个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
29
4
我试图让 IdentityServer4 与 appsettings.json 一起工作,为混合授权类型指定一个客户端 secret 。
结束this article说如果我想把它放在 appsettings.json 中,我需要 sha256 哈希然后 base64 编码 secret 。所以拿着这个 secret “ secret ”,把它通过https://emn178.github.io/online-tools/sha256.html得到“2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b”,base64 编码为“MmJiODBkNTM3YjFkYTNlMzhiZDMwMzYxYZNJWMzYxYZNJ2Y1WJNZTImZTImZY1WJNZY1WJNZY1WZY1WZY1WZY1WJNZY1WZJNZY1WJNZY1WJNZ1WZY1WJNZY1WJNZJNZY1WZJNZY1WJ1WZJNZ1WZY1WZ100000000000000000这使我的 mvc 客户端的 appsettings.json 看起来像这样
{
...
"ClientSecrets": [ {
"Value": "MkJCODBENTM3QjFEQTNFMzhCRDMwMzYxQUE4NTU2ODZCREUwRUFDRDcxNjJGRUY2QTI1RkU5N0JGNTI3QTI1Qg=="
} ],
...
}
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = Configuration["OpenIdConnectAuthority"];
options.ClientId = "xxx-mvc";
options.ClientSecret = "secret";
options.RemoteAuthenticationTimeout = TimeSpan.FromHours(2);
options.ResponseType = "code id_token";
options.RequireHttpsMetadata = !Environment.IsDevelopment();
options.Scope.Clear();
options.Scope.Add("openid profile");
options.CallbackPath = new PathString("/signin-callback-oidc");
options.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
options.SignedOutRedirectUri = new PathString("/");
options.ClaimsIssuer = OpenIdConnectDefaults.AuthenticationScheme;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name
};
})
fail: IdentityServer4.Validation.ClientSecretValidator[0]
Client secret validation failed for client: xxx-mvc.
Secret: no description uses invalid hashing algorithm.
options.ClientSecret = "secret";在 mvc 端,身份服务器日志
Hashed shared secret validator cannot process NoSecret所以我知道配置正在被接受。
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
trce: IdentityServer4.Endpoints.DiscoveryEndpoint[0]
Processing discovery request.
dbug: IdentityServer4.Endpoints.DiscoveryEndpoint[0]
Start discovery request
trce: IdentityServer4.Endpoints.DiscoveryEndpoint[0]
Calling into discovery response generator: IdentityServer4.ResponseHandling.DiscoveryResponseGenerator
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.DiscoveryDocumentResult
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
trce: IdentityServer4.Endpoints.DiscoveryKeyEndpoint[0]
Processing discovery request.
dbug: IdentityServer4.Endpoints.DiscoveryKeyEndpoint[0]
Start key discovery request
trce: IdentityServer4.Endpoints.DiscoveryKeyEndpoint[0]
Calling into discovery response generator: IdentityServer4.ResponseHandling.DiscoveryResponseGenerator
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.JsonWebKeysResult
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/authorize matched to endpoint type Authorize
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Start authorize request
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
User in authorize request: 3a28f734-5d49-49e0-a28c-c851adfb4bf6
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Start authorize request protocol validation
trce: IdentityServer4.Stores.ValidatingClientStore[0]
Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client xxx-mvc succeeded.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Checking for PKCE parameters
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
No PKCE used.
