asp.net-core – 配置ASP.Net Core以使用OIDC对Thinktecture V2
发布时间:2020-12-16 09:20:33 所属栏目:asp.Net 来源:网络整理
导读:我正在尝试使用ASP.Net Core对Thinktecture V2进行身份验证,使用OpenID Connect(我们目前需要WS-Trust,因此无法升级). 我的配置如下 app.UseCookieAuthentication(new CookieAuthenticationOptions()); X509Store certStore = new X509Store(StoreName.My,St
|
我正在尝试使用ASP.Net Core对Thinktecture V2进行身份验证,使用OpenID Connect(我们目前需要WS-Trust,因此无法升级).
我的配置如下 app.UseCookieAuthentication(new CookieAuthenticationOptions());
X509Store certStore = new X509Store(StoreName.My,StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
var cert = certStore.Certificates.Find(X509FindType.FindByThumbprint,"CertThumbprint",false);
app.USEOpenIdConnectAuthentication(new OpenIdConnectOptions
{
RequireHttpsMetadata = false,ClientId = _config["OpenID:ClientId"],ClientSecret = _config["OpenID:ClientSecret"],Authority = _config["OpenID:Authority"],ResponseType = OpenIdConnectResponseType.Code,PostLogoutRedirectUri = _config["OpenID:PostLogoutRedirectUri"],SignInScheme = "Cookies",CallbackPath = "/signin-oidc",TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = new X509SecurityKey(cert[0]),},Configuration = new OpenIdConnectConfiguration
{
Issuer = "https://identityserver/IdentityServer/issue",AuthorizationEndpoint = "https://identityserver/IdentityServer/issue/oidc/authorize",TokenEndpoint = "https://identityserver/IdentityServer/issue/oidc/token",UserInfoEndpoint = "https://identityserver/IdentityServer/issue/oidc/userinfo",}
});
config.json "OpenID": {
"ClientId": "Test","ClientSecret": "{6DD502AB-2AB1-4028-BD4A-85C91790EC7B}","Authority": "https://identityserver/IdentityServer/issue/oidc","PostLogoutRedirectUri": "https://localhost:44353/" }
当我尝试验证时,我得到以下异常: HttpRequestException:响应状态代码不表示成功:400(错误请求). 来自thinktectureIdentityServer.svclog的跟踪是
如果有人能提供任何帮助,将不胜感激. 解决方法
我通过处理OnAuthorizationCodeReceivedEvent并手动处理代码兑换来解决上述错误,我在其中添加了一个基本授权标头来授权客户端.
new OpenIdConnectOptions
{
...
Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived = async context =>
{
context.HandleCodeRedemption();
var requestMessage = new HttpRequestMessage(HttpMethod.Post,context.Options.Configuration.TokenEndpoint);
requestMessage.Content = new FormUrlEncodedContent(context.TokenEndpointRequest.Parameters);
var authString = string.Format("{0}",Convert.ToBase64String(Encoding.ASCII.GetBytes(_config["OpenID:ClientId"] + ":" + _config["OpenID:ClientSecret"])));
requestMessage.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic",authString);
var responseMessage = await context.Backchannel.SendAsync(requestMessage);
responseMessage.EnsureSuccessStatusCode();
var tokenResonse = await responseMessage.Content.ReadAsStringAsync();
var jsonTokenResponse = JObject.Parse(tokenResonse);
context.TokenEndpointResponse = new OpenIdConnectMessage(jsonTokenResponse);
}
}
...
});
要进行最终调用以检索UserInfo,我必须对Identity Server进行更改,以在响应中包含与Id令牌中的主题匹配的主题.这涉及更新UserInfoController以在Get方法中添加声明. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
- asp.net-web-api – SignalR响应覆盖标头
- asp.net – DotNetNuke 7 – 向模块添加ajax控件
- asp.net-mvc – 为什么在HttpGet操作上的mvc属性
- asp.net-mvc – 可配置的应用程序洞察检测密钥
- asp.net-mvc – MVC脚手架 – 参考程序集中缺少类
- asp.net-mvc – 编写单元测试以验证所有ASP.NET
- 如何在asp经典中使用cURL发布数据?
- asp.net – 403从WindowsAzure.Storage生产错误
- asp.net – Autofac实例注册的SingleInstance()能
- 不重新编译DLL,让FCKEditor支持附件上传
热点阅读