我已经在ADFS中创建了一个应用程序组,其中包含1个客户端和1个资源服务器。 我已经设法在客户端上实现了流程(我获得了访问令牌),但是当传递给资源服务器api时,它不会验证访问令牌。我想念什么?
我在资源服务器的startup.cs中的代码如下:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
ConfigureOAuth(app);
// more code here
}
public void ConfigureOAuth(IAppBuilder app)
{
var issuer = "http://adfserver/adfs/services/trust";
var audience = "https://client";
// Api controllers with an [Authorize] attribute will be validated with JWT
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new[] { audience },
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true
},
});
}
答案 0 :(得分:0)
设法解决了这个问题。我必须从ADFS服务器获取登录密钥。下面是一个工作代码:
public void ConfigureOAuth(IAppBuilder app) {
var issuer = $"http://{myAdfSserver}/adfs/services/trust";
var audience = "audience";
ConfigurationManager<OpenIdConnectConfiguration> configurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>(
$"https://{myAdfSserver}/adfs/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever());
var openIdConfig = await configurationManager.GetConfigurationAsync();
TokenValidationParameters validationParameters =new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = issuer,
ValidateAudience = true,
ValidAudience = audience,
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
IssuerSigningKeys = openIdConfig.SigningKeys,
ValidateLifetime = true
};
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new string[] { audience },
TokenValidationParameters = validationParameters
});
}
此外,请确保您的Web请求使用的是TLS12(默认情况下使用.net framework 4.6.1)。我已经在Startup.cs类中对此进行了设置。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;