1. Accueil
  2. Question et réponse
  3. UseOpenIdConnectServer ne fonctionne pas

UseOpenIdConnectServer ne fonctionne pas

2017-08-28 7 views
0

Je viens de mettre à jour mon noyau dotnet application WebAPI de netcoreapp1.0 à netcoreapp2.0. J'utilise openiddict pour l'authentification et l'autorisation basée sur ce sample.UseOpenIdConnectServer ne fonctionne pas

ConfigureServices méthode:

 public void ConfigureServices(IServiceCollection services) 
     { 
      services.AddCors(); 
      services.AddMvc().AddJsonOptions(options => 
       { 
        options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver(); 
       }); 

      services.AddDbContext<ApplicationDbContext>(options => 
      {     
       options.UseSqlServer(@"Server=SERVER1;Database=DB1;User Id=BLAHBLAH;Password=BLAHBLAHBLAH;");     
       options.UseOpenIddict(); 
      }); 

      services.AddIdentity<ApplicationUser, IdentityRole>() 
       .AddEntityFrameworkStores<ApplicationDbContext>() 
       .AddDefaultTokenProviders(); 

      services.Configure<IdentityOptions>(options => 
      { 
       options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; 
       options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; 
       options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;     
      }); 

      services.AddOpenIddict(options => 
      {     
       options.AddEntityFrameworkCoreStores<ApplicationDbContext>();     
       options.AddMvcBinders(); 
       options.EnableTokenEndpoint("/connect/token"); 
       options.AllowPasswordFlow(); 
       options.DisableHttpsRequirement(); 
       options.SetAccessTokenLifetime(TimeSpan.FromMinutes(5)); 
      }); 

      services.AddAuthentication() 
       .AddOAuthValidation(); 

     }

procédé Configurer:

 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) 
     { 
      loggerFactory.AddConsole(Configuration.GetSection("Logging")); 
      loggerFactory.AddDebug(); 

      app.UseCors(b => b.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());  

      app.UseOpenIdConnectServer(configuration => {     
       configuration.AllowInsecureHttp = true;          
       configuration.Provider = new AuthorizationProvider(); 
      });    
      app.UseAuthentication();     
      app.UseMvc(); 
     }

Le AuthorizationProvider classe:

public sealed class AuthorizationProvider : OpenIdConnectServerProvider 
    {    
     public AuthorizationProvider() 
     { 

     } 

     public override async Task ApplyTokenResponse(ApplyTokenResponseContext context) 
     {   
      if (string.IsNullOrEmpty(context.Error)) 
      { 
       var role = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Role).Value; 
       var userName = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Name).Value; 
       context.Response["role"] = role; 
       context.Response["userName"] = userName; 
       context.Response[".issued"] = DateTime.Now.ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'"); 
       context.Response[".expires"] = DateTime.Now.AddHours(8).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");  
      } 

      return; 
     } 
    }

Le code suivant ne fonctionne pas:

app.UseOpenIdConnectServer(configuration => {     
    configuration.AllowInsecureHttp = true;     
    configuration.Provider = new AuthorizationProvider(); 
});

Il dit 'IApplicationBuilder' ne contient pas une définition pour 'UseOpenIdConnectServer' et aucune méthode d'extension 'UseOpenIdConnectServer' accepter un premier argument de type ' IApplicationBuilder 'peut être trouvé (manque-t-il une directive using ou une référence d'assembly?)

Comment le résoudre? Quelle est la méthode alternative pour ajouter un fournisseur personnalisé?

Source

2017-08-28 Amar Duplantier

Répondre

0

ASP.NET Core 2.0 a un nouveau modèle pour l'authentification et l'identité qui simplifie la configuration en utilisant les services et ci-dessous est le guide de migration

Migrating Authentication and Identity to ASP.NET Core 2.0

dans Configurer le changement de méthode cette

app.UseOpenIdConnectServer(configuration => {     
    configuration.AllowInsecureHttp = true;     
    configuration.Provider = new AuthorizationProvider(); 
});

Pour cela

app.UseAuthentication();

a nd dans ConfigureServices ajouter le code ci-dessous

services.AddAuthentication(options => { 
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; 
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; 
}) 
.AddCookie() 
.AddOpenIdConnect(options => { 
    options.Authority = Configuration["auth:oidc:authority"]; 
    options.ClientId = Configuration["auth:oidc:clientid"]; 
});

Source

2017-08-28 07:17:31 Sriram

+0

Cela ne ferait qu'ajouter OpenIdConnect à l'application. Mais comment ajouter un fournisseur personnalisé à OpenIdConnect comme je l'ai mentionné dans UseOpenIdConnectServer? –

+0

essayez de trouver la configuration disponible avec les options AddOpenIdConnect – Sriram

1

Comme par github page with examples

La bonne façon de le faire dans Startup.cs est comme suit.(pasting my sample code for your reference. You can re-factor based on your need) Il devrait être à l'intérieur ConfigureServices méthode

services.AddAuthentication(options => 
    { 
     options.DefaultScheme = "ServerCookie"; 
    }) 
    .AddCookie("ServerCookie", options => 
    { 
     options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie"; 
     options.ExpireTimeSpan = TimeSpan.FromMinutes(5); 
     options.LoginPath = new PathString("/login"); 
     options.LogoutPath = new PathString("/logout"); 
    }) 
    .AddOAuthValidation() 
    .AddOpenIdConnectServer(options => 
    { 
     options.ProviderType = typeof(AuthorizationProvider); 

