401 Unauthorized with IdentityServer3 In ASP.Net Core 1.1 MVC Application

Question

在过去的一年里，我正在使用 IdentityServer3 和多个应用程序。所有这些应用程序都在 .Net Framework 4.5 上运行。现在我已经创建了 ASP.Net Core MVC (1.1) 应用程序，我想使用我的 IdentityServer 来保护这个应用程序。但我正在努力让它发挥作用。我收到 401 Unauthorized 错误。

这是我正在使用的配置：

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationScheme = "Cookies",
    AutomaticAuthenticate = true,
    AutomaticChallenge = true
});

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    AuthenticationScheme = "oidc",
    SignInScheme = "Cookies",

    Authority = "<IdentityServer URL>",
    RequireHttpsMetadata = false,

    ClientId = "clientid",

    ResponseType = "token id_token",
    Scope = { "openid","email"},

    SaveTokens = true,

    PostLogoutRedirectUri = "http://localhost:29995/",

    Scope = { "openid, email" },
    ResponseType = "id_token token",

    Events = new OpenIdConnectEvents()
    {
        OnTokenValidated = (context) =>
        {
            //my code
            return Task.FromResult(0);
        }
    }
});

当我尝试访问安全页面时，我收到 401 Unauthorized。它甚至不会进入 IdentityServer 的登录页面。

它试图点击的网址

https://<IdentityServerUrl>/connect/authorize?client_id=APITestweb&redirect_uri=http://localhost:29995/signin-oidc&response_type=code id_token&scope=openid profile email&response_mode=form_post&nonce=<data>&state=<data>

客户端 ID 和 URL 配置正确。我尝试创建另一个 ASP.Net MVC 应用程序（不是 ASP.Net Core），并且在相同的配置信息下工作得很好。

请帮忙。

[编辑] 添加日志信息

[Debug] Executing action "WebClient.Controllers.HomeController.About (WebClient)"
[Information] Authorization failed for user: null.
[Warning] Authorization failed for the request at filter '"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"'.
[Information] Executing ChallengeResult with authentication schemes ([]).
[Debug] AuthenticationScheme: "Cookies" was not authenticated.
[Verbose] Entering "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler"'s HandleUnauthorizedAsync.
[Verbose] Using properties.RedirectUri for 'local redirect' post authentication: '"http://localhost:29995/Home/About"'.
[Debug] Reading data from file '"C:\path\DataProtection-Keys\key-2a848b38-3cf4-4c57-b8ef-4c0b56c83993.xml"'.
[Debug] Found key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993}.
[Debug] Considering key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with expiration date 2017-03-08 21:08:54Z as default key.
[Debug] Decrypting secret element using Windows DPAPI.
[Debug] Opening CNG algorithm '"AES"' from provider 'null' with chaining mode CBC.
[Debug] Opening CNG algorithm '"SHA256"' from provider 'null' with HMAC.
[Debug] Using key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} as the default key.
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Information] AuthenticationScheme: "oidc" was challenged.
[Information] Request finished in 1301.6524ms 401
[Debug] Connection id ""0HL10CR7G2G0J"" completed keep alive response.

Answer 1

如果您使用的是Microsoft.AspNetCore.Authentication.OpenIdConnect v.1.1.0，则当前存在一个错误（或称重大更改）。

对我来说，1.0.0 包仍在工作，因此请检查降级是否有帮助。

Link to GitHub issue on change introduced in 1.1.0 and why it was breaking