我正在尝试使用AspNew.Security.OpenIdConnect.Server来发布令牌并使用Microsoft.AspNetCore.Authentication.JwtBearer进行验证,从而使一个简单的端点正常工作,从而解决并使用JWT令牌.
我可以生成令牌,但尝试验证令牌失败并显示错误 Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token: {token}
在这一点上,我已经删除了所有内容并具有以下内容:
project.json
{
"dependencies": {
"Microsoft.AspNetCore.Mvc": "1.0.0-rc2-final",
"Microsoft.AspNetCore.Server.IISIntegration": "1.0.0-rc2-final",
"Microsoft.AspNetCore.Server.Kestrel": "1.0.0-rc2-final",
"Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0-rc2-final",
"Microsoft.Extensions.Configuration.FileExtensions": "1.0.0-rc2-final",
"Microsoft.Extensions.Configuration.Json": "1.0.0-rc2-final",
"Microsoft.Extensions.Logging": "1.0.0-rc2-final",
"Microsoft.Extensions.Logging.Console": "1.0.0-rc2-final",
"Microsoft.Extensions.Logging.Debug": "1.0.0-rc2-final",
"AspNet.Security.OAuth.Validation": "1.0.0-alpha1-final",
"AspNet.Security.OpenIdConnect.Server": "1.0.0-beta5-final",
"Microsoft.AspNetCore.Authentication": "1.0.0-rc2-final",
"Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-rc2-final"
},
"tools": {
"Microsoft.AspNetCore.Server.IISIntegration.Tools": {
"version": "1.0.0-preview1-final",
"imports": "portable-net45+win8+dnxcore50"
}
},
"frameworks": {
"net461": { }
},
"buildOptions": {
"emitEntryPoint": true,
"preserveCompilationContext": true
},
"publishOptions": {
"include": [
"wwwroot",
"Views",
"appsettings.json",
"web.config"
]
},
"scripts": …authentication jwt openid-connect aspnet-contrib asp.net-core
我已使用和使用"Microsoft.AspNetCore.Authentication.OpenIdConnect":"1.0.0和"Microsoft.AspNetCore.Authentication.Cookies":"1.0.0"的asp.net核心mvc应用程序配置了ASOS OpenIdConnect服务器.我已经测试了"授权代码"工作流程,一切正常.
客户端Web应用程序按预期处理身份验证,并创建一个存储id_token,access_token和refresh_token的cookie.
如何强制Microsoft.AspNetCore.Authentication.OpenIdConnect在过期时请求新的access_token?
asp.net核心mvc应用程序忽略过期的access_token.
我想让openidconnect看到过期的access_token然后使用刷新令牌进行调用以获得新的access_token.它还应该更新cookie值.如果刷新令牌请求失败,我希望openidconnect"注销"cookie(删除它或其他东西).
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = "myClient",
ClientSecret = "secret_secret_secret",
PostLogoutRedirectUri = "http://localhost:27933/",
RequireHttpsMetadata = false,
GetClaimsFromUserInfoEndpoint = true,
SaveTokens = true,
ResponseType = OpenIdConnectResponseType.Code,
AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet,
Authority = http://localhost:27933,
MetadataAddress = "http://localhost:27933/connect/config",
Scope = { "email", "roles", "offline_access" },
});
我正在使用AspNet.Security.OpenIdConnect.Server来发出JWT令牌,并将AuthorizationCodeLifetime设置为30秒进行测试.这是我用来设置选项的代码片段
options.TokenEndpointPath = "/api/token";
options.AllowInsecureHttp = true;
options.AccessTokenHandler = new JwtSecurityTokenHandler();
options.SigningCredentials.Add(new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256));
options.AccessTokenLifetime = TimeSpan.FromSeconds(30);
options.AuthorizationCodeLifetime = TimeSpan.FromSeconds(30);
返回的令牌包含:
"expires_in": 30,
并且反序列化的令牌包含以下声明:
"nbf": 1476915220,
"exp": 1476915250,
"iat": 1476915220,
如您所见,exp(过期时间)是在iat(发布时间)之后30秒.然而,令牌在到期后5分钟才触发401 Unauthorized.如果我们将exp号码插入http://www.epochconverter.com/,那么我们将看到这个评估结果为2016年10月19日星期三格林威治标准时间22:14:10,当地时间是下午5:14:10.
以下是Core库的一些记录输出:
Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired.
