问题描述
我遇到了一些麻烦。我将 Openiddict 与 AspNet.Security.OpenID.Steam 一起使用并收到了不记名令牌 (Guide) 但是当我发送请求时我看到了它
system.invalidOperationException:检索 OpenIddict 验证上下文时发生未知错误。 在 OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleAuthenticateAsync() 在 Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync() 在 Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext 上下文,字符串方案) 在 Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy 策略,HttpContext 上下文) 在 Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext 上下文) 在 Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
services.AddAuthentication()
.AddCookie()
.AddSteam(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.ApplicationKey = configuration["Steam:ApiKey"];
});
services.AddOpenIddict()
.AddServer(options =>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetTokenEndpointUris("/connect/token");
options.EnableDegradedMode();
options.UseAspNetCore();
options.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
options.AddEventHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.RedirectUri,"https://localhost:5001",StringComparison.Ordinal) &&
!string.Equals(context.RedirectUri,"http://localhost:4200",StringComparison.Ordinal))
{
context.Reject(
error: OpenIddictConstants.Errors.InvalidClient,description:
"The specified 'redirect_uri' is not valid for this client application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.ValidatetokenRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
if (!string.Equals(context.ClientId,"angular_client",description: "The specified 'client_id' doesn't match a registered application.");
return default;
}
return default;
}));
options.AddEventHandler<OpenIddictServerEvents.HandleAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(async context =>
{
var request = context.Transaction.GetHttpRequest() ??
throw new InvalidOperationException(
"The ASP.NET Core request cannot be retrieved.");
var principal =
(await request.HttpContext.AuthenticateAsync(SteamAuthenticationDefaults
.AuthenticationScheme))?.Principal;
if (principal == null)
{
await request.HttpContext.ChallengeAsync(SteamAuthenticationDefaults
.AuthenticationScheme);
context.HandleRequest();
return;
}
var identity = new ClaimsIdentity(TokenValidationParameters.DefaultAuthenticationType);
identity.AddClaim(new Claim(OpenIddictConstants.Claims.Subject,principal.GetClaim(ClaimTypes.NameIdentifier)));
foreach (var claim in identity.Claims)
{
claim.SetDestinations(OpenIddictConstants.Destinations.Accesstoken);
}
context.Principal = new ClaimsPrincipal(identity);
}));
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});
我在github下面的代码!
https://github.com/Excalib88/SteamGames/blob/master/SteamGames.Web/Extensions/ServiceCollectionExtensions.cs 拜托,你能帮我吗!我花了很多时间来修复它((
解决方法
ASP.NET Core 身份验证和授权中间件的顺序不正确:必须在 app.UseAuthentication() 之前调用 app.UseAuthorization()。