小编ozg*_*rci的帖子

祝大家新年快乐...

我配置了一个IdentityServer4,我可以成功完成ASP.net Core web api调用.但对于asp.net framework 4.5.2 web apis,我得到{"响应状态代码并不表示成功:401(未授权)."}来自.NET框架web api的错误.我想问你的帮助和意见.

我用IS4搜索了这个主题,并找到了一些关于IdentityServer3.AccessTokenValidation兼容性的条目.根据回复,我加载了一个签名证书并称为AddSigningCredential而不是AddTemporarySigninCredential.x509certificate是本地创建的证书.我将IdentityServer3.AccessTokenValidation版本更新为v2.13.0.

我还是得到了错误.任何帮助表示赞赏.

关心并感谢您的努力.

IdentityServer 4端:Startup.cs

public void ConfigureServices(IServiceCollection services)
        {
                services
                .AddIdentityServer()                
                //.AddTemporarySigningCredential()
                .AddSigningCredential(x509Certificate)
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients())
                .AddAspNetIdentity<ApplicationUser>();
}

Config.cs

    public static IEnumerable<ApiResource> GetApiResources()
            {
                return new List<ApiResource>
                {
                    new ApiResource("AuthorizationWebApi","Authorization Web API .NET Core"),
                    new ApiResource("AuthorizationWebApiNetFramework","Authorization Web API NET Framework"),
                new ApiResource("api1", "Empty Test Api")
                };

            }

        public static IEnumerable<Client> GetClients()
        {
            return new List<Client> {
new Client {
                    ClientId = "silicon",
                    ClientName = "console app",
                    AllowedGrantTypes = GrantTypes.ClientCredentials, …

在第1期和第2期之后,我无法从IS4退出.本地ASP.NET cookie不会被删除,我无法重新登录IS4.

它适用于Core MVC应用程序,但对于MVC5则不适用.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = "TRUX.NET",
        Authority = baseAddress,
        RedirectUri = $"http://localhost:2510/signin-oidc",
        PostLogoutRedirectUri = $"http://localhost:2510/signout-callback-oidc",
        ResponseType = "code id_token",
        Scope = "openid profile offline_access custom.profile AuthorizationWebApi Common.WebApi",

        TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = "name",
            RoleClaimType = "role"
        },

        SignInAsAuthenticationType = "Cookies",
--------
                    RedirectToIdentityProvider = n =>
                {
                    // if signing out, add the id_token_hint
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
                        if (idTokenHint != null)
                        {
                            n.ProtocolMessage.IdTokenHint = idTokenHint.Value; …

我打算将identityserver4与LDAP场景一起使用.这是一次可能而且合理的尝试吗？:)我想我应该实现像QuickStart.UI的InMemoryUserLoginService这样的LoginService.

当IS4正式发布时？关于那个的任何信息？

感谢致敬.