Identity Server 4 ASP.NET快速入门“拒绝连接”

sauutmhj  于 2023-06-07  发布在  .NET
关注(0)|答案(2)|浏览(414)

我正在遵循Identity Server 4快速入门,尽管我一步一步地遵循它,但我遇到了一个奇怪的问题。
它说(从德语翻译)连接被目标计算机拒绝。奇怪的是,在API项目中,“我们”(我)说ValidateAudience = false,我认为这意味着令牌根本没有被验证。

// call api
var apiClient = new HttpClient();
apiClient.SetBearerToken(tokenResponse.AccessToken);

var response = await apiClient.GetAsync("https://localhost:6001/identity");
if (!response.IsSuccessStatusCode)
{
    Console.WriteLine(response.StatusCode);
}
else
{
    var content = await response.Content.ReadAsStringAsync();
    Console.WriteLine(JArray.Parse(content));
}

我真的很困惑。客户端确实得到了一个accessToken,所以这不是问题所在...希望如此
Github-Repo

Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token

[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Start token request.

[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Start client validation

[16:15:42 Debug] IdentityServer4.Validation.BasicAuthenticationSecretParser
Start parsing Basic Authentication secret

[16:15:42 Debug] IdentityServer4.Validation.PostBodySecretParser
Start parsing for secret in post body

[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Parser found secret: PostBodySecretParser

[16:15:42 Debug] IdentityServer4.Validation.ISecretsListParser
Secret id found: client

[16:15:42 Debug] IdentityServer4.Stores.ValidatingClientStore
client configuration validation for client client succeeded.

[16:15:42 Debug] IdentityServer4.Validation.ISecretsListValidator
Secret validator success: HashedSharedSecretValidator

[16:15:42 Debug] IdentityServer4.Validation.ClientSecretValidator
Client validation success

[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start token request validation

[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
Start client credentials token request validation

[16:15:42 Debug] IdentityServer4.Validation.TokenRequestValidator
client credentials token request validation success

[16:15:42 Information] IdentityServer4.Validation.TokenRequestValidator
Token request validation success, {"ClientId": "client", "ClientName": null, "GrantType": "client_credentials", "Scopes": "api1", "AuthorizationCode": null, "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "client_credentials", "scope": "api1", "client_id": "client", "client_secret": "***REDACTED***"}, "$type": "TokenRequestValidationLog"}

[16:15:42 Debug] IdentityServer4.Services.DefaultClaimsService
Getting claims for access token for client: client

[16:15:42 Debug] IdentityServer4.Endpoints.TokenEndpoint
Token request success.
czfnxgou

czfnxgou1#

我认为设置ValidateAudience = false只会忽略受众声明,但仍然验证令牌中的其他内容。
您可以将IncludeErrorDetails属性设置为true,如下所示:

.AddJwtBearer(options =>
        {

            options.Audience = "payment";
            options.Authority = "https://localhost:6001/";

            //True if token validation errors should be returned to the caller.
            options.IncludeErrorDetails = true;

当你将它设置为True时,你将在响应头中获得更多细节,比如:

HTTP/1.1 401 Unauthorized
Date: Sun, 02 Aug 2020 11:19:06 GMT
WWW-Authenticate: Bearer error="invalid_token", error_description="The signature is invalid"

为了进一步帮助您,请发布一个示例访问令牌和API配置(启动类)
请参阅本文了解更多详情。
为了补充这个答案,我写了一篇博客文章,更详细地介绍了这个主题:Troubleshooting JwtBearer authentication problems in ASP.NET Core

z0qdvdin

z0qdvdin2#

所以在API/Properties/lauchsettings中....当生成工程时,它使用默认的sheme,并且在该sheme中,它设置端口43033或smth

相关问题