dbug: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
trce: IdentityServer4.Validation.AuthorizeRequestValidator[0]
Authorize request protocol validation successful
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
ValidatedAuthorizeRequest
{
"ClientId": "xxx-mvc",
"ClientName": "xxx MVC Client",
"RedirectUri": "http://localhost:4500/signin-callback-oidc",
"AllowedRedirectUris": [
"http://localhost:4500/signin-callback-oidc"
],
"SubjectId": "3a28f734-5d49-49e0-a28c-c851adfb4bf6",
"ResponseType": "code id_token",
"ResponseMode": "form_post",
"GrantType": "hybrid",
"RequestedScopes": "openid profile",
"State": "CfDJ8BvOOrOwFENEmcvniNGXxvPnb1gKLB_qQdpSkS5FI88I3vvopAgk9v23GYrBOce_S5PeDsBUzYEj28zpC__y1Q8ZcU2LE9vf7x9pBvmqltXBBdp4zRbhV52iiTEtfpj-MyvDrMTUWR1jCx_b4CmdObvZdVdqf3KvUKO6dCJvPVP5G0OBG6jkuWUvsQnm8uUTE28XBrhwMIn_3D1ns2BgShqtV6j9G7HzatthP-yg9tDV198xILScflYHAgNPWGiJUZcZoar1_FSi9ynxlJSonnkuAw6epwPYk1lvIKZrK5ofTHizmOBUHI_b-xyVXIzoQw",
"Nonce": "637027688717360370.ODBiYTgwZGMtNjRhYy00NmE4LWI3MDAtYWY4MTcxMmNkMmNjYmYwYjY1ZDUtMTUyYy00YjFlLWE2ZmMtNTdkM2YzMDY3NTAy",
"SessionId": "3b0abfecf91a43a58e3f24ccb6ff1351",
"Raw": {
"client_id": "xxx-mvc",
"redirect_uri": "http://localhost:4500/signin-callback-oidc",
"response_type": "code id_token",
"scope": "openid profile",
"response_mode": "form_post",
"nonce": "637027688717360370.ODBiYTgwZGMtNjRhYy00NmE4LWI3MDAtYWY4MTcxMmNkMmNjYmYwYjY1ZDUtMTUyYy00YjFlLWE2ZmMtNTdkM2YzMDY3NTAy",
"state": "CfDJ8BvOOrOwFENEmcvniNGXxvPnb1gKLB_qQdpSkS5FI88I3vvopAgk9v23GYrBOce_S5PeDsBUzYEj28zpC__y1Q8ZcU2LE9vf7x9pBvmqltXBBdp4zRbhV52iiTEtfpj-MyvDrMTUWR1jCx_b4CmdObvZdVdqf3KvUKO6dCJvPVP5G0OBG6jkuWUvsQnm8uUTE28XBrhwMIn_3D1ns2BgShqtV6j9G7HzatthP-yg9tDV198xILScflYHAgNPWGiJUZcZoar1_FSi9ynxlJSonnkuAw6epwPYk1lvIKZrK5ofTHizmOBUHI_b-xyVXIzoQw",
"x-client-SKU": "ID_NETSTANDARD2_0",
"x-client-ver": "5.3.0.0"
}
}
trce: IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator[0]
ProcessInteractionAsync
dbug: IdentityServer4.Services.DefaultConsentService[0]
Client is configured to not require consent, no consent is required
dbug: IdentityServer4.ResponseHandling.AuthorizeResponseGenerator[0]
Creating Hybrid Flow response.
dbug: IdentityServer4.EntityFramework.Stores.PersistedGrantStore[0]
GpVcH5oK1O8xEaWazwBmHumW8moTQsBnVATxPiUxIfs= not found in database
dbug: IdentityServer4.ResponseHandling.AuthorizeResponseGenerator[0]
Creating Implicit Flow response.
trce: IdentityServer4.Services.DefaultTokenService[0]
Creating identity token
dbug: IdentityServer4.Services.DefaultClaimsService[0]
Getting claims for identity token for subject: 3a28f734-5d49-49e0-a28c-c851adfb4bf6 and client: xxx-mvc
dbug: IdentityServer4.Services.DefaultClaimsService[0]
In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.