     // Enable the authorization, logout, token and userinfo endpoints. 
     options.AuthorizationEndpointPath = "/connect/authorize"; 
     options.LogoutEndpointPath = "/connect/logout"; 
     options.TokenEndpointPath = new PathString("/Login");//"/connect/token"; 
     options.UserinfoEndpointPath = "/connect/userinfo"; 

     // Note: see AuthorizationController.cs for more 
     // information concerning ApplicationCanDisplayErrors. 
     options.ApplicationCanDisplayErrors = true; 
     options.AllowInsecureHttp = true; 

     // Note: to override the default access token format and use JWT, assign AccessTokenHandler: 
     // 
     // options.AccessTokenHandler = new JwtSecurityTokenHandler 
     // { 
     //  InboundClaimTypeMap = new Dictionary<string, string>(), 
     //  OutboundClaimTypeMap = new Dictionary<string, string>() 
     // }; 
     // 
     // Note: when using JWT as the access token format, you have to register a signing key. 
     // 
     // You can register a new ephemeral key, that is discarded when the application shuts down. 
     // Tokens signed using this key are automatically invalidated and thus this method 
     // should only be used during development: 
     // 
     // options.SigningCredentials.AddEphemeralKey(); 
     // 
     // On production, using a X.509 certificate stored in the machine store is recommended. 
     // You can generate a self-signed certificate using Pluralsight's self-cert utility: 
     // https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip 
     // 
     // options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75"); 
     // 
     // Alternatively, you can also store the certificate as an embedded .pfx resource 
     // directly in this assembly or in a file published alongside this project: 
     // 
     // options.SigningCredentials.AddCertificate(
     //  assembly: typeof(Startup).GetTypeInfo().Assembly, 
     //  resource: "Mvc.Server.Certificate.pfx", 
     //  password: "Owin.Security.OpenIdConnect.Server"); 
    }); 
    services.AddScoped<AuthorizationProvider>();

Ensuite, l'intérieur de votre méthode configure

app.UseAuthentication();

où l'application est IApplicationBuilder

Source

2017-08-28 07:39:59 immirza

0

Regardez ici

public void ConfigureServices(IServiceCollection services) 
    { 
     services.AddEntityFrameworkInMemoryDatabase() 
      .AddDbContext<ApplicationContext>(options => 
      { 
       options.UseInMemoryDatabase(nameof(ApplicationContext)); 
      }); 

     services.AddAuthentication(options => 
     { 
      options.DefaultScheme = "ServerCookie"; 
     }) 

     .AddCookie("ServerCookie", options => 
     { 
      options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie"; 
      options.ExpireTimeSpan = TimeSpan.FromMinutes(5); 
      options.LoginPath = new PathString("/signin"); 
      options.LogoutPath = new PathString("/signout"); 
     }) 

     .AddGoogle(options => 
     { 
      options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com"; 
      options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f"; 
     }) 

     .AddTwitter(options => 
     { 
      options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g"; 
      options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI"; 
     }) 

     .AddOAuthValidation() 

     .AddOpenIdConnectServer(options => 
     { 
      options.ProviderType = typeof(AuthorizationProvider); 

      // Enable the authorization, logout, token and userinfo endpoints. 
      options.AuthorizationEndpointPath = "/connect/authorize"; 
      options.LogoutEndpointPath = "/connect/logout"; 
      options.TokenEndpointPath = "/connect/token"; 
      options.UserinfoEndpointPath = "/connect/userinfo"; 

      // Note: see AuthorizationController.cs for more 
      // information concerning ApplicationCanDisplayErrors. 
      options.ApplicationCanDisplayErrors = true; 
      options.AllowInsecureHttp = true; 

      // Note: to override the default access token format and use JWT, assign AccessTokenHandler: 
      // 
      // options.AccessTokenHandler = new JwtSecurityTokenHandler 
      // { 
      //  InboundClaimTypeMap = new Dictionary<string, string>(), 
      //  OutboundClaimTypeMap = new Dictionary<string, string>() 
      // }; 
      // 
      // Note: when using JWT as the access token format, you have to register a signing key. 
      // 
      // You can register a new ephemeral key, that is discarded when the application shuts down. 
      // Tokens signed using this key are automatically invalidated and thus this method 
      // should only be used during development: 
      // 
      // options.SigningCredentials.AddEphemeralKey(); 
      // 
      // On production, using a X.509 certificate stored in the machine store is recommended. 
      // You can generate a self-signed certificate using Pluralsight's self-cert utility: 
      // https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip 
      // 
      // options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75"); 
      // 
      // Alternatively, you can also store the certificate as an embedded .pfx resource 
      // directly in this assembly or in a file published alongside this project: 
      // 
      // options.SigningCredentials.AddCertificate(
      //  assembly: typeof(Startup).GetTypeInfo().Assembly, 
      //  resource: "Mvc.Server.Certificate.pfx", 
      //  password: "Owin.Security.OpenIdConnect.Server"); 
     }); 

     services.AddScoped<AuthorizationProvider>(); 

     services.AddMvc(); 

     services.AddDistributedMemoryCache(); 
    }

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/blob/dev/samples/Mvc/Mvc.Server/Startup.cs#L29

Source

2017-10-02 19:08:18 Dominic

 Questions connexes

  • Aucun problème connexe^_^