ValidTo: '10/19/2016 22:14:10'
Current time: '10/19/2016 22:19:10'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable`1 notBefore, Nullable`1 expires, JwtSecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware[7] …我正在尝试使用OpenId将ASP.NET应用程序连接到Salesforce,目前这是我的连接代码到目前为止.我想除了redirect_uri参数之外我得到了所有东西,它必须与另一端的值完全匹配.
app.UseCookieAuthentication(x =>
{
x.AutomaticAuthenticate = true;
x.CookieName = "MyApp";
x.CookieSecure = CookieSecureOption.Always;
x.AuthenticationScheme = "Cookies";
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseOpenIdConnectAuthentication(x =>
{
x.AutomaticAuthenticate = true;
x.Authority = "https://login.salesforce.com";
x.ClientId = "CLIENT_ID_HERE";
x.ResponseType = "code";
x.AuthenticationScheme = "oidc";
x.CallbackPath = new PathString("/services/oauth2/success");
//x.RedirectUri = "https://login.salesforce.com/services/oauth2/success";
x.Scope.Add("openid");
x.Scope.Add("profile");
x.Scope.Add("email");
});
但是RedirectUri不是要传递的有效参数.设置它的正确方法是什么?
所以我对我的project.json进行了更改,导致重新恢复,这会产生一堆无法解析的依赖项.你怎么知道这里发生了什么?这肯定是有效的,因为我写了很多针对这个project.json文件的代码.
"dependencies": {
"EntityFramework.Commands": "7.0.0-*",
"Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
"Microsoft.AspNet.Diagnostics.Entity": "7.0.0-*",
"Microsoft.AspNet.Identity.EntityFramework": "3.0.0-*",
"Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",
"Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc2-*",
"Microsoft.AspNet.Mvc": "6.0.0-*",
"Microsoft.AspNet.Hosting": "1.0.0-*",
"Microsoft.AspNet.Server.Kestrel": "1.0.0-*",
"Microsoft.AspNet.StaticFiles": "1.0.0-*",
"Microsoft.Extensions.Configuration.Json": "1.0.0-*",
"AspNet.Security.OAuth.Validation": "1.0.0-*",
"OpenIddict": "1.0.0-*",
"System.IdentityModel.Tokens.Jwt": "5.0.0-rc2-301150021",
"Microsoft.Extensions.Logging.Console": "1.0.0-rc2-15958",
"Microsoft.Extensions.Logging.Debug": "1.0.0-rc2-15958",
"EntityFramework.Sqlite": "7.0.0-rc2-*",
"EntityFramework.Sqlite.Design": "7.0.0-rc1-final",
"Microsoft.Extensions.PlatformAbstractions": "1.0.0-*"
}
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.staticfiles/index.json 514ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.identity.entityframeworkcore/index.json 498ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.hosting.abstractions/index.json 1743ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.authentication/index.json 1745ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.extensions.fileproviders.embedded/index.json 1791ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.extensions.fileproviders.composite/index.json 1859ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.identity/index.json 1892ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.cors/index.json 1901ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.mvc/index.json 1875ms
NotFound https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.hosting/index.json 1887ms
NotFound https://api.nuget.org/v3-flatcontainer/openiddict/index.json 1720ms
我试图找到一种方法,使我的API能够将Facebook用户与我的身份用户相关联.
应用程序上下文
我正在开发一个移动应用程序(在Xamarin中),需要使用用户名/密码和Facebook进行登录.我已经设置了app.UseOpenIdConnectServer配置并创建了自定义,Provider因此我的应用程序已经在使用用户名/密码.
现在我正试图与Facebook进行这种集成,而不是找到一种方法来实现这一目标.
我正在考虑在API中创建服务,例如从Facebook /api/auth/login-facebook/传递,access-token但我需要将access-token我的API应用程序返回到移动应用程序,以便移动应用程序可以调用所有需要授权的其他服务.
对此有何帮助?
我想要获得的视觉方式:
/api/auth/login-facebook/传递access-tokenaccess-token与Facebook包access-token授予访问我的API应用程序的权限access-token授予访问我的API应用程序的权限access-token移动应用程序,以便可以调用其他服务如果我的知识有误并且我应该以其他方式进行此集成/登录,请随意告诉我!