trce: IdentityServer4.Services.DefaultTokenService[0]
Creating JWT identity token
trce: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Identity token issued for xxx-mvc (xxx MVC Client) / 3a28f734-5d49-49e0-a28c-c851adfb4bf6: eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc3ODc1NWJmMmZkMWRiZWVmNjZkZDdmZjY2YmM5NjBlIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NjcxNzIwNzEsImV4cCI6MTU2NzE3MjM3MSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDAwIiwiYXVkIjoibW9uZXRlZXItbXZjIiwibm9uY2UiOiI2MzcwMjc2ODg3MTczNjAzNzAuT0RCaVlUZ3daR010TmpSaFl5MDBObUU0TFdJM01EQXRZV1k0TVRjeE1tTmtNbU5qWW1Zd1lqWTFaRFV0TVRVeVl5MDBZakZsTFdFMlptTXROVGRrTTJZek1EWTNOVEF5IiwiaWF0IjoxNTY3MTcyMDcxLCJjX2hhc2giOiJNR3A5SzlLSm5KRTFaZW83YndoNG5BIiwic2lkIjoiM2IwYWJmZWNmOTFhNDNhNThlM2YyNGNjYjZmZjEzNTEiLCJzdWIiOiIzYTI4ZjczNC01ZDQ5LTQ5ZTAtYTI4Yy1jODUxYWRmYjRiZjYiLCJhdXRoX3RpbWUiOjE1NjcxNjk2NTAsImlkcCI6ImxvY2FsIiwiYW1yIjpbInB3ZCJdfQ.p9LKUCqmK8fjlznJtU5NGgtKE2fsSnxx8EW2ngu2pw-eSJXsuvI7t6FkxlHw6joVG178JXGfMY4BXt83binl9li3NLjzjJC7k8_07QUL_fknYB05rwhfAH995mxqXTV1A5n8ppjXzXcixAkVaA1Cxgb7mvqqfVHqRY2ra-MeIa7Esew5CiTeerlMT87wdWbIMmbK84TGSM26jLN1Uav6YYB-8Lonu2hcS3s4LXLS42bvy04Uc-UUOXcxK0LDgQu-stWfFjr9tYeoIefsgZIOJaEDtgwulExhNWTrPlFF5k9qYyYv4keKM_1dckP47-B4TR5m_1PEzGNeSJb48RwrXQ
trce: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Code issued for xxx-mvc (xxx MVC Client) / 3a28f734-5d49-49e0-a28c-c851adfb4bf6: 05331f140cb9626a391f6033d1ab6396711b614cdab5f224024336aa94f996f4
dbug: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Authorize endpoint response
{
"SubjectId": "3a28f734-5d49-49e0-a28c-c851adfb4bf6",
"ClientId": "xxx-mvc",
"RedirectUri": "http://localhost:4500/signin-callback-oidc",
"State": "CfDJ8BvOOrOwFENEmcvniNGXxvPnb1gKLB_qQdpSkS5FI88I3vvopAgk9v23GYrBOce_S5PeDsBUzYEj28zpC__y1Q8ZcU2LE9vf7x9pBvmqltXBBdp4zRbhV52iiTEtfpj-MyvDrMTUWR1jCx_b4CmdObvZdVdqf3KvUKO6dCJvPVP5G0OBG6jkuWUvsQnm8uUTE28XBrhwMIn_3D1ns2BgShqtV6j9G7HzatthP-yg9tDV198xILScflYHAgNPWGiJUZcZoar1_FSi9ynxlJSonnkuAw6epwPYk1lvIKZrK5ofTHizmOBUHI_b-xyVXIzoQw",
"Scope": "openid profile"
}
trce: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
End authorize request. result type: IdentityServer4.Endpoints.Results.AuthorizeResult
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.AuthorizeResult
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
trce: IdentityServer4.Endpoints.TokenEndpoint[0]
Processing token request.
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.PostBodySecretParser[0]
Start parsing for secret in post body
dbug: IdentityServer4.Validation.SecretParser[0]
Parser found secret: PostBodySecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
Secret id found: xxx-mvc
trce: IdentityServer4.Stores.ValidatingClientStore[0]
Calling into client configuration validator: IdentityServer4.Validation.DefaultClientConfigurationValidator
dbug: IdentityServer4.Stores.ValidatingClientStore[0]
client configuration validation for client xxx-mvc succeeded.
dbug: IdentityServer4.Validation.HashedSharedSecretValidator[0]
No matching hashed secret found.
dbug: IdentityServer4.Validation.SecretValidator[0]
Secret validators could not validate secret
fail: IdentityServer4.Validation.ClientSecretValidator[0]
Client secret validation failed for client: xxx-mvc.
trce: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking result: IdentityServer4.Endpoints.Results.TokenErrorResult
最佳答案
您可以在 IdentityServer4.Models.HashExtensions 中使用 Identity Server 4 的算法.
