VIKEnut'

Es

РусскийPortuguês

Tema oscuro

Escribir

Tema oscuro

Es

РусскийPortuguês
identityserver4asp.net-core-2.0

Detener el token de acceso caducado al recuperar datos del servidor de recursos

He estado jugando con IDS 4 y tengo un pequeño problema. Establecí el tiempo de vida de mi token en aproximadamente 15 segundos y, a pesar de que caducaron, aún puedo recuperar la fecha de mi servidor de recursos. Si elimino el token de mi encabezado en la llamada del cliente, obtengo un error 401.

Client

    [Authorize]
    public async Task<ActionResult> Shouts()
    {

        var accessToken = await HttpContext.GetTokenAsync("access_token");
        var tokenh = new JwtSecurityTokenHandler();

        var jwtSecurityToken= tokenh.ReadJwtToken(accessToken);

        var val = jwtSecurityToken.ValidTo;



        using (var client = new HttpClient())
        {

            client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
            var rawResponse = await client.GetAsync("http://localhost:5002/api/Values/Get");

            if (rawResponse.StatusCode == System.Net.HttpStatusCode.Unauthorized)
            {
                var refreshSucc = await this.RefreshTokensAsync(this.HttpContext);
                if (!refreshSucc)
                {
                    var authServerInfo = await this.GetAuthenticationServerInfo();
                    return Redirect(authServerInfo.AuthorizeEndpoint);
                }
            }

            var response = await (rawResponse).Content.ReadAsStringAsync();
            var data = JsonConvert.DeserializeObject<List<String>>(response);
            return View("Shouts", data);
        }
    }
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {

            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            services.AddAuthentication(options =>
            {                
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";                
            })
                .AddCookie("Cookies",o=>o.LogoutPath="/home/logout")
                .AddOpenIdConnect("oidc", opt => 
                {
                    opt.SignInScheme = "Cookies";
                    opt.Authority = "http://localhost:5000";
                    opt.RequireHttpsMetadata = false;
                    opt.ClientId = "AuthTest_Code";
                    opt.ClientSecret = "secret";
                    opt.ResponseType = "id_token code";
                    opt.Scope.Add("TestAPI");
                    opt.Scope.Add("offline_access");
                    opt.Scope.Add("email");
                    opt.GetClaimsFromUserInfoEndpoint = true;
                    opt.SaveTokens = true;                    
                });
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseBrowserLink();
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }

            app.UseStaticFiles();

            app.UseAuthentication();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }

Auth Server

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {              
               new Client
            {
                ClientId = "AuthTest_Code",
                ClientSecrets=new []{new Secret("secret".Sha256()) },
                AllowedGrantTypes = GrantTypes.Hybrid,
                AllowedScopes = new List<string>
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,                        
                    "TestAPI"
                },
                AllowAccessTokensViaBrowser=true,
                AllowOfflineAccess=true,
                RedirectUris = new [] { "http://localhost:5001/signin-oidc" },
                PostLogoutRedirectUris={ "http://localhost:5001/signout-callback-odic"},
                RequireConsent=false,
                AccessTokenLifetime=15,
                AbsoluteRefreshTokenLifetime=15
            }
        };
    }

public class Startup
{
    public IHostingEnvironment Environment { get; }

    public Startup(IHostingEnvironment environment)
    {
        Environment = environment;
    }
    // This method gets called by the runtime. Use this method to add services to the container.
    // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
    public void ConfigureServices(IServiceCollection services)
    {
        var isServer = services.AddIdentityServer()                
            .AddSigningCredential(new X509Certificate2(@"C:\OpenSSLCerts\Authenticate.pfx", "Password1"))
            .AddInMemoryApiResources(TestConfig.GetApis())
            .AddInMemoryClients(TestConfig.GetClients())
            .AddInMemoryIdentityResources(TestConfig.GetIdentityResources())
            .AddTestUsers(TestConfig.GetUsers());


        services.AddMvc();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (Environment.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseIdentityServer();

        app.UseStaticFiles();

        app.UseMvcWithDefaultRoute();
    }
}

Resource Server

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;

namespace ResourceAPI
{
    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvcCore()
                .AddAuthorization()
                .AddJsonFormatters();

            services.AddAuthentication("Bearer")                
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = "http://localhost:5000";
                    options.RequireHttpsMetadata = false;                    
                    options.ApiName = "TestAPI";                    
                });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            app.UseAuth,entication();
            app.UseMvc();
        }
    }
}


    [Route("api/[controller]")]
    public class ValuesController:ControllerBase
    {
        [HttpGet]
        [Route("Get")]
        [Authorize]
        public async Task<IActionResult> Get()
        {
            var username = User.Claims.FirstOrDefault(t => t.Type == "email")?.Value;
            return Ok(new string[] { "value1", "value2" });
        }      
    }

Access simbólico: eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ0Q0Q4NjFEQjA0MzdEMUM4NUY2REU0MTIyMkFDOEIwMTE3M0Q2MTAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJSTTJHSGJCRGZSeUY5dDVCSWlySXNCRnoxaEEifQ.eyJuYmYiOjE1NDIxMjc4OTQsImV4cCI6MTU0MjEyNzkwOSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJUZXN0QVBJIl0sImNsaWVudF9pZCI6IkF1dGhUZXN0X0NvZGUiLCJzdWIiOiIxIiwiYXV0aF90aW1lIjoxNTQyMTI3ODkzLCJpZHAiOiJsb2NhbCIsImVtYWlsIjoiRGF2aWRAQUJldHRlckxpZmUuY28uemEiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiZW1haWwiLCJUZXN0QVBJIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.hNskjZz3IBqPg_5T0xVwYEP5RukcMt3l019PRp74vNBkiEr6FLvBADa_eylhNGA8qDd7SwyDkq6APaKxaNt0YybAChZvFW6pzLlfknVVHM1vuN7PDOX9PNGhFK9kSONBypXo6JqV3epactsmJvhr3FZxBSufUDRyV4j_YY3O8TCjJf_5UORc_3ox9clNdjt-VX-BlcDjVbpBw2P76F3pq2IPPDM139H4qYcyaTzSlEbFd3EdVwO6O85bWM1G8yQ9zQAUk23It29oHxTtwsi5Wg4Zpmt7K7AlvKjKxKoxw_Y32QdBkGY9xU_KXOn4h0WJV3LG-InZc7BveLGHq6ncaQ

Respuestas a la pregunta(2)

Su respuesta a la pregunta

Preguntas populares

0 la respuesta

Gradiente de color en un treemap para D3

0 la respuesta

Cambiar nombre de elemento de PowerShell si existe un archivo

0 la respuesta

Transposición de dos campos a una clave única en R [duplicado]

0 la respuesta

Qt herencia múltiple y señales

0 la respuesta

error: recurso android: attr / fontVariationSettings no encontrado