenResponse.AccessToken;
newClient.Dispose();
你应该
静态异步任务RequestTokenAsync2()
{
var handler=new SocketsHttpHandler();
var cert=new X509Certificate2(“mtls.test client.p12”,“changeit”);
handler.SslOptions.ClientCertificates=new X509CertificateCollection{cert};
var client=新的HttpClient(处理程序);
var disco=await client.GetDiscoveryDocumentAsync(“https://localhost:44302");
if(disco.IsError)抛出新异常(disco.Error);
var response=wait client.RequestClientCredentialsTokenAsync(新的ClientCredentialsTokenRequest
{
地址=迪斯科舞厅
.TryGetValue(OidcConstants.Discovery.MTLSendPointAlias)
.Value(OidcConstants.Discovery.TokenEndpoint)
.ToString(),
ClientId=“mtls”,
Scope=“api1”
});
if(response.IsError)抛出新异常(response.Error);
返回响应;
}
IS4
public void配置服务(IServiceCollection服务)
{
services.AddAuthentication()
.AddCertificate(选项=>
{
options.AllowedCertificateTypes=CertificateTypes.All;
options.RevocationMode=X509RevocationMode.NoCheck;
})
var builder=services.AddIdentityServer(选项=>
{
options.MutualTls.Enabled=true;
options.MutualTls.ClientCertificateAuthenticationScheme=“证书”;
options.Events.RaiseErrorEvents=true;
options.Events.RaiseFailureEvents=true;
options.Events.RaiseInformationEvents=true;
options.Events.RaiseSuccessEvents=true;
})
.AddInMemoryIdentityResources(Config.Ids)
.AddInMemoryApiResources(Config.api)
.AddInMemoryClients(Config.Clients)
.AddTestUsers(TestUsers.Users);
addmutualslsecretvalidators();
AddDeveloperSigningCredential();
}
public void配置(IApplicationBuilder应用程序、IWebHostEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//app.useh
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(端点=>
{
endpoints.MapDefaultControllerOute();
});
}
进一步阅读:
您找到解决方案了吗?我也面临同样的问题。