在过去的7天中,我尝试使用OpenIdConnect.Server资源所有者流来设置ASP.NET 5 WebApi 。
我或多或少成功地生成了令牌并访问了[Authorize]受保护的操作。
但是,当我尝试访问时this.User.Identity.Claims,它是空的。我现在正在使用ASP.NET 5,beta6(在升级到最新的beta7并等待其正式发布时遇到了麻烦)
在Startup.cs中,我得到了以下内容:
public void ConfigureServices(IServiceCollection services)
{
services.AddCaching();
services.AddEntityFramework()
.AddSqlServer()
.AddDbContext<AuthContext>(options =>
{
options.UseSqlServer(Configuration.Get("Data:DefaultConnection:ConnectionString"));
});
services.AddIdentity<AuthUser, AuthRole>(
options => options.User = new Microsoft.AspNet.Identity.UserOptions
{
RequireUniqueEmail = true,
UserNameValidationRegex = "^[a-zA-Z0-9@_\\.-]+$"
})
.AddEntityFrameworkStores<AuthContext, Guid>()
.AddDefaultTokenProviders();
services.ConfigureCors(configure =>
{
configure.AddPolicy("CorsPolicy", builder =>
{
builder.WithOrigins("http:/localhost/", "http://win2012.bludev.com/");
});
});
services.AddScoped<IAuthRepository, AuthRepository>();
}
public void Configure(IApplicationBuilder app)
{
var factory = app.ApplicationServices.GetRequiredService<ILoggerFactory>();
factory.AddConsole();
app.UseStaticFiles();
app.UseOAuthBearerAuthentication(options =>
{
options.Authority = "http://win2012.bludev.com/api/auth/";
options.Audience = "http://win2012.bludev.com/"; …c# claims-based-identity openid-connect aspnet-contrib asp.net-core
我正在使用Identity 3.0创建Web应用程序,并且遇到SignInManager PasswordSignInAsync()方法的问题.我在文档中使用它,但它没有返回任何内容(应用程序代码只是停在那里)这是我的控制器代码:
public class AppController : Controller
{
private IAccountService _service;
private readonly SignInManager<User> _signInManager;
private UserManager<User> _userManager;
public AppController(IAccountService service, SignInManager<User> signInManager, UserManager<User> userManager)
{
_service = service;
_signInManager = signInManager;
_userManager = userManager;
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
var password = await _userManager.CheckPasswordAsync(user, model.Password);
var result = await _signInManager.PasswordSignInAsync(
model.Email,
model.Password,
model.RememberMe,
lockoutOnFailure: false);
if (result.Succeeded)
{
return RedirectToAction(nameof(EmployeeController.Contact), "Employee");
}
if (result.IsLockedOut)
{ …asp.net asp.net-mvc asp.net-identity asp.net-identity-3 asp.net-core
你好,
在我的ASP.NET Core应用程序中,我正在使用OpenIdConnectServer进行Api身份验证。一切正常。
但是我无法解决一件事-如何设置自定义文件夹以保留令牌签名密钥?
在服务配置中,我有:
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"keys/"));
首次运行后,将在此处创建一个应用程序密钥。但是OpenIdServer可以自行管理密钥。
app.UseOpenIdConnectServer(options => {
...
options.DataProtectionProvider = app.ApplicationServices.GetDataProtectionProvider();
...
});
尽管如此,凭据签名密钥还是在默认位置创建的:
A new RSA key ... persisted on the disk: /home/.../.aspnet/aspnet-contrib/oidc-server/<some guid>.key.
那是错误还是功能?如何强制服务器将密钥也存储在keys/文件夹中?
摘要-为什么要这样做:
我的想法是从n个 docker镜像构建一个API ,将其隐藏在负载平衡器之后,然后在云中运行。问题是-当docker中的每个实例创建其自己的应用程序和签名密钥时,加密的auth令牌将不适用于除已用其密钥创建并签名令牌的其他实例以外的任何其他实例。因此,我试图将相同的密钥分配给每个运行的docker映像。如果可能,到预定义的应用程序文件夹。
还是有更好的方法或最佳做法?
预先谢谢你。
c# openid-connect aspnet-contrib asp.net-core asp.net-core-1.0
我正在使用配置为使用json web令牌的openiddict:
// Add authentication
services.AddAuthentication();
// Add OpenId Connect/OAuth2
services.AddOpenIddict()
.AddEntityFrameworkCoreStores<ApplicationDbContext>()
.AddMvcBinders()
.EnableTokenEndpoint("/connect/token")
.AllowPasswordFlow()
.AllowRefreshTokenFlow()
.UseJsonWebTokens() // access_token should be jwt
// You can disable the HTTPS requirement during development or if behind a reverse proxy
.DisableHttpsRequirement()
// Register a new ephemeral key, that is discarded when the application
// shuts down. Tokens signed using this key are automatically invalidated.
// To be used during development
.AddEphemeralSigningKey();
我通过以下方式配置JWT中间件:
// Add Jwt middleware for authentication
var secretKey = Configuration.Get<AppOptions>().Jwt.SecretKey;
app.UseJwtBearerAuthentication(new …asp.net-core ×9
c# ×4
jwt ×3
openiddict ×2
.net ×1
asp.net ×1
asp.net-mvc ×1
cookies ×1
facebook ×1