尝试将 Thinctecture IdentityServer V3 用作多个 MVC 应用程序的简单安全令牌服务(STS)。
我能够自行操作提供的示例应用程序,它们运行正常,但是它们都使用内嵌的IdentityServer。我需要将 IdentityServer 作为一个独立的应用程序,以便我可以将其用作多个应用程序的 STS。当我尝试运行 IdentityServer 并将示例 MVC 应用程序连接到它时,似乎缺少某些内容。
示例 MVC 应用程序使用 Katana。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions...
但是我不明白如何正确配置外部应用程序服务。我的猜测是我没有使用正确的端点。
这是我的MVC依赖方配置。然后我在这里运行最新的IS v3,未经修改::44333
无论何时在MVC应用程序中尝试导航到需要授权的视图时,我都会收到异常。
堆栈跟踪:
[HttpRequestException: Response status code does not indicate success: 404 (Not Found).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +87960
Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +496
[IOException: Unable to get document from: https://localhost:44333/.well-known/openid-configuration]
Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +830
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() +512
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +93
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +52
System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() +24
Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1332
以下是MVC应用程序中的完整身份验证配置。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
//Authority = "https://localhost:44319/identity",
Authority = "https://localhost:44333",
ClientId = "mvc",
Scope = "openid profile roles",
RedirectUri = "https://localhost:44319/",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
var id = n.AuthenticationTicket.Identity;
// we want to keep first name, last name, subject and roles
var givenName = id.FindFirst(Constants.ClaimTypes.GivenName);
var familyName = id.FindFirst(Constants.ClaimTypes.FamilyName);
var sub = id.FindFirst(Constants.ClaimTypes.Subject);
var roles = id.FindAll(Constants.ClaimTypes.Role);
// create new identity and set name and role claim type
var nid = new ClaimsIdentity(
id.AuthenticationType,
Constants.ClaimTypes.GivenName,
Constants.ClaimTypes.Role);
nid.AddClaim(givenName);
nid.AddClaim(familyName);
nid.AddClaim(sub);
nid.AddClaims(roles);
// keep the id_token for logout
nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
// add some other app specific claim
nid.AddClaim(new Claim("app_specific", "some data"));
n.AuthenticationTicket = new AuthenticationTicket(
nid,
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = async n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
}
}
});