IdentityManager sécurisé avec IdentityServer3

Question

Dans ma configuration, j'ai IdentityManager sur le même hôte IdentityServer. Toute la configuration requise est sur la base de données.

Pour créer ma configuration, j'ai pris en considération this question sur stackoverflow.com et j'ai suivi toutes les discussions concernant ce github issue.

Je me suis également abonné à Gitter pour trouver la conversation mentionnée sur la question SO référencée. Ma configuration est presque identique à celle de @ilter.

Cependant, dans mon cas, je continue à me

Error: You are not authorized to use this service.

En regardant le journal je ne trouve aucune erreur, mais il semble que tout est ok

iisexpress.exe Information: 0 : 2016-02-28 01:15:48.578 +01:00 [Information] User is not authenticated. Redirecting to login. 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.587 +01:00 [Information] End authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.588 +01:00 [Information] Redirecting to login page 
2016-02-28 01:15:48.598 +01:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",\"ClientId\":\"idmgr_client\",\"AcrValues\":[],\"Created\":635922153485649371}" 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.636 +01:00 [Information] Login page requested 
2016-02-28 01:15:48.657 +01:00 [Debug] signin message passed to login: "{ 
    \"ReturnUrl\": \"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\", 
    \"ClientId\": \"idmgr_client\", 
    \"IdP\": null, 
    \"Tenant\": null, 
    \"LoginHint\": null, 
    \"DisplayMode\": null, 
    \"UiLocales\": null, 
    \"AcrValues\": [], 
    \"Created\": 635922153485649371 
}" 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.676 +01:00 [Information] rendering login page 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.024 +01:00 [Information] Login page submitted 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.117 +01:00 [Information] Login credentials successfully validated by user service 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.123 +01:00 [Information] Calling PostAuthenticateAsync on the user service 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.127 +01:00 [Information] issuing primary signin cookie 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.131 +01:00 [Information] redirecting to: https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https:%2F%2Flocalhost:44304&response_mode=form_post&response_type=id_token&scope=openid idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request protocol validation 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.165 +01:00 [Information] "Authorize request validation success" 
"{ 
    \"ClientId\": \"idmgr_client\", 
    \"ClientName\": \"IdentityManager\", 
    \"RedirectUri\": \"https://localhost:44304\", 
    \"AllowedRedirectUris\": [ 
    \"https://localhost:44304\" 
    ], 
    \"SubjectId\": \"8029ac3e-72cb-4fc9-907b-eb99feecbbd6\", 
    \"ResponseType\": \"id_token\", 
    \"ResponseMode\": \"form_post\", 
    \"Flow\": \"Implicit\", 
    \"RequestedScopes\": \"openid idmgr\", 
    \"State\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\", 
    \"Nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\", 
    \"SessionId\": \"3c7c7e15d39b88d0989e7051b02502bd\", 
    \"Raw\": { 
    \"client_id\": \"idmgr_client\", 
    \"redirect_uri\": \"https://localhost:44304\", 
    \"response_mode\": \"form_post\", 
    \"response_type\": \"id_token\", 
    \"scope\": \"openid idmgr\", 
    \"state\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\", 
    \"nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\" 
    } 
}" 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Creating Implicit Flow response. 
2016-02-28 01:17:42.170 +01:00 [Debug] Creating identity token 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Getting claims for identity token for subject: 8029ac3e-72cb-4fc9-907b-eb99feecbbd6 
2016-02-28 01:17:42.177 +01:00 [Debug] Creating JWT identity token 
2016-02-28 01:17:42.189 +01:00 [Debug] Adding client "idmgr_client" to client list cookie for subject "8029ac3e-72cb-4fc9-907b-eb99feecbbd6" 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] End authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] Posting to https://localhost:44304 
2016-02-28 01:17:42.190 +01:00 [Debug] Using DefaultViewService to render authorization response HTML 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.438 +01:00 [Information] User is authenticated from Cookies 

Toute suggestion?

Answer 1

Il peut-être votre utilisateur n'a pas le rôle: IdentityManagerAdministrator. Dans la configuration de l'API Web d'IdentityManager, je peux voir le filtre d'autorisation suivant où le nom du rôle d'administrateur est IdentityManagerAdministrator. Essayez d'ajouter cette revendication de rôle à votre utilisateur connecté ou modifiez le filtre pour vérifier tout autre rôle de votre utilisateur actuel.

Answer 2

il semble que vous n'avez pas le rôle Admin correct

vous pouvez spécifier le AdminRoleName dans le SecurityConfiguration

app.Map("/idm", manageApp => { 
    manageApp.UseIdentityManager(new IdentityManagerOptions { 
     SecurityConfiguration = new HostSecurityConfiguration { 
      // Identity Manager Role 
      AdminRoleName = "IdmAdmin" 
     } 
    }); 
});