Identityserver4 如何配置IdentityServerAuthenticationOptions。使用通配符的权限
我已成功使用ASP.NET Core设置IdentityServer4 作为默认配置,我有以下内容:Identityserver4 如何配置IdentityServerAuthenticationOptions。使用通配符的权限,identityserver4,asp.net-core-webapi,Identityserver4,Asp.net Core Webapi,我已成功使用ASP.NET Core设置IdentityServer4 作为默认配置,我有以下内容: IdentityServerAuthenticationOptions options = new IdentityServerAuthenticationOptions() { Authority = "http://localhost:5000", ScopeName = "scope", ScopeSecret = "ScopeSec
IdentityServerAuthenticationOptions options = new IdentityServerAuthenticationOptions()
{
Authority = "http://localhost:5000",
ScopeName = "scope",
ScopeSecret = "ScopeSecret",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
RequireHttpsMetadata = false,
};
现在,使用这个配置,我可以从配置文件中读取,所以它们可以是生产中的任何数字
例如,如果我将API设置为在http://*:5000
上运行,那么客户端可以通过服务IP地址连接到它,如http://192.168.1.100:5000
一旦客户端获得承载令牌并尝试使用它,就会发生内部服务器错误
,出现以下异常:
Unable to obtain configuration from:
'http://*:5000/.well-known/openid-configuration'.
---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'http://*:5000/.well-known/openid-configuration'.
---> System.UriFormatException: Invalid URI: The hostname could not be parsed.
将IdS4配置为具有动态权限的正确方法是什么
更新
问题似乎出在发行人身上,对此有何看法
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException:
IDX10205: Issuer validation failed. Issuer: 'http://192.168.1.100:5000'. Did not match: validationParameters.ValidIssuer: 'http://localhost:5000' or validationParameters.ValidIssuers: 'null'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
出乎意料的是,我所需要的只是为
IssuerUri
设置一个值(几乎任何值):
public IServiceProvider ConfigureServices(IServiceCollection services)
{
////...
var identiyBuilder = services.AddIdentityServer(options =>
{
options.RequireSsl = false;
options.IssuerUri = "MyCompany";
});
////...
}
现在,通过上面的配置,我可以通过任何IP地址使用该服务。我没有发现我可以直接输入MyCompany 但在我的日志文件中,我有以下内容:
Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://crm.example.com'. Did not match: validationParameters.ValidIssuer: 'MyCompany' or validationParameters.ValidIssuers: 'null'.
我不太清楚“发行人”是什么意思,但我可以用“发行人”来处理这个问题:
options.IssuerUri = "https://crm.example.com";