今天我使用identityserver4的demo搭建了一个验证服务器,我可以使用asp.net core客户端用openid登录客户端。
但是我的asp.net mvc5客户端无法用openid登录,提示的错误是:invalid_request,
这是我的带有 getclient() 的 identityserver4 配置代码
// clients want to access resources (aka scopes)
public static IEnumerable<Client> GetClients()
{
// client credentials client
return new List<Client>
{
// OpenID Connect hybrid flow and client credentials client (MVC)
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
RequireConsent = true,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
};
}
}
以下代码是我的 asp.net mvc5 客户端 ConfigureAuth(),因为 idenetiyServer4 定义了 ClientSecrets 是“secret”.Sha256(),所以在这个 mvc 客户端中,我设置了 ClientSecret = GetSHA256HashFromString(“secret”),我创建使用 GetSHA256HashFromString() 方法将字符串转换为 sha256。
这是我的代码:
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = "http://localhost:5000", //ID Server SSO Server
ClientId = "mvc",
ClientSecret = GetSHA256HashFromString("secret"),
ResponseType = "code id_token",
RedirectUri = "http://localhost:5002/signin-oidc", //URL of Client website
PostLogoutRedirectUri = "http://localhost:5002/signout-callback-oidc", //URL of Client website
Scope = "api1",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
RequireHttpsMetadata = false,
});
然后我按 f5 运行 mvc 客户端,然后按登录按钮,浏览器可以跳转到 localhost:5000,但它给了我一个错误:
Sorry, there was an error : invalid_request and the other error info are : Request Id: 0HL9RHBTJIT3T:00000003**
多谢。
最佳答案
ClientSecret 的值应该是 实际 secret 值 而不是散列值。
当您使用持久数据存储以防止攻击者获取您的客户端的 secret 时, secret 将存储为哈希,以防万一您的存储遭到破坏。
在您的情况下, secret 值是“ secret ”。所以代码将是
ClientSecret = " secret "
关于asp.net-mvc-4 - 从 identityserver4 登录的 asp.net mvc 出现 invalid_request 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47645655/