ASP.Net Core 1.1 MVC 应用程序中的 401 Unauthorized with IdentityServer3
401 Unauthorized with IdentityServer3 In ASP.Net Core 1.1 MVC Application
我在过去的一年中将 IdentityServer3 与多个应用程序一起使用。所有这些应用程序都在 .Net Framework 4.5 上 运行。现在我已经创建了 ASP.Net Core MVC (1.1) 应用程序,我想使用我的 IdentityServer 来保护这个应用程序。但我正在努力让它发挥作用。我收到 401 未经授权的错误。
这是我使用的配置:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "<IdentityServer URL>",
RequireHttpsMetadata = false,
ClientId = "clientid",
ResponseType = "token id_token",
Scope = { "openid","email"},
SaveTokens = true,
PostLogoutRedirectUri = "http://localhost:29995/",
Scope = { "openid, email" },
ResponseType = "id_token token",
Events = new OpenIdConnectEvents()
{
OnTokenValidated = (context) =>
{
//my code
return Task.FromResult(0);
}
}
});
当我尝试访问安全页面时,我收到 401 Unauthorized。它甚至不会转到 IdentityServer 的登录页面。
Url 它正试图攻击
https://<IdentityServerUrl>/connect/authorize?client_id=APITestweb&redirect_uri=http://localhost:29995/signin-oidc&response_type=code id_token&scope=openid profile email&response_mode=form_post&nonce=<data>&state=<data>
客户端 ID 和 url 配置正确。我尝试创建另一个 ASP.Net MVC 应用程序(不是 ASP.Net 核心)并且使用相同的配置信息工作得很好。
请帮忙。
[编辑] 添加日志信息
[Debug] Executing action "WebClient.Controllers.HomeController.About (WebClient)"
[Information] Authorization failed for user: null.
[Warning] Authorization failed for the request at filter '"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"'.
[Information] Executing ChallengeResult with authentication schemes ([]).
[Debug] AuthenticationScheme: "Cookies" was not authenticated.
[Verbose] Entering "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler"'s HandleUnauthorizedAsync.
[Verbose] Using properties.RedirectUri for 'local redirect' post authentication: '"http://localhost:29995/Home/About"'.
[Debug] Reading data from file '"C:\path\DataProtection-Keys\key-2a848b38-3cf4-4c57-b8ef-4c0b56c83993.xml"'.
[Debug] Found key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993}.
[Debug] Considering key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with expiration date 2017-03-08 21:08:54Z as default key.
[Debug] Decrypting secret element using Windows DPAPI.
[Debug] Opening CNG algorithm '"AES"' from provider 'null' with chaining mode CBC.
[Debug] Opening CNG algorithm '"SHA256"' from provider 'null' with HMAC.
[Debug] Using key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} as the default key.
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Information] AuthenticationScheme: "oidc" was challenged.
[Information] Request finished in 1301.6524ms 401
[Debug] Connection id ""0HL10CR7G2G0J"" completed keep alive response.
如果您使用的是 Microsoft.AspNetCore.Authentication.OpenIdConnect v.1.1.0,则当前存在一个错误(或称重大更改)。
对我来说,1.0.0 包仍然有效,所以检查降级是否有帮助。
Link to GitHub issue on change introduced in 1.1.0 and why it was breaking
我在过去的一年中将 IdentityServer3 与多个应用程序一起使用。所有这些应用程序都在 .Net Framework 4.5 上 运行。现在我已经创建了 ASP.Net Core MVC (1.1) 应用程序,我想使用我的 IdentityServer 来保护这个应用程序。但我正在努力让它发挥作用。我收到 401 未经授权的错误。
这是我使用的配置:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "Cookies",
Authority = "<IdentityServer URL>",
RequireHttpsMetadata = false,
ClientId = "clientid",
ResponseType = "token id_token",
Scope = { "openid","email"},
SaveTokens = true,
PostLogoutRedirectUri = "http://localhost:29995/",
Scope = { "openid, email" },
ResponseType = "id_token token",
Events = new OpenIdConnectEvents()
{
OnTokenValidated = (context) =>
{
//my code
return Task.FromResult(0);
}
}
});
当我尝试访问安全页面时,我收到 401 Unauthorized。它甚至不会转到 IdentityServer 的登录页面。
Url 它正试图攻击
https://<IdentityServerUrl>/connect/authorize?client_id=APITestweb&redirect_uri=http://localhost:29995/signin-oidc&response_type=code id_token&scope=openid profile email&response_mode=form_post&nonce=<data>&state=<data>
客户端 ID 和 url 配置正确。我尝试创建另一个 ASP.Net MVC 应用程序(不是 ASP.Net 核心)并且使用相同的配置信息工作得很好。
请帮忙。
[编辑] 添加日志信息
[Debug] Executing action "WebClient.Controllers.HomeController.About (WebClient)"
[Information] Authorization failed for user: null.
[Warning] Authorization failed for the request at filter '"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"'.
[Information] Executing ChallengeResult with authentication schemes ([]).
[Debug] AuthenticationScheme: "Cookies" was not authenticated.
[Verbose] Entering "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler"'s HandleUnauthorizedAsync.
[Verbose] Using properties.RedirectUri for 'local redirect' post authentication: '"http://localhost:29995/Home/About"'.
[Debug] Reading data from file '"C:\path\DataProtection-Keys\key-2a848b38-3cf4-4c57-b8ef-4c0b56c83993.xml"'.
[Debug] Found key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993}.
[Debug] Considering key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with expiration date 2017-03-08 21:08:54Z as default key.
[Debug] Decrypting secret element using Windows DPAPI.
[Debug] Opening CNG algorithm '"AES"' from provider 'null' with chaining mode CBC.
[Debug] Opening CNG algorithm '"SHA256"' from provider 'null' with HMAC.
[Debug] Using key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} as the default key.
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Verbose] Performing protect operation to key {2a848b38-3cf4-4c57-b8ef-4c0b56c83993} with purposes "('project path', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware', 'System.String', 'oidc', 'v1')".
[Information] AuthenticationScheme: "oidc" was challenged.
[Information] Request finished in 1301.6524ms 401
[Debug] Connection id ""0HL10CR7G2G0J"" completed keep alive response.
如果您使用的是 Microsoft.AspNetCore.Authentication.OpenIdConnect v.1.1.0,则当前存在一个错误(或称重大更改)。
对我来说,1.0.0 包仍然有效,所以检查降级是否有帮助。
Link to GitHub issue on change introduced in 1.1.0 and why it was breaking