我已经安装了 Duende Identity Server,它可以与 WebAPI 和 React 应用程序配合使用。
我正在尝试制作一个 Blazor 应用程序。
服务器端是这样设置的
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie()
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://account.wherever.co.uk";
options.ClientId = "blazor_experiments";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = false;
options.Scope.Add("openid");
options.Scope.Add("profile"); // IdentityResourceClaims means this gets role.
options.Scope.Add("offline_access"); // Causes refresh token to be provided.
options.GetClaimsFromUserInfoEndpoint = true;
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
// Logging correlation ID.
context.Request.Headers.Add(LoggerScopeMiddleware.LogCorrelationIdHeaderName, context.HttpContext.TraceIdentifier);
// Done.
return Task.FromResult(0);
}
};
options.CallbackPath = "/signin-oidc";
options.SignedOutCallbackPath = "/signout-callback-oidc";
});
当我运行应用程序时,主页会加载,并且有一个指向需要授权的页面的链接,该链接会按预期触发 OIDC 流程:
authorize
端点并显示登录表单,然后我登录/signin-oidc
,设置 cookie .AspNetCore.CookiesC1
、.AspNetCore.CookiesC2
和 .AspNetCore.CookiesC3
。GET
请求被发送到授权页面(据我所知,带有三个 cookie),但它再次触发 OIDC 流,并且这会继续循环,直到 IdentityServer 最终回复 429(请求太多) .项目控制台包含大量消息:
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector: Trace: Performing protect operation to key {bb49856c-dd11-4a42-89c0-ff06d8421485} with purposes ('MyApplication', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'oidc', 'v1').
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector: Trace: Performing protect operation to key {bb49856c-dd11-4a42-89c0-ff06d8421485} with purposes ('MyApplication', 'Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler', 'System.String', 'oidc', 'v1').
我有
builder.Services.AddDataProtection()...
在我的启动中,配置与 IdentityServer 和它正在运行的 webAPI 项目相同。
我也尝试过不使用它和使用
builder.Services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"C:\Work\AspNetCoreDataProtection"))
.SetApplicationName("BlazorThing");
但这没有什么区别。有什么想法 WTF 正在发生吗?
app.UseAuthentication();
app.UseAuthorization();
方向错误。 UseAuthentication
UseAuthorization
。