Identity Server 4(2.0)无法读取Asp.Net Core身份cookie [英] Identity Server 4 (2.0) not reading Asp.Net Core Identity cookies
问题描述
我正在尝试使用 Identity Server 4 的Asp .Net Identity Core .我可以在日志(Ids)中看到该用户已正确登录.
I am trying to use Asp .Net Identity Core with Identity Server 4. I can see in the logs (Ids) that the user is logged in properly.
信息:Xena.IdentityServer.Controllers.AccountController [0] 用户已登录.
info: Xena.IdentityServer.Controllers.AccountController[0] User logged in.
然后,我的登录控制器将用户发送到我的管理控制器.
My login controller then sends the user over to my Manage controller.
[Route("[controller]/[action]")]
[Authorize]
//[Authorize(AuthenticationSchemes = "Identity.Application")]
public class ManageController : Controller
{
[HttpGet]
public async Task<IActionResult> Index(ManageMessageId? message = null)
{
.....
}
}
用户永远不会到达,因为由于某种原因导致登录名丢失.
The User never arrives as the login is then lost for some reason.
info: Microsoft.AspNetCore.Mvc.RedirectToActionResult[2]
Executing RedirectResult, redirecting to /Manage/Index.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Xena.IdentityServer.Controllers.AccountController.Login (Xena.IdentityServer) in 3493.6102ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 3515.9158ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request starting HTTP/1.1 GET http://localhost:5000/Manage/Index
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed for user: (null).
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[2]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Xena.IdentityServer.Controllers.ManageController.Index (Xena.IdentityServer) in 46.2285ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 58.6793ms 401
我认为部分线索是这行Authorization failed for user: (null).
我可以看到cookie在浏览器中.只是不被阅读.
I think part of the clue is this line Authorization failed for user: (null).
I can see that the cookie is in the browser. Its just not being read.
据我了解,身份服务器4具有其自己的cookie,而Asp .Net核心身份具有其cookie,因此它们需要读取相同的cookie.我已经尝试按照使用ASP.NET Core身份,但是它没有帮了忙.
From what I understand Identity server 4 has its own cookies and Asp .Net core Identity has its and they need to be reading the same cookie. I have tried following Using ASP.NET Core Identity but it hasn't helped.
身份服务器项目中的启动
//Adds Asp.net identity
services.AddDbContext<ApplicationDbContext>(builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection")));
// Configuer Asp.net Identity
services.AddIdentity<ApplicationUser, IdentityRole<long>>(config =>
{
config.Password.RequireDigit = true;
config.Password.RequireLowercase = true;
config.Password.RequireNonAlphanumeric = false;
config.Password.RequireUppercase = true;
config.Password.RequiredLength = 8;
config.User.RequireUniqueEmail = true;
config.SignIn.RequireConfirmedEmail = true;
config.SignIn.RequireConfirmedPhoneNumber = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager<ApplicationSignInManager>() // Adds custom SignIn manager.
.AddDefaultTokenProviders();
//https://identityserver4.readthedocs.io/en/release/topics/signin.html
services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityConstants.ApplicationScheme;
})
.AddGoogle("Google", options =>
{
options.AccessType = "offline";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "xxxxx-jvu30c2n19thoqimd97b4jk1r2poh17p.apps.googleusercontent.com";
options.ClientSecret = "g29nXgVoFZBIBNS-hJJxPWXW";
}).AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "OpenID Connect", options =>
{
options.SaveTokens = true;
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.RequireHttpsMetadata = settingsSetup.RequireHttpsMetadata;
options.Authority = settingsSetup.Authority;
options.ClientId = "testclient";
options.Scope.Add("testapi");
options.ResponseType = OpenIdConnectResponseType.IdTokenToken;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
services.AddIdentityServer()
.AddSigningCredential(LoadCertificate())
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection"),
sql => sql.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(Configuration.GetConnectionString("XenaIdentityConnection"),
sql => sql.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>();
添加以下内容确实可以解决我的管理/索引问题.但是,它不起作用,因为打开的Id连接登录将不起作用,因为它使用Identity Server中的内部控制器进行身份验证,而我无法/不想使其过载.我需要弄清楚如何使Identity Server 4使用由Aspnet身份设置的cookie,反之亦然.
Adding the following does fix my issue with manage/index. However it doesn't work because then the open Id connect login wont work because that uses internal controllers within Identity Server for authentication that I cant / don't want to overload. I need to figure out how to get Identity Server 4 to use the cookie set by Aspnet identity or visa versa.
//[Authorize(AuthenticationSchemes ="Identity.Application")]
//[Authorize(AuthenticationSchemes = "Identity.Application")]
This solution came from a previous question i asked on Stack I have opened a new one because i am leaning towards this being a setup issue with Identity server rather than an issue with Identity cookies
推荐答案
今天早上我终于弄清楚了这个问题.部分原因是由于我有一个使用IdentityConstant cookie的自定义登录管理器.
I finally figured out the problem this morning. Part of the problem was due to the fact that I have a custom signin manager which uses the IdentityConstant cookies.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = IdentityConstants.ApplicationScheme;
})
需要同时设置DefaultAuthenticateScheme和DefaultChallengeScheme.然后一切都会正常进行.
Both DefaultAuthenticateScheme and DefaultChallengeScheme need to be set. Then everything works as it should.
这篇关于Identity Server 4(2.0)无法读取Asp.Net Core身份cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!