【发布时间】:2021-06-08 09:30:07
【问题描述】:
我正在使用 OpenIdDict 3.0 来托管我的身份服务器。我能够获取访问令牌和 id 令牌,但不知何故,当我在授权标头中使用访问令牌时,我的控制器返回 401,但在我使用 id 令牌时成功通过身份验证。
我在之前的项目中使用过 OpenIdDict 2.0,效果很好。
以下是我的Start.cs
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
#region Database
var connectionString = Environment.GetEnvironmentVariable("CONNECTION_STRING");
#if DEBUG
connectionString = Configuration.GetConnectionString("DefaultConnection");
#endif
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseMySql(connectionString);
// Register the entity sets needed by OpenIddict.
// Note: use the generic overload if you need
// to replace the default OpenIddict entities.
options.UseOpenIddict();
});
#endregion
#region Authentication
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = Configuration["Jwt:Authority"];
options.Audience = Configuration["Jwt:Audience"];
options.RequireHttpsMetadata = bool.TryParse(Configuration["Jwt:Https"], out bool isHttps) && isHttps;
});
// Configure Identity to use the same JWT claims as OpenIddict instead
// of the legacy WS-Federation claims it uses by default (ClaimTypes),
// which saves you from doing the mapping in your authorization controller.
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = ClaimTypes.Name;
options.ClaimsIdentity.UserIdClaimType = JwtRegisteredClaimNames.Sub;
options.ClaimsIdentity.RoleClaimType = ClaimTypes.Role;
});
services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and models.
// Note: call ReplaceDefaultEntities() to replace the default entities.
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
// Register the OpenIddict server components.
.AddServer(options =>
{
// Enable the token endpoint.
// Enable the client credentials flow.
options
.SetTokenEndpointUris("/Account/Token")
.AllowPasswordFlow()
.SetAccessTokenLifetime(TimeSpan.FromHours(1))
.AllowRefreshTokenFlow()
.SetRefreshTokenLifetime(TimeSpan.FromDays(7));
// Register the signing and encryption credentials.
options
.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.RegisterClaims();
// Register the ASP.NET Core host and configure the ASP.NET Core options.
options
.UseAspNetCore()
.EnableTokenEndpointPassthrough();
})
// Register the OpenIddict validation components.
.AddValidation(options =>
{
// Import the configuration from the local OpenIddict server instance.
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
#endregion
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseMyPcBuilderOpenIdDict().Wait();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
【问题讨论】: