如何将Identity Server与.NET Core 2.1配合使用? [英] How do I use Identity Server with .NET Core 2.1?

问题描述

我正在尝试让Identity Server在ASP.NET Core 2.1项目上工作，并且已经按照在此，但是，我意识到这些是针对ASP.NET Core 2.0的.

I am trying to get Identity Server working on an ASP.NET Core 2.1 project and I have followed the instructions here, however, I realize those are for ASP.NET Core 2.0.

MVC客户端中的启动看起来像这样:

The Startup in the MVC client looks like this:

services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";
})
    .AddCookie("Cookies")
    .AddOpenIdConnect("oidc", options =>
    {
        options.SignInScheme = "Cookies";
        options.Authority = "http://localhost:5000";
        options.RequireHttpsMetadata = false;
        options.ClientId = "mvc";
        options.ClientSecret = "secret";
        options.ResponseType = "code id_token";
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.Scope.Add("api1");
        options.Scope.Add("offline_access");
    });

使用ASP.NET Core 2.1，可以在以下位置访问身份组件:http://localhost/Identity/Account/Login.上面的代码将重定向到:http://localhost/Account/Login.我的第一个想法是替换以下行:

With ASP.NET Core 2.1 the identity component is accessed here: http://localhost/Identity/Account/Login. The code above is redirecting to: http://localhost/Account/Login. My first idea was to replace the following line:

options.Authority = "http://localhost:5000";

具有:

options.Authority = "http://localhost:5000/Identity";

但是，我然后收到一条错误消息:

However, I then get an error saying:

IOException:IDX10804:无法从以下位置检索文档:' http://localhost :5000/Identity/.well-known/openid-configuration '.".

这是因为路径需要为:' http://localhost:5000/.well-known/openid-configuration '.

This is because the path needs to be: 'http://localhost:5000/.well-known/openid-configuration'.

我可以通过路由解决此问题吗?我相信，如果我确保将对http://localhost:5000/Account/Login的所有请求都映射到http://localhost:5000/Identity/Account/Login，那么它将解决此问题.这是正确的，路线会是什么样?我无法获得使用区域(身份)的途径.

Can I fix this with routing? I believe if I ensure all requests to: http://localhost:5000/Account/Login are mapped to http://localhost:5000/Identity/Account/Login, then it will fix the issue. Is this correct and what would the route look like? I cannot get the route to work with an Area (Identity).

推荐答案

使用OpenID Connect时，不在Web应用程序上具有登录表单.您正在将登录职责委派给OpenID Connect提供程序.您的情况就是IdentityServer，它在单独的应用程序中运行.

When you are using OpenID Connect, you are not having a login form on the web application. You are delegating the login responsibility to the OpenID Connect provider. In your case, that is IdentityServer, which is running in a separate application.

因此，您无需在此处配置您的Web应用程序:权限 是IdentityServer的根URL，因此"http://localhost:5000"应该在此处正确.相反，您需要配置的是IdentityServer，以便在收到授权请求而无需用户登录的情况下将其重定向到正确的端点.

As such, it is not your web application you need to configure here: The authority is the root URL of your IdentityServer, so "http://localhost:5000" should be correct there. What you need to configure instead is IdentityServer to make it redirect to the right endpoints if it receives authorization requests without the user being logged in.

您可以在添加服务的IdentityServer应用程序的Startup中执行此操作:

You can do that in the Startup of your IdentityServer application, where you add the service:

services.AddIdentityServer(options =>
{
    options.UserInteraction.LoginUrl = "/Identity/Account/Login";
    options.UserInteraction.LogoutUrl = "/Identity/Account/Logout";
})

这篇关于如何将Identity Server与.NET Core 2.1配合使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！