我試圖使用身份服務器3作爲授權服務將控制檯應用程序的授權設置爲WebAPI端點。這不是一個自我託管的API,它將面向公衆。我試圖通過身份服務器上的文檔,我有API運行和IdentityServer獨立運行。我遇到問題的地方是獲取api路由來檢查授權,並從身份服務器請求/接收訪問令牌。使用身份服務器3將計算機設置爲計算機(控制檯到WebAPI)授權
在身份服務器我已經在startup.cs文件中定義爲:
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
var corsPolicyService = new DefaultCorsPolicyService()
{
AllowAll = true
};
var defaultViewServiceOptions = new DefaultViewServiceOptions();
defaultViewServiceOptions.CacheViews = false;
var idServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
idServerServiceFactory.CorsPolicyService = new
Registration<IdentityServer3.Core.Services.ICorsPolicyService>(corsPolicyService);
idServerServiceFactory.ConfigureDefaultViewService(defaultViewServiceOptions);
var options = new IdentityServerOptions
{
Factory = idServerServiceFactory,
SiteName = "Sumbission Security Token Service",
SigningCertificate = LoadCertificate(),
IssuerUri = "https://samplesubmission/identity",
PublicOrigin = "https://localhost:44306",
};
idsrvApp.UseIdentityServer(options);
});
}
X509Certificate2 LoadCertificate()
{
return new X509Certificate2(
string.Format(@"{0}\certificates\idsrv3test.pfx",
AppDomain.CurrentDomain.BaseDirectory), "idsrv3test");
}
而且web.config文件中的IdSrv我加
的WebAPI包含以下
public class SampleController: ApiController
{
[Route("test")]
public IHttpActionResult Get()
{
var caller = User as ClaimsPrincipal;//grants access to claim from access token
Message msg = new Message
{
Msg = "Connction made with secure api" + DateTime.Now,
// Client = caller.FindFirst("client_id").Value
};
return Json(msg);
}
}
public class Message
{
public string Msg { get; set; }
public string Client { get; set; }
}
startup.cs
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44306/identity",
RequiredScopes = new[] { "vendorsubmission" },
});
}
}
在API中禁用OWIn我可以撥打電話,如https://localhost:44307/test
,並擊中端點。
控制檯應用程序包含這Program.cs中
class Program
{
static void Main(string[] args)
{
var response = GetClientToken();
CallApi(response);
}
static void CallApi(TokenResponse response)
{
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
System.Console.WriteLine(client.GetStringAsync("http://localhost:44307/test").Result);
}
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:44306/identity/connect/token",
"samplecnsl", //client name
"F621F470-9731-4A25-80EF-67A6F7C5F4B8"); //secret
return client.RequestClientCredentialsAsync("vendorsubmission").Result;
}
}
當此執行任務的錯誤了(任務被取消)。我收到消息請求的資源不支持GET。我認爲這將是一個CORS的問題,但我的身份服務器上啓用CORS,我甚至添加到HTTP協議在web.config中:
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
任何人都可以提供關於如何讓控制檯應用程序來提供一些指導從身份服務器檢索令牌?我覺得這是一個授權問題。我在Dev IISExpres的本地運行這個,我目前正在使用由身份服務器源提供的證書。
感謝
就像後續的問題是證書。身份驗證失敗,因爲當前的證書是SHA1,加密是使用sha256。將證書更新爲SHA256加密解決了問題。 – rlcrews