问题
In my identityserver app that use idsv4 and run on port "5000" have a client
new Client
{
ClientId = "client",
// no interactive user, use the clientid/secret for authentication
AllowedGrantTypes = GrantTypes.ClientCredentials,
// secret for authentication
ClientSecrets =
{
new Secret("secret".Sha256())
},
// scopes that client has access to
AllowedScopes = { "api1" }
}`
and in my .Net Framework Api's startup class that use port no "7001" :
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:5000",
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { "api1" }
});`
and finally in my client catch token successfully:
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:5000/connect/token",
"client",
"secret");
return client.RequestClientCredentialsAsync("api1").Result;
}`
but when i use this token to call api:
static void CallApi(TokenResponse response)
{
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
Console.WriteLine(client.GetStringAsync("http://localhost:7001/api/identity/get").Result);
}
client throw an exception:
Response status code does not indicate success: 401 (Unauthorized). I have done all of them in core api and every things are ok!!
回答1:
After switching to X509 certificate instead of the certificate that comes with the samples, everything started working fine.
Get rid of .AddDeveloperSigningCredential() and use .AddSigningCredential(GET_THE_CERT_FROM_YOUR_CERT_STORE)
来源:https://stackoverflow.com/questions/40760087/identity-server-4-token-not-validate-in-netframework-api-that-use-identity-serv