子索赔丢失了Mongo的标识服务器4
子索赔丢失了Mongo的标识服务器4
提问于 2020-02-01 03:32:14
我正在使用身份服务器4与MongoDB一起创建身份门户。
services.AddIdentityServer().AddMongoRepository()
.AddMongoDbForAspIdentity<ApplicationUser, IdentityRole>(Configuration)
.AddClients()
.AddIdentityApiResources()
.AddPersistedGrants()
.AddDeveloperSigningCredential();
app.UseMongoDbForIdentityServer();
app.UseIdentityServer();这里是Mongo仓库
namespace IdentityServer.Extension
{
public static class IdentityServerBuilderExtensions
{/// <summary>
/// Adds mongo repository (mongodb) for IdentityServer
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddMongoRepository(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient<IRepository, Repository>();
return builder;
}
/// <summary>
/// Adds mongodb implementation for the "Asp Net Core Identity" part (saving user and roles)
/// </summary>
/// <remarks><![CDATA[
/// Contains implemenations for
/// - IUserStore<T>
/// - IRoleStore<T>
/// ]]></remarks>
public static IIdentityServerBuilder AddMongoDbForAspIdentity<TIdentity, TRole>(this IIdentityServerBuilder builder, IConfigurationRoot configuration) where
TIdentity : ApplicationUser where TRole : Microsoft.AspNetCore.Identity.MongoDB.IdentityRole
{
//User Mongodb for Asp.net identity in order to get users stored
var configurationOptions = configuration.Get<MongoDbConfigurationOptions>();
var client = new MongoClient(configurationOptions.MongoConnection);
var database = client.GetDatabase(configurationOptions.MongoDatabaseName);
// Configure Asp Net Core Identity / Role to use MongoDB
builder.Services.AddSingleton<IUserStore<TIdentity>>(x =>
{
var usersCollection = database.GetCollection<TIdentity>("Identity_Users");
IndexChecks.EnsureUniqueIndexOnNormalizedEmail(usersCollection);
IndexChecks.EnsureUniqueIndexOnNormalizedUserName(usersCollection);
return new UserStore<TIdentity>(usersCollection);
});
builder.Services.AddSingleton<IRoleStore<TRole>>(x =>
{
var rolesCollection = database.GetCollection<TRole>("Identity_Roles");
IndexChecks.EnsureUniqueIndexOnNormalizedRoleName(rolesCollection);
return new RoleStore<TRole>(rolesCollection);
});
builder.Services.AddIdentity<TIdentity, TRole>().AddDefaultTokenProviders();
return builder;
}
/// <summary>
/// Configure ClientId / Secrets
/// </summary>
/// <param name="builder"></param>
/// <param name="configurationOption"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddClients(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient<IClientStore, CustomClientStore>();
builder.Services.AddTransient<ICorsPolicyService, InMemoryCorsPolicyService>();
return builder;
}
/// <summary>
/// Configure API & Resources
/// Note: Api's have also to be configured for clients as part of allowed scope for a given clientID
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddIdentityApiResources(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient<IResourceStore, CustomResourceStore>();
return builder;
}
/// <summary>
/// Configure Grants
/// </summary>
/// <param name="builder">The builder.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddPersistedGrants(this IIdentityServerBuilder builder)
{
builder.Services.TryAddSingleton<IPersistedGrantStore, CustomPersistedGrantStore>();
return builder;
}
}
}帐户控制器
私有只读SignInManager _signInManager;私有只读UserManager _userManager;
public AccountController(
IIdentityServerInteractionService interaction,
IClientStore clientStore,
IAuthenticationSchemeProvider schemeProvider,
IEventService events, UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager)
{
_signInManager = signInManager;
_userManager = userManager;
_interaction = interaction;
_clientStore = clientStore;
_schemeProvider = schemeProvider;
_events = events;
}
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password,
model.RememberLogin, lockoutOnFailure: true);
if (result.Succeeded)
{
var user = await _userManager.FindByNameAsync(model.UserName);
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.Email, clientId: context?.ClientId));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (AccountOptions.AllowRememberLogin && model.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration)
};
};
// issue authentication cookie with subject ID and username
await HttpContext.SignInAsync(user.Id, user.UserName, props);
if (context != null)
{
if (await _clientStore.IsPkceClientAsync(context.ClientId))
{
// if the client is PKCE then we assume it's native, so this change in how to
// return the response is for better UX for the end user.
return View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl });
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return Redirect(model.ReturnUrl);
}
// request for a local page
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
else if (string.IsNullOrEmpty(model.ReturnUrl))
{
return Redirect("~/");
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(model.UserName, "invalid credentials", clientId:context?.ClientId));
ModelState.AddModelError(string.Empty, AccountOptions.InvalidCredentialsErrorMessage);
}运行这一行代码时出现的异常。
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password,model.RememberLogin, lockoutOnFailure: false);异常错误
System.InvalidOperationException: sub claim is missing
at IdentityServer4.Hosting.IdentityServerAuthenticationService.AssertRequiredClaims(ClaimsPrincipal principal)
at IdentityServer4.Hosting.IdentityServerAuthenticationService.AugmentPrincipal(ClaimsPrincipal principal)
at IdentityServer4.Hosting.IdentityServerAuthenticationService.SignInAsync(HttpContext context, String scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
at Microsoft.AspNetCore.Identity.SignInManager`1.SignInWithClaimsAsync(TUser user, AuthenticationProperties authenticationProperties, IEnumerable`1 additionalClaims)
at Microsoft.AspNetCore.Identity.SignInManager`1.SignInOrTwoFactorAsync(TUser user, Boolean isPersistent, String loginProvider, Boolean bypassTwoFactor)
at Microsoft.AspNetCore.Identity.SignInManager`1.PasswordSignInAsync(TUser user, String password, Boolean isPersistent, Boolean lockoutOnFailure)
at Microsoft.AspNetCore.Identity.SignInManager`1.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure)
at IdentityServer.AccountController.Login(LoginInputModel model, String button) in /Users/macbook/Projects/IdentityPortal/IdentityServer/Quickstart/Account/AccountController.cs:line 116
Stack Overflow用户
发布于 2020-03-25 16:02:39
问题是我没有通过主题声明。
public static List<TestUser> GetSampleUsers()
{
var subjectId = Guid.NewGuid().ToString();
return new List<TestUser>
{
new TestUser
{
Username = "admin@local.com",
Password = "RockStar.1",
Claims = new List<Claim>
{
new Claim(JwtClaimTypes.Name, "Admin "),
new Claim(JwtClaimTypes.GivenName, "Admin"),
new Claim(JwtClaimTypes.FamilyName, "add min"),
new Claim(JwtClaimTypes.Email, "admin@local.com"),
new Claim(JwtClaimTypes.Subject, subjectId) --> This solve the issue
}
}
};
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60013744
复制相关文章
相似问题
腾讯云开发者