在一个应用程序中运行以下方法:
public string Sha256(string input)
{
using (var sha = SHA256.Create())
{
var bytes = Encoding.UTF8.GetBytes(input);
var hash = sha.ComputeHash(bytes);
return Convert.ToBase64String(hash);
}
}
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=如果密码是
secret .将该值放入 application.json 应该可以:
"ClientSecrets": [ { "Value": "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=" } ],
关于asp.net-core - 带有 IdentityServer4 的 appsettings.json 中的 ClientSecret,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57727842/
29
4
0
主要思想是将 EF Core nuget 包添加到 .NET Core 库项目,然后在一堆应用程序(例如 ASP.NET Core、Win 服务、控制台应用程序)中使用该库,而无需在每个应用程序中配置
我想要实现的是编写一个简单的.net核心后台工作程序(.net core 3.1)的代码,在该工作程序作为Windows服务运行时,我在其中将数据写入SQL Server数据库(通过EF Core 3
关于 .Net Core SDK download page 二进制文件有什么用?它与安装程序有何不同? 最佳答案 二进制文件是 .NET Core 的编译代码。它们拥有运行 .NET Core 所需
.NET Core 和 Entity Framework Core 之间的区别?我们可以在 .NET Core 中使用 Entity Framework Core 吗?两者都有什么优势? 最佳答案 E
.NET Core 和 ASP.NET Core 到底有什么区别? 它们是相互排斥的吗?我听说 ASP.NET Core 是基于 .NET Core 构建的,但它也可以基于完整的 .NET 框架构建。
我对 ASP.NET Core 开发完全陌生。我正在尝试使用单个模型和 mysql 创建一个简单的 asp.net core Web api 来存储模型数据,然后我想使用 Swagger 将其作为 R
.NET Core 和 Entity Framework Core 之间的区别?我们可以在 .NET Core 中使用 Entity Framework Core 吗?两者都有什么优势? 最佳答案 E
好吧,作为一个新的 .net 开发生态系统,我有点迷失在核心工具、版本等方面。 有人可以解释我之间的区别吗 VS 2015 核心工具预览版 x - See here .NET Core/SDK 与否
我已阅读有关如何通过信号器核心集线器从后台服务向客户端发送通知的文档。如何从客户端接收到后台服务的通知? 后台服务应该只是一个单例。 public class Startup { public
关闭。这个问题是opinion-based .它目前不接受答案。 想改善这个问题吗?更新问题,以便可以通过 editing this post 用事实和引文回答问题. 4年前关闭。 Improve t
非常简单的问题: 我正在尝试创建一个像这样的谓词构建器: var predicate = PredicateBuilder.False(); 但似乎在Net Core和EF Core中不可用。
在 .NET Core 自包含应用程序 中...我们需要在 project.json 中指定运行时 (RID) 我们希望我们的应用程序针对...发布为什么会这样? .NET Core 是跨平台的,与我
如何用 iCloud Core Data 替换我现有的 Core Data?这是我的持久商店协调员: lazy var persistentStoreCoordinator: NSPersistent
关闭。这个问题是opinion-based 。目前不接受答案。 想要改进这个问题吗?更新问题,以便 editing this post 可以用事实和引文来回答它。 . 已关闭 2 年前。 Improv
今天我正在学习新的 ASP.net 核心 API 3.1,我想将我的旧网站从 MVC4 转移到 Web API。除了一件事,一切都很好。数据库连接。在我的旧网站中,我为每个客户端(10/15 数据库)
我在 Visual Studio 2015 Update 3 和 .NET Core 1.0 中工作。我有一个 .NETCoreApp v1.0 类型的 Web API 项目。当我添加一个 .NET
我一直在尝试遵循 Ben Cull ( http://benjii.me/2016/06/entity-framework-core-migrations-for-class-library-proj
当我打开我的 vs 代码程序时,我收到以下消息: 无法找到 .NET Core SDK。 .NET Core 调试将不会启用。确保 .NET Core SDK 已安装并且在路径上。 如果我安装甚至卸载
我偶然发现了一个非常奇怪的问题。每当 Web 应用程序启动时,dotnet.exe 都会使用相当多的内存(大约 300M)。然而,当它触及某些部分时(我感觉这与 EF Core 使用有关),它会在短时
ASP.NET Core Web (.NET Core) 与 ASP.NET Core Web (.NET Framework) 有什么区别? .NET Framework 是否提供 similar
我是一名优秀的程序员,十分优秀!