Thinktecture IdentityServer V3

尝试将 Thinctecture IdentityServer V3 用作多个 MVC 应用程序的简单安全令牌服务（STS）。 我能够自行操作提供的示例应用程序，它们运行正常，但是它们都使用内嵌的IdentityServer。我需要将 IdentityServer 作为一个独立的应用程序，以便我可以将其用作多个应用程序的 STS。当我尝试运行 IdentityServer 并将示例 MVC 应用程序连接到它时，似乎缺少某些内容。 示例 MVC 应用程序使用 Katana。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions...

但是我不明白如何正确配置外部应用程序服务。我的猜测是我没有使用正确的端点。

这是我的MVC依赖方配置。然后我在这里运行最新的IS v3，未经修改：:44333

无论何时在MVC应用程序中尝试导航到需要授权的视图时，我都会收到异常。

堆栈跟踪：

[HttpRequestException: Response status code does not indicate success: 404 (Not Found).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +87960
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +496

[IOException: Unable to get document from: https://localhost:44333/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +830
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +512
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
   System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1332

以下是MVC应用程序中的完整身份验证配置。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    //Authority = "https://localhost:44319/identity",
    Authority = "https://localhost:44333",
    ClientId = "mvc",
    Scope = "openid profile roles",
    RedirectUri = "https://localhost:44319/",

    SignInAsAuthenticationType = "Cookies",
    UseTokenLifetime = false,

    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        SecurityTokenValidated = async n =>
            {
                var id = n.AuthenticationTicket.Identity;

                // we want to keep first name, last name, subject and roles
                var givenName = id.FindFirst(Constants.ClaimTypes.GivenName);
                var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName);
                var sub = id.FindFirst(Constants.ClaimTypes.Subject);
                var roles = id.FindAll(Constants.ClaimTypes.Role);

                // create new identity and set name and role claim type
                var nid = new ClaimsIdentity(
                    id.AuthenticationType,
                    Constants.ClaimTypes.GivenName,
                    Constants.ClaimTypes.Role);

                nid.AddClaim(givenName);
                nid.AddClaim(familyName);
                nid.AddClaim(sub);
                nid.AddClaims(roles);

                // keep the id_token for logout
                nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                // add some other app specific claim
                nid.AddClaim(new Claim("app_specific", "some data"));

                n.AuthenticationTicket = new AuthenticationTicket(
                    nid,
                    n.AuthenticationTicket.Properties);
            },
        RedirectToIdentityProvider = async n =>
            {
                if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                {
                    var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                    if (idTokenHint != null)
                    {
                        n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                    }
                }
            }
    }
});