我正在尝试使用自己的UserStore为SSO使IdentityServer4与ASP.NET Core Identity配合工作。虽然指南似乎非常简单,并且身份验证过程本身似乎有效,但在应用程序(另一个ASP.NET Core MVC应用程序)中,我遇到了以下错误:
我的设置如下:
对于ASP.NET MVC应用程序(客户端):
对于 IdentityServer4 应用程序:
Error loading external login information
。我的设置如下:
对于ASP.NET MVC应用程序(客户端):
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan =TimeSpan.FromMinutes(30);
})
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "https://localhost:5001/";
options.ClientId = "clientId";
options.ClientSecret = "secret";
options.SaveTokens = true;
options.ResponseType = "code id_token";
options.Scope.Add(IdentityServerConstants.StandardScopes.Profile);
options.Scope.Add(IdentityServerConstants.StandardScopes.Email);
options.Scope.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
options.GetClaimsFromUserInfoEndpoint = true;
});
对于 IdentityServer4 应用程序:
services.AddScoped<UserManager<User>, MyUserManager>();
services.AddIdentity<User, UserGroup>()
.AddRoleStore<MyRoleStore>()
.AddUserStore<MyUserStore>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserIdClaimType = JwtClaimTypes.Subject;
options.ClaimsIdentity.UserNameClaimType = JwtClaimTypes.Name;
options.ClaimsIdentity.RoleClaimType = JwtClaimTypes.Role;
});
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(OpenIDConfig.GetApiResources())
.AddInMemoryIdentityResources(OpenIDConfig.GetIdentityResources())
.AddInMemoryClients(OpenIDConfig.GetClients())
.AddResourceOwnerValidator<ResourceOwnerPasswordValidator<User>>()
.AddProfileService<ProfileService<User>>();
主要问题是我不知道从哪里开始查找为什么在成功身份验证后会出现问题。
services.ConfigureExternalCookie(options => { options.Cookie.SameSite = SameSiteMode.None; });
- Kanadajoptions.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
但这并不起作用。然而,你的选项却可以! - Marko Prcać