本文介绍了错误.“禁止"错误IdentityServer3 Flows.ClientCredentials中的的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的IdentityServer3中有一个客户端

I'm having a Client in my IdentityServer3

new Client
{
    ClientName = "Client Credentials Flow Client With Certificate",
    Enabled = true,
    ClientId = "cc.WithCertificate",
    Flow = Flows.ClientCredentials,

    ClientSecrets = new List<Secret>
        {
            new Secret
            {
                Value = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29",
                Type = Constants.SecretTypes.X509CertificateThumbprint,
                Description = "Client Certificate"
            },
        },

    AllowedScopes = new List<string>
        {
            "read"
        }
},

在Client Windows Form应用程序中,我使用的是从URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx

In Client Windows Form application I'm using "Client.pfx" downloaded from the URL https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Clients/ClientCertificateConsoleClient/Client.pfx

客户端证书具有ThumbPrint

The Client Certificate has the ThumbPrint

Thumbprint = "61B754C541BBCFC6A45A9E9EC5E47D8702B78C29"

客户代码为

var cert = new X509Certificate2("Client.pfx");

var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);

string tokenEndPoint = ConfigurationManager.AppSettings["TokenEndpoint"];

var client = new TokenClient(
    tokenEndPoint,
    "cc.WithCertificate",
    handler);

// Calling the Token Service
var response = client.RequestClientCredentialsAsync("read").Result;

我执行了 https://identityserver.github中指定的配置. io/Documentation/docsv2/advanced/clientCerts.html

<location path="core/connect/token">
  <system.webServer>
    <security>
      <access sslFlags="Ssl, SslNegotiateCert" />
    </security>
  </system.webServer>
</location>

最初它给了我Internal Server Error,后来我将以下模式更改为" Allow "

Initially its gives me the Internal Server Error, later I changed the following mode to "Allow"

文件路径:C:\Windows\System32\inetsrv\config\applicationHost.config

<section name="access" overrideModeDefault="Deny" />

<section name="access" overrideModeDefault="Allow" />

稍后,响应将带有错误状态代码:response.Error ="Forbidden"

Later its the response is coming with an Error Status Code: response.Error ="Forbidden"

在这里,我附上了响应对象的快照

Here with I have attached the Snapshot of Response Object

请协助我解决此问题并使用ClientCertificate获取AccessToken.

Kindly assist me how to fix this issue and get the AccessToken using ClientCertificate.

推荐答案

您正在客户端使用" Client.pfx "证书,并且正在将证书通过.

You are using the "Client.pfx" Certificate in the Client side and your are passing the same to the IdentityServer through HTTP Request.

该证书具有一个根证书,即" DevRoot ",该证书应位于该Trusted Root Certification Authorities中,否则 IIS 不应允许该请求并返回并返回状态代码 403 Forbidden .

The said certificate has a Root Certificate namely "DevRoot", it should be in the said Trusted Root Certification Authorities otherwise the IIS should not allow the request and return back with status code 403 Forbidden.

请仔细查看快照,其中显示" Client.pfx "信息

Kindly have a look into the snapshot and it shows the information of "Client.pfx"

因此,请确保将" DevRoot "安装在"Trusted Root Certification Authorities"中

So, ensure the "DevRoot" is installed in the "Trusted Root Certification Authorities"

如果没有,请下载" DevRoot.cer "并将其导入到上述路径(即Trusted Root Certification Authorities).

If not there kindly download the "DevRoot.cer" and Import the same in the said path (i.e., Trusted Root Certification Authorities).

DevRoot.cer下载URL: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer

DevRoot.cer download URL: https://github.com/IdentityServer/IdentityServer3.Samples/blob/master/source/Certificates/DevRoot.cer

这篇关于错误.“禁止"错误IdentityServer3 Flows.ClientCredentials中的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-29 09:47