0%

IdentityServer使用指南

DotHass.Lobby.Domain\IdentityServer\IdentityServerDataSeedContributor.cs 中 CreateClientsAsync()

会在dataseed的时候生成默认数据

When I try to send a HTTPS POST request from a desktop (Servers are in production environment) the following message is displayed inside the console :

1
Error: unable to verify the first certificate

After: Postman -> Preferences -> General -> SSL certificate validation -> OFF it works

https://localhost:5000/.well-known/openid-configuration

  1. http://localhost:5000/connect/token

    image-20200613165200371

  2. http://localhost:5000/connect/userinfo 将type设置成bearer token,token填入上面获得的access_token

image-20200613165246959

3.注意发布release后.配置表中的 ..如果配置错误将会认证失败

appsettings.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
"App": {
"SelfUrl": "http://localhost:5000"
},
"ConnectionStrings": {
"Default": "Server=localhost;User Id=root;Password=123456;Database=dothass.blog"
},
"AuthServer": {
"Authority": "http://localhost:5000"
},
"IdentityServer": {
"Clients": {
"Blog_App": {
"ClientId": "Blog_App"
}
}
}
}

appsettings.Development.json

1
2
3
4
5
6
7
8
{
"App": {
"SelfUrl": "https://localhost:44377"
},
"AuthServer": {
"Authority": "https://localhost:44377"
}
}

还要注意请求的域名是否一样,127.0.0.1或者localhost…可能返回结果即使一样.但是不能授权.

使用http://jwt.calebb.net/解析看下access_token

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{
alg: "RS256",
kid: "1oauLjO2TtmvAH-4A7CCLg",
typ: "at+jwt"
}.
{
nbf: 1592054993,
exp: 1623590993,
iss: "http://127.0.0.1:5000",
aud: "Blog",
client_id: "Blog_App",
sub: "fa9626f7-0f6f-6158-2afd-39f5a7f6d03f",
auth_time: 1592054993,
idp: "local",
role: "admin",
name: "admin",
email: "admin@abp.io",
email_verified: false,
scope: [
"address",
"email",
"openid",
"phone",
"profile",
"role",
"Blog",
"offline_access"
],
amr: [
"pwd"
]
}.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
	{
alg: "RS256",
kid: "1oauLjO2TtmvAH-4A7CCLg",
typ: "at+jwt"
}.
{
nbf: 1592055396,
exp: 1623591396,
iss: "http://localhost:5000",
aud: "Blog",
client_id: "Blog_App",
sub: "fa9626f7-0f6f-6158-2afd-39f5a7f6d03f",
auth_time: 1592055396,
idp: "local",
role: "admin",
name: "admin",
email: "admin@abp.io",
email_verified: false,
scope: [
"address",
"email",
"openid",
"phone",
"profile",
"role",
"Blog",
"offline_access"
],
amr: [
"pwd"
]
}.