1. 首頁
  2. 問答
  3. 安全身份管理器與IdentityServer3

安全身份管理器與IdentityServer3

2016-02-28 52 views
1

在我的設置中我有身份服務器IdentityServer同一主機上的IdentityManager。 所有必需的配置都在數據庫上。安全身份管理器與IdentityServer3

要創建我的安裝程序,我已考慮了在stackoverflow.com上的this question,然後關注關於此問題的所有討論github issue

我也訂閱了Gitter以找到所提到的SO問題上提到的談話。我的設置幾乎與@ilter完全相同。

然而,在我來說,我不斷收到

Error: You are not authorized to use this service.

通過看我不發現任何錯誤日誌,但似乎一切正常

iisexpress.exe Information: 0 : 2016-02-28 01:15:48.578 +01:00 [Information] User is not authenticated. Redirecting to login. 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.587 +01:00 [Information] End authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.588 +01:00 [Information] Redirecting to login page 
2016-02-28 01:15:48.598 +01:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\",\"ClientId\":\"idmgr_client\",\"AcrValues\":[],\"Created\":635922153485649371}" 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.636 +01:00 [Information] Login page requested 
2016-02-28 01:15:48.657 +01:00 [Debug] signin message passed to login: "{ 
    \"ReturnUrl\": \"https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https%3A%2F%2Flocalhost%3A44304&response_mode=form_post&response_type=id_token&scope=openid%20idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\", 
    \"ClientId\": \"idmgr_client\", 
    \"IdP\": null, 
    \"Tenant\": null, 
    \"LoginHint\": null, 
    \"DisplayMode\": null, 
    \"UiLocales\": null, 
    \"AcrValues\": [], 
    \"Created\": 635922153485649371 
}" 
iisexpress.exe Information: 0 : 2016-02-28 01:15:48.676 +01:00 [Information] rendering login page 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.024 +01:00 [Information] Login page submitted 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.117 +01:00 [Information] Login credentials successfully validated by user service 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.123 +01:00 [Information] Calling PostAuthenticateAsync on the user service 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.127 +01:00 [Information] issuing primary signin cookie 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.131 +01:00 [Information] redirecting to: https://localhost:44304/core/connect/authorize?client_id=idmgr_client&redirect_uri=https:%2F%2Flocalhost:44304&response_mode=form_post&response_type=id_token&scope=openid idmgr&state=OpenIdConnect.AuthenticationProperties%3DjVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4&nonce=635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.150 +01:00 [Information] Start authorize request protocol validation 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.165 +01:00 [Information] "Authorize request validation success" 
"{ 
    \"ClientId\": \"idmgr_client\", 
    \"ClientName\": \"IdentityManager\", 
    \"RedirectUri\": \"https://localhost:44304\", 
    \"AllowedRedirectUris\": [ 
    \"https://localhost:44304\" 
    ], 
    \"SubjectId\": \"8029ac3e-72cb-4fc9-907b-eb99feecbbd6\", 
    \"ResponseType\": \"id_token\", 
    \"ResponseMode\": \"form_post\", 
    \"Flow\": \"Implicit\", 
    \"RequestedScopes\": \"openid idmgr\", 
    \"State\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\", 
    \"Nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\", 
    \"SessionId\": \"3c7c7e15d39b88d0989e7051b02502bd\", 
    \"Raw\": { 
    \"client_id\": \"idmgr_client\", 
    \"redirect_uri\": \"https://localhost:44304\", 
    \"response_mode\": \"form_post\", 
    \"response_type\": \"id_token\", 
    \"scope\": \"openid idmgr\", 
    \"state\": \"OpenIdConnect.AuthenticationProperties=jVlpr2PjZWgTlrCDJdsIJvdfrhUBQhR4poOyPFrv0hXsxHmYajBzTy2EJJAj8PUgqi6iQzjgjX-hBb9CJU12rmR6xW_7exeh2aIEOObOXbVQ49OPbdIhSBKxha5kLWZw4iEuPEX6Ky5hoZbf9B2umZNPhh3HjsyxRZzqZoy4J2kijeza-1kEzUdhekvCj9Jat8_3QhvGWYvVQwA6fNneCm42w7sFCnljj6Sv1U8YIwBL2AMIi6d3yfQ-dQZ4ECVOVb53E_JgA8b-kVmIbwVcN-Re_8oyG6ebzU0GHAbygu4\", 
    \"nonce\": \"635922153485579567.YjgxMzg2NjgtNWViMS00YjRlLWJhYTItZTY2YTA1NDgxODc1ODQyYWQ1ZjYtMTM2Yi00Yzc0LWE5YjItZTg3NTQwYzQzNDVk\" 
    } 
}" 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Creating Implicit Flow response. 
2016-02-28 01:17:42.170 +01:00 [Debug] Creating identity token 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.170 +01:00 [Information] Getting claims for identity token for subject: 8029ac3e-72cb-4fc9-907b-eb99feecbbd6 
2016-02-28 01:17:42.177 +01:00 [Debug] Creating JWT identity token 
2016-02-28 01:17:42.189 +01:00 [Debug] Adding client "idmgr_client" to client list cookie for subject "8029ac3e-72cb-4fc9-907b-eb99feecbbd6" 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] End authorize request 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.190 +01:00 [Information] Posting to https://localhost:44304 
2016-02-28 01:17:42.190 +01:00 [Debug] Using DefaultViewService to render authorization response HTML 
iisexpress.exe Information: 0 : 2016-02-28 01:17:42.438 +01:00 [Information] User is authenticated from Cookies

什麼建議嗎?

來源

2016-02-28 Lorenzo

回答

2

也許你的用戶沒有角色:IdentityManagerAdministrator。在IdentityManager Web API配置中,我可以看到以下授權過濾器,其中管理角色名稱是IdentityManagerAdministrator。

config.Filters.Add(new AuthorizeAttribute() { Roles = options.SecurityConfiguration.AdminRoleName });

嘗試添加角色要求你登錄的用戶,或更換過濾器來檢查當前用戶有其他的作用。

來源

2016-02-28 06:19:02 rawel

+0

AdminRoleName看來我真的需要一些休息!謝謝你的回答;) – Lorenzo

2

看來你沒有正確的管理員角色

您可以指定SecurityConfiguration

app.Map("/idm", manageApp => { 
    manageApp.UseIdentityManager(new IdentityManagerOptions { 
     SecurityConfiguration = new HostSecurityConfiguration { 
      // Identity Manager Role 
      AdminRoleName = "IdmAdmin" 
     } 
    }); 
});

來源

2016-03-21 02:13:12 Moes

+0

是的。 +1提到配置選項。 – rawel

相關問題

 相關問題