使用IdentityServer3保护IdentityManager [英] Secure IdentityManager with IdentityServer3
本文介绍了使用IdentityServer3保护IdentityManager的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在我的设置中,我在IdentityServer的同一主机上具有IdentityManager. 所有必需的配置都在数据库上.
In my setup I have IdentityManager on the same host of IdentityServer. All the required configuration is on database.
要创建我的设置,我已经考虑了stackoverflow.com上的这个问题,然后按照此 github问题.
To create my setup I have taken in consideration this question on stackoverflow.com and then followed all the regarding discussion on this github issue.
我还订阅了Gitter,以查找所提及的SO问题中提到的对话.我的设置几乎与@ilter的设置相同.
I have also subscribed to Gitter to find the conversation mentioned on the SO question referenced. My setup is almost identical to the one of @ilter.
但是,就我而言,我不断获得
However in my case I keep getting
错误:您无权使用此服务.
Error: You are not authorized to use this service.
通过查看日志,我没有发现任何错误,但似乎一切正常
By looking at the log I dont find any error but it seems that everything is ok
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.578 +01:00 [Information] User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.587 +01:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.588 +01:00 [Information] Redirecting to login page
2016-02-28 01:15:48.598 +01:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",\"ClientId\":\"idmgr_client\",\"AcrValues\":[],\"Created\":635922153485649371}"
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.636 +01:00 [Information] Login page requested
2016-02-28 01:15:48.657 +01:00 [Debug] signin message passed to login: "{
\"ReturnUrl\": \"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",
\"ClientId\": \"idmgr_client\",
\"IdP\": null,
\"Tenant\": null,
\"LoginHint\": null,
\"DisplayMode\": null,
\"UiLocales\": null,
\"AcrValues\": [],
\"Created\": 635922153485649371
}"
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.676 +01:00 [Information] rendering login page
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.024 +01:00 [Information] Login page submitted
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.117 +01:00 [Information] Login credentials successfully validated by user service
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.123 +01:00 [Information] Calling PostAuthenticateAsync on the user service
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.127 +01:00 [Information] issuing primary signin cookie
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.131 +01:00 [Information] redirecting to: https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https:%2F%2Flocalhost:44304&response_mode=form_post&response_type=id_token&scope=openid idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request protocol validation
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.165 +01:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"idmgr_client\",
\"ClientName\": \"IdentityManager\",
\"RedirectUri\": \"https://localhost:44304\",
\"AllowedRedirectUris\": [
\"https://localhost:44304\"
],
\"SubjectId\": \"8029ac3e-72cb-4fc9-907b-eb99feecbbd6\",
\"ResponseType\": \"id_token\",
\"ResponseMode\": \"form_post\",
\"Flow\": \"Implicit\",
\"RequestedScopes\": \"openid idmgr\",
\"State\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\",
\"Nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",
\"SessionId\": \"3c7c7e15d39b88d0989e7051b02502bd\",
\"Raw\": {
\"client_id\": \"idmgr_client\",
\"redirect_uri\": \"https://localhost:44304\",
\"response_mode\": \"form_post\",
\"response_type\": \"id_token\",
\"scope\": \"openid idmgr\",
\"state\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\",
\"nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\"
}
}"
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Creating Implicit Flow response.
2016-02-28 01:17:42.170 +01:00 [Debug] Creating identity token
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Getting claims for identity token for subject: 8029ac3e-72cb-4fc9-907b-eb99feecbbd6
2016-02-28 01:17:42.177 +01:00 [Debug] Creating JWT identity token
2016-02-28 01:17:42.189 +01:00 [Debug] Adding client "idmgr_client" to client list cookie for subject "8029ac3e-72cb-4fc9-907b-eb99feecbbd6"
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] End authorize request
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] Posting to https://localhost:44304
2016-02-28 01:17:42.190 +01:00 [Debug] Using DefaultViewService to render authorization response HTML
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.438 +01:00 [Information] User is authenticated from Cookies
有什么建议吗?
推荐答案
可能您的用户没有角色: IdentityManagerAdministrator .在IdentityManager Web API配置中,我可以看到以下授权过滤器,其中管理员角色名称为IdentityManagerAdministrator.
It maybe your user doesn't have the role: IdentityManagerAdministrator. In IdentityManager web API config I can see following authorize filter where admin role name is IdentityManagerAdministrator.
config.Filters.Add(new AuthorizeAttribute() { Roles = options.SecurityConfiguration.AdminRoleName });
尝试将该角色声明添加到您已登录的用户,或更改过滤器以检查当前用户具有的其他任何角色.
Try adding that role claim to your logged in user, or change the filter to check for any other role your current user has.
这篇关于使用IdentityServer3保护IdentityManager的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
