问题描述
正如标题所述,获得:
“ IDX10609:解密失败。未尝试任何密钥:令牌:“ System.String”。”
尝试进行身份验证时出错。将Openiddict用于身份验证服务器。我确定我或api服务器中的配置错误,但是我不知道是什么。我一直在尝试不同的组合,但此刻一直停留。这是身份验证服务器配置:
public void ConfigureServices(IServiceCollection services) {
services.AddDbContext<TrustContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("Trust"),b => b.MigrationsAssembly("Application.Trust"));
options.UseOpenIddict();
});
services.AddDefaultIdentity<AspNetUsers>()
.AddEntityFrameworkStores<TrustContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = Claims.Name;
options.ClaimsIdentity.UserIdClaimType = Claims.Subject;
options.ClaimsIdentity.RoleClaimType = Claims.Role;
});
services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<TrustContext>();
})
.AddServer(options =>
{
options.IgnoreEndpointPermissions()
.IgnoreGrantTypePermissions()
.IgnoreScopePermissions();
// Enable the authorization,logout,token and userinfo endpoints.
options.SetAuthorizationEndpointUris("/connect/authorize")
.SetLogoutEndpointUris("/connect/logout")
.SetTokenEndpointUris("/connect/token")
.SetUserinfoEndpointUris("/connect/userinfo");
options.RegisterScopes(Scopes.Email,Scopes.Profile,Scopes.Roles,Scopes.OpenId);
options.AllowAuthorizationCodeFlow()
.AllowPasswordFlow()
.AllowImplicitFlow()
.AllowHybridFlow()
.AllowRefreshTokenFlow();
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
options.AcceptAnonymousClients();
options.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough()
.EnableLogoutEndpointPassthrough()
.EnableTokenEndpointPassthrough()
.EnableUserinfoEndpointPassthrough()
.EnableStatusCodePagesIntegration();
})
.AddValidation(options =>
{
options.UseLocalServer();
options.UseAspNetCore();
});
API服务器配置:
IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>($"https://localhost:44395/.well-known/openid-configuration",new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConfig = configurationManager.GetConfigurationAsync(CancellationToken.None).Result;
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.IncludeErrorDetails = true;
options.TokenValidationParameters.ValidateIssuer = true;
options.TokenValidationParameters.ValidateAudience = false;
options.TokenValidationParameters.ValidateIssuerSigningKey = false;
options.TokenValidationParameters.ValidIssuer = "https://localhost:44395";
options.TokenValidationParameters.ValidAudiences = new[] { "resource_server_1" };
options.TokenValidationParameters.IssuerSigningKeys = openIdConfig.SigningKeys;
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = c =>
{
c.NoResult();
c.Response.StatusCode = 500;
c.Response.ContentType = "text/plain";
return c.Response.WriteAsync("An error occured processing your authentication. " + c.Exception.Message);
}
};
});
我已经将它与作为身份验证服务器的keycloak一起使用,但是当我切换到OpenIddict时,我遇到了以上错误。我认为我可能缺少签名密钥,或者我的配置/客户端配置有问题吗?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)