OpenId 3到OpenId 4多个发卡机构名称
我正在从OpenID3迁移到OpenID4(我们从.NET4迁移到.NETCore3的一部分)。其中一个要求是我们需要有一个内部和外部dns,我们的开放id将对其进行身份验证。我们有一个第三方托管我们的开放Id网络应用程序,他们根据负载平衡消费收费。为了减少这种情况,我们希望能够将调用路由到负载平衡器后面的内部身份提供者。(令人恼火的是,他们无法建立基于dns的内部路由,这听起来很像cba,但是,我们现在就在这里) 我们之前通过设置发行人名称实现了这一点,但是这个功能在OpenID4中被删除了,经过几个小时的研究,我仍然被卡住了。如果有人能帮我指出新方案的方向,或是实施方案的另一种方式,那就太好了 我们都喜欢代码,所以下面是我的外部web api的配置文件OpenId 3到OpenId 4多个发卡机构名称,openid,asp.net-core-3.1,Openid,Asp.net Core 3.1,我正在从OpenID3迁移到OpenID4(我们从.NET4迁移到.NETCore3的一部分)。其中一个要求是我们需要有一个内部和外部dns,我们的开放id将对其进行身份验证。我们有一个第三方托管我们的开放Id网络应用程序,他们根据负载平衡消费收费。为了减少这种情况,我们希望能够将调用路由到负载平衡器后面的内部身份提供者。(令人恼火的是,他们无法建立基于dns的内部路由,这听起来很像cba,但是,我们现在就在这里) 我们之前通过设置发行人名称实现了这一点,但是这个功能在OpenID4中被删除了,
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration
{
DependencyResolver = new UnityDependencyResolver(UnityConfig.GetConfiguredContainer())
};
var corsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttribute);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional });
// Configure Authorisation
JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = ConfigurationManager.AppSettings["IdentityServerUrl"],
RequiredScopes = new[] { ConfigurationManager.AppSettings["IdentityServerScopes"] },
PreserveAccessToken = true,
// This is set to convince the IdentityServer middleware to validate with the correct issuer url.
// Only needed for APIs/services that talk to both the internal and external URLs for IdentityServer
IssuerName = ConfigurationManager.AppSettings["IdentityServerIssuerUri"],
});
app.UseWebApi(config);
}
下面是identity providers配置选项(已删除所有敏感信息)
//标识服务器选项
var options=新标识服务器选项
{
EventsOptions=新的EventsOptions
{
RaiseErrorEvents=true,
RaiseFailureEvents=true,
RaiseInformation事件=真,
RaiseSuccessEvents=true
},
SiteName=“Identity”,
SigningCertificate=primaryTokenSigningCertificate,
SecondarySigningCertificate=SecondarySigningCertificate,
IssuerUri=ConfigurationManager.AppSettings[“IdentityServerIssuerUri”],
工厂,
EnableWelcomePage=false,
RequireSsl=SupportMethods.ToBoolean(ConfigurationManager.AppSettings[“RequireSsl”]),
AuthenticationOptions=新的AuthenticationOptions
{
//我们使用默认的cookie选项。否则,使用以下命令覆盖值:CookieOptions=new IdentityServer3.Core.Configuration.CookieOptions(),
RememberLastUsername=true,
RequireSignOutPrompt=false,
EnableSignOutPrompt=false,
EnablePostSignOutAutoRedirect=true,
LoginPageLinks=新列表
{
新LoginPageLink
{
Href=ConfigurationManager.AppSettings[“ForgotPasswordUrl”],
Text=“忘记密码?”,
Type=“忘记密码”
}
}
},
};
// IdentityServer options
var options = new IdentityServerOptions
{
EventsOptions = new EventsOptions
{
RaiseErrorEvents = true,
RaiseFailureEvents = true,
RaiseInformationEvents = true,
RaiseSuccessEvents = true
},
SiteName = "Identity",
SigningCertificate = primaryTokenSigningCertificate,
SecondarySigningCertificate = secondaryTokenSigningCertificate,
IssuerUri = ConfigurationManager.AppSettings["IdentityServerIssuerUri"],
Factory = factory,
EnableWelcomePage = false,
RequireSsl = SupportMethods.ToBoolean(ConfigurationManager.AppSettings["RequireSsl"]),
AuthenticationOptions = new AuthenticationOptions
{
// We use default cookie options. Otherwise override values using: CookieOptions = new IdentityServer3.Core.Configuration.CookieOptions(),
RememberLastUsername = true,
RequireSignOutPrompt = false,
EnableSignOutPrompt = false,
EnablePostSignOutAutoRedirect = true,
LoginPageLinks = new List<LoginPageLink>
{
new LoginPageLink
{
Href = ConfigurationManager.AppSettings["ForgotPasswordUrl"],
Text = "Forgot Password?",
Type = "forgot-password"
}
}
},
};