ASP.NET Core 3.1 MVC AddOpenIDConnect 与 IdentityServer3

Posted 2023-03-27

【中文标题】ASP.NET Core 3.1 MVC AddOpenIDConnect 与 IdentityServer3

【英文标题】：ASP.NET Core 3.1 MVC AddOpenIDConnect with IdentityServer3

【发布时间】：2020-06-18 17:24:08

【问题描述】：

对于这个问题的任何帮助将不胜感激。我在这件事上浪费了几天时间。

使用 IdentityServer3 对 ASP.NET Core 3.1 MVC 应用程序进行身份验证会导致运行时错误。身份服务器返回错误

客户端应用程序未知或未经授权

而不是登录屏幕。我们有一个 ASP.NET MVC 5 应用程序和一个 ASP.NET Core API，可以与身份服务器完美配合。

我的方法是在 .NET Core 中重写 ASP.NET MVC 5 代码。我已尽我所能，但找不到任何有关如何进行此类翻译的文档。详情请看下面我的代码sn-ps。

工作 ASP.NET MVC 5 代码：

    //***
    //commented all code that was not needed to get login screen to show up
    //***
    public void Configuration(IAppBuilder app)
    
        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        
            AuthenticationType = "Cookies",
            ExpireTimeSpan = new TimeSpan(0, 300, 0),
            SlidingExpiration = true
        );

        var clientBaseUrl = ConfigurationManager.AppSettings[ClientBaseUrlKey];
        var identityServerBaseUrl = ConfigurationManager.AppSettings[IdentityServerBaseUrlKey];

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        
            Authority = identityServerBaseUrl,
            ClientId = WebSettings.ClientId,
            ResponseType = "code id_token token",
            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false//,
            RedirectUri = $"clientBaseUrl/",
            //PostLogoutRedirectUri = clientBaseUrl,
            //Scope = "openid profile roles admin_certpay",

            //Notifications = new OpenIdConnectAuthenticationNotifications
            //

...为简洁起见已删除... );

有问题的 ASP.NET Core 3.1 MVC 代码：

public void ConfigureServices(IServiceCollection 服务) services.AddControllersWithViews();

        services.AddAuthentication(options =>
        
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = "Cookies";
        ).AddCookie("Cookies")
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
        
            o.Authority = "http://localhost/identity/";
            o.ClientId = "actual value used here";
            o.ResponseType = "code id_token token"; 
            o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            o.UseTokenLifetime = false;
            //start - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
            o.SignedOutRedirectUri = "http://localhost/CertPay.Admin/";
            o.ReturnUrlParameter = "http://localhost/CertPay.Admin/";
            //end - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
            o.RequireHttpsMetadata = false; //fix to runtime error
        );

        //Played with Core API fix for the hell of it.
        //.AddIdentityServerAuthentication(o =>
        //
        //    o.Authority = "http://localhost/identity/";
        //    //o.ApiName = "actual value here";
        //    o.LegacyAudienceValidation = true;
        //    o.RequireHttpsMetadata = true;
        //);

【参考方案1】：

Pedro The Kid 在this thread 上提供的答案解决了我的问题。可以通过添加事件侦听器来补偿 RedirectUri 属性的删除。为方便起见，摘自佩德罗的以下内容：

x.Events.OnRedirectToIdentityProvider = async n =>

    n.ProtocolMessage.RedirectUri = <Redirect URI string>;
    await Task.FromResult(0);

编辑： 上述解决方案实际导致登录页面多次加载无限循环。以下解决方案不会导致该问题：

o.CallbackPath = "/home/index/";