身份服务器4令牌未在使用身份服务器3的.NetFramework Api中验证 [英] Identity server 4 token not validate in .NetFramework Api that use Identity Server 3

问题描述

在我的使用idsv4并在端口"5000"上运行的Identityserver应用程序中，有一个客户端

In my identityserver app that use idsv4 and run on port "5000" have a client

            new Client
           {
            ClientId = "client",

            // no interactive user, use the clientid/secret for authentication
            AllowedGrantTypes = GrantTypes.ClientCredentials,

            // secret for authentication
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            // scopes that client has access to
            AllowedScopes = { "api1" }
        }`

以及在我的.Net Framework Api的启动类中，其使用端口号"7001":

and in my .Net Framework Api's startup class that use port no "7001" :

app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
  Authority = "http://localhost:5000",
  ValidationMode = ValidationMode.ValidationEndpoint,

        RequiredScopes = new[] { "api1" }
    });`

最后在我的客户端中成功捕获令牌:

and finally in my client catch token successfully:

    static TokenResponse GetClientToken()
    {
       var client = new TokenClient(
       "http://localhost:5000/connect/token",
       "client",
       "secret");

    return client.RequestClientCredentialsAsync("api1").Result;
}`

但是当我使用此令牌调用api时:

but when i use this token to call api:

static void CallApi(TokenResponse response)
{
   var client = new HttpClient();
   client.SetBearerToken(response.AccessToken);

   Console.WriteLine(client.GetStringAsync("http://localhost:7001/api/identity/get").Result);
}

客户端抛出异常:

响应状态代码不指示成功:401(未授权). 我已经在核心api中完成了所有这些操作，一切正常！

Response status code does not indicate success: 401 (Unauthorized). I have done all of them in core api and every things are ok!!

推荐答案

切换到X509证书而不是示例随附的证书后，一切正常.

After switching to X509 certificate instead of the certificate that comes with the samples, everything started working fine.

摆脱.AddDeveloperSigningCredential()并使用.AddSigningCredential(GET_THE_CERT_FROM_YOUR_CERT_STORE)

Get rid of .AddDeveloperSigningCredential() and use .AddSigningCredential(GET_THE_CERT_FROM_YOUR_CERT_STORE)

这篇关于身份服务器4令牌未在使用身份服务器3的.NetFramework Api中验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！