问题描述
我有 2 个 asp.net core 3.1 应用程序。其中一个是 IdentityServer,另一个是 Client,这使得 OpenID 连接到 IdentityServer,如果 操作方法具有授权属性。
- 我的 IdentityServer 没有什么奇怪的。只有一些 InMemory 客户和用户:
// User 1
{
"SubjectId": 1,"Username": "MyName","Password": "MyPassword"
}
// Client 1
{
"ClientId": "ClientID","ClientName": "This is MVC1 Client","ClientSecrets": [{
"Value": "ClientSecret"
}],"AllowedGrantTypes": [ "authorization_code" ],"RedirectUris": [ "http://localhost:7573/signin-oidc" ],"PostlogoutRedirectUris": [ "http://localhost:7573/signin-oidc" ],"AllowedScopes": [
"openid","profile","address","email","phone"
],"RequirePkce": true,"AllowPlainTextPkce": false
}
- 这是我的客户端应用程序:
services
.AddAuthentication(options => {
options.DefaultScheme = "Cookie";
options.DefaultChallengeScheme = "OIDC";})
.AddCookie("Cookie")
.AddOpenIdConnect("OIDC",options => { // This config used for Authentication
options.SignInScheme = "Cookie";
options.SignOutScheme = "Cookie";
options.Authority = "http://192.168.34.33:80"; // My Remote Server
options.RequireHttpsMetadata = false;
options.ClientId = "MVC1";
options.ClientSecret = "MVC1";
options.ResponseType = "code";
options.UsePkce = true;
options.Savetokens = true;
options.ResponseMode = "query";
options.CallbackPath = "/signin-oidc";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("address");
options.Scope.Add("phone");
});
And This Configuration WORK Well with HTTP 但不是 HTTPS
when i press login,it work ok and after authentication,redirect me back to the client
问题是当我将 Authority URL 更改为 HTTPS 时,我收到一个 远程证书 错误及其正确性,因为我的证书中没有有效的证书IIS
所以:
- 我在 IIS 中创建了一个自签名证书并将其绑定到我的项目:
options.Authority = "https://192.168.34.33:4430"; // My Remote Server
options.RequireHttpsMetadata = true;
现在,当我单击客户端应用程序中的隐私按钮(授权操作方法)时,我看到证书错误:
请帮帮我。我真的很需要帮助。谢谢:))
解决方法
您不能同时使用 IP 地址和 HTTPS,如下所示:
options.Authority = "https://192.168.34.33:4430"; // My remote Server
options.RequireHttpsMetadata = true;
要使 TLS/HTTPS 工作,您必须拥有服务器的域名。否则,客户端谁能知道它在和谁说话?