gpt4 book ai didi

asp.net-identity - IdentityServer4 - 缺少子声明

转载 作者:行者123 更新时间:2023-12-03 14:33:58 25 4
gpt4 key购买 nike

我有一个 IdentityServer4 实例,我试图在 nginx 代理后面的 Docker 容器中运行它。我已经基于 Git 存储库中的 AspNet 身份示例,但是在用户成功注册新帐户后,我从 IdentityServer 收到“发生错误”并且日志显示
[07:46:39 ERR] An unhandled exception has occurred: sub claim is missing
System.InvalidOperationException: sub claim is missing
at IdentityServer4.IdentityServerPrincipal.AssertRequiredClaims(ClaimsPrincipal principal
at IdentityServer4.Hosting.IdentityServerAuthenticationService.AugmentPrincipal(ClaimsPrincipal principal
at IdentityServer4.Hosting.IdentityServerAuthenticationService.<SignInAsync>d__7.MoveNext

我的 Startup.cs 看起来像这样

var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().
var connectionString = Configuration.GetConnectionString("DefaultConnection");
var issuerUri = Configuration.GetSection("IssuerUri").Value;

services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));

services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();

services.AddTransient<IEmailSender, EmailSender>();

services.AddMvc();

services.AddCors(o => o.AddPolicy("CorsPolicy", b =>
{
b.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));

services.AddIdentityServer(options =>
{
options.IssuerUri = issuerUri;
options.PublicOrigin = issuerUri;
})
.AddDeveloperSigningCredential()

// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})

// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));

// this enables automatic token cleanup. this is optional.
//options.EnableTokenCleanup = true;
//options.TokenCleanupInterval = 30;
});

我一定错过了一些明显的配置,但我看不到在哪里。有任何想法吗?

更新
我在这方面取得了一些进展,似乎已经克服了最初的错误。用户现在已通过身份验证,但 signin-oidc 页面抛出错误
[11:33:21 INF] Request starting HTTP/1.1 POST http://mvcportal.co.uk/signin-oidc application/x-www-form-urlencoded 1565
[11:33:21 INF] AuthenticationScheme: Cookies signed in.
[11:33:21 INF] Request finished in 684.8425ms 302
[11:33:27 INF] Request starting HTTP/1.1 POST http://mvcportal.co.uk/signin-oidc application/x-www-form-urlencoded 1565
[11:33:27 ERR] Message contains error: 'invalid_grant', error_description: 'error_description is null', error_uri: 'error_uri is null', status code '400'.

我有一个有效的 JWT,但我注意到 idp 不等于发行者。那是对的吗?
{
"nbf": 1508758474,
"exp": 1508758774,
"iss": "http://myproxiedlogonsitebehindnginx.co.uk",
"aud": "mvc.portal",
"nonce": "636443552746808541.MGVjMzk2NTEtYmYwNS00NmQwLTllOTQtZDVjNjdlYTA2YWVlYTQ3Zjg1NjgtZDA1Yi00NDE0LWJiYmYtMjM4YzI1NjZlYTcx",
"iat": 1508758474,
"c_hash": "kG7wG8vSgRe5zdriHQ6iMA",
"sid": "c9410ee8f27b69c32e43d5ac3d407f37",
"sub": "e80fb854-cab2-4381-8057-19de0fea73f4",
"auth_time": 1508757008,
"idp": "local",
"amr": [
"pwd"
]
}

更新 2
如果有帮助,这是 idsrv 上的客户端配置
new Client
{
ClientId = "mvc.portal",
ClientName = "Customer Portal",
ClientUri = customerPortalBaseUri,

ClientSecrets =
{
new Secret("21f51463-f436-4a84-92ce-1b520dd63a81".Sha256())
},

AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowAccessTokensViaBrowser = false,

RedirectUris = { $"{customerPortalBaseUri}/signin-oidc"},
FrontChannelLogoutUri = $"{customerPortalBaseUri}/signout-oidc",
PostLogoutRedirectUris = { $"{customerPortalBaseUri}/signout-callback-oidc" },

AllowOfflineAccess = true,

RequireConsent = false,

AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email
}
}

这是客户端/门户配置
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "http://myproxiedlogonsitebehindnginx.co.uk";
options.RequireHttpsMetadata = false;
options.ClientId = "mvc.portal";
options.ClientSecret = "21f51463-f436-4a84-92ce-1b520dd63a81";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
});

更新 3
所以现在我确信它与部署有关,因为如果我在本地机器上运行 mvc 应用程序但在容器中使用部署的 idsvr(在 nginx 后面),我可以毫无问题地进行身份验证,但是如果我尝试容器化门户的版本我仍然得到一个未处理的 500 没有被记录,然后如果我重试该操作,我会得到这个记录:
[11:22:51 INF] Request starting HTTP/1.1 POST http://mvcportal.co.uk/signin-oidc application/x-www-form-urlencoded 1559
[11:22:51 ERR] Message contains error: 'invalid_grant', error_description: 'error_description is null', error_uri: 'error_uri is null', status code '400'.
[11:22:51 ERR] Exception occurred while processing message.
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant'], error_description: 'error_description is null', error_uri: 'error_uri is null'.

最佳答案

我遇到了同样的问题,并通过添加以下内容解决了它:

.AddAspNetIdentity<ApplicationUser>();


services.AddIdentityServer()

在 Startup.cs

关于asp.net-identity - IdentityServer4 - 缺少子声明,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46884549/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com