我们有一个ASP.NET MVC应用程序,它与IdentityServer3进行身份验证没有问题,但是使用ApiController的Web API部分在用户等待大约三分钟后(在3分钟之前,一切似乎都很好)开始失败。
在Chrome中看到的错误如下:
XMLHttpRequest无法加载https://test-auth.myauthapp.com/auth/connect/authorize?client_id=ecan-farmda…gwLTk5ZjMtN2QxZjUyMjgxNGE4MDg2NjFhZTAtOTEzNi00MDE3LTkzNGQtNTc5ODAzZTE1Mzgw。 请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,“http://test.myapp.com”的来源不被允许访问。
在IE中,我收到以下错误:
SCRIPT7002:XMLHttpRequest:网络错误0x4c7,操作被用户取消。
我查看IdentityServer3的日志,发现有如下记录:
2015-08-10 16:42 [警告] (Thinktecture.IdentityServer.Core.Configuration.Hosting.CorsPolicyProvider) 来自源http://test.myapp.com 的路径为/connect/authorize的CORS请求被拒绝,因为CORS路径无效。
在IdentityServer3 Web应用程序中,我正在为客户端提供AllowedCorsOrigins:
Thinktecture.IdentityServer.Core.Models.Client client = new Thinktecture.IdentityServer.Core.Models.Client()
{
Enabled = configClient.Enabled,
ClientId = configClient.Id,
ClientName = configClient.Name,
RedirectUris = new List<string>(),
PostLogoutRedirectUris = new List<string>(),
AllowedCorsOrigins = new List<string>(),
RequireConsent = false, // Don't show consents screen to user
RefreshTokenExpiration = Thinktecture.IdentityServer.Core.Models.TokenExpiration.Sliding
};
foreach (Configuration.RegisteredUri uri in configClient.RedirectUris)
{
client.RedirectUris.Add(uri.Uri);
}
foreach (Configuration.RegisteredUri uri in configClient.PostLogoutRedirectUris)
{
client.PostLogoutRedirectUris.Add(uri.Uri);
}
// Quick hack to try and get CORS working
client.AllowedCorsOrigins.Add("http://test.myapp.com");
client.AllowedCorsOrigins.Add("http://test.myapp.com/"); // Don't think trailing / needed, but added just in case
clients.Add(client);
当注册服务时,我添加了一个InMemoryCorsPolicyService:
app.Map("/auth", idsrvApp =>
{
var factory = new IdentityServerServiceFactory();
factory.Register(new Registration<AuthContext>(resolver => AuthObjects.AuthContext));
factory.Register(new Registration<AuthUserStore>());
factory.Register(new Registration<AuthRoleStore>());
factory.Register(new Registration<AuthUserManager>());
factory.Register(new Registration<AuthRoleManager>());
// Custom user service used to inject custom registration workflow
factory.UserService = new Registration<IUserService>(resolver => AuthObjects.AuthUserService);
var scopeStore = new InMemoryScopeStore(Scopes.Get());
factory.ScopeStore = new Registration<IScopeStore>(scopeStore);
var clientStore = new InMemoryClientStore(Clients.Get());
factory.ClientStore = new Registration<IClientStore>(clientStore);
var cors = new InMemoryCorsPolicyService(Clients.Get());
factory.CorsPolicyService = new Registration<ICorsPolicyService>(cors);
...
var options = new IdentityServerOptions
{
SiteName = "Authentication",
SigningCertificate = LoadCertificate(),
Factory = factory,
AuthenticationOptions = authOptions
};
...
});
我注意到IdentityServer3日志条目中写着“CORS request made for path: /connect/authorize”,而不是“CORS request made for path: /auth/connect/authorize”。但是查看IdentityServer3源代码表明,这可能不是问题所在。
也许是InMemoryCorsPolicyService没有被选中?
有任何想法可以解决AJAX调用的ApiController无法工作的问题吗?
使用NuGet安装了Thinktecture.IdevtityServer3 v1.6.2。
更新:
我正在与IdentityServer3开发人员进行交流,但仍然无法解决问题。如果有帮助的话:
https://github.com/IdentityServer/IdentityServer3/issues/1697