具有 EF 标识数据库的身份服务器 4 - OpenID 连接失败 (1)

我有一个带有EF Identity DB的身份服务器4解决方案。我可以使用我的电子邮件和外部Gmail帐户登录，但是当我尝试使用OpenID(用户名和密码)登录时，我收到以下错误。问题可能与存储在身份数据库表中的信息有关。我是身份服务器的新手，这是我第一次尝试使用 EF 身份数据库。如果有助于解决问题，我可以发布数据库信息。

源代码：https://github.com/gotnetdude/GotNetDude-PublicRepository/tree/master/AuthServer

身份服务器日志文件：https://github.com/gotnetdude/GotNetDude-PublicRepository/blob/master/AuthServer_log.txt

MVC 客户端日志：https://github.com/gotnetdude/GotNetDude-PublicRepository/blob/master/MVCClient_log.txt

这是AuthServer Startup代码，我在其中添加oidc mvc客户端作为挑战选项("OpenID Connect")，这是失败的。如果我使用电子邮件凭据登录，MVC 客户端工作正常。我想这与 mvc 客户端上处理范围的方式有关。任何建议不胜感激。

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using AuthServer.Data;
using AuthServer.Models;
using AuthServer.Services;
using System.Reflection;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Extensions.Logging;
namespace AuthServer
{
public class Startup
{
#region "Startup"
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
#endregion
#region "ConfigureServices"
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
string connectionString = Configuration.GetConnectionString("DefaultConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddAspNetIdentity<ApplicationUser>()
// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 15; // interval in seconds. 15 seconds useful for debugging
});
services.AddAuthentication()
.AddGoogle("Google", options =>
{
options.ClientId = "434483408261-55tc8n0cs4ff1fe21ea8df2o443v2iuc.apps.googleusercontent.com";
options.ClientSecret = "3gcoTrEDPPJ0ukn_aYYT6PWo";
})
//.AddOpenIdConnect("oidc", "OpenID Connect", options =>
//{
//    //options.Authority = "https://demo.identityserver.io/";
//    //options.ClientId = "implicit";
//    //options.SaveTokens = true;
.AddOpenIdConnect("oidc", "OpenID Connect", options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.ClientId = "mvc";
//options.Scope.Add("api1.APIScope");
//options.Scope.Add("api1.IdentityScope");
//options.Scope.Add("openid");
//options.GetClaimsFromUserInfoEndpoint = true;
//options.Scope.Add("email");
//options.Scope.Add("profile");
//options.Scope.Add("offline_access");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
}
#endregion
#region "Configure"
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
// app.UseAuthentication(); // not needed, since UseIdentityServer adds the authentication middleware
app.UseIdentityServer();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
#endregion
}
}

在使用AccountService，BuildLoginViewModelAsync方法一段时间后，我意识到电子邮件登录和用户ID登录都使用OpenId。 我决定，与其使用另一个 OpenId 来挑战用户 ID，不如更新帐户控制器登录管理器密码登录同步方法：

//var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberMe, lockoutOnFailure: false);

我还更新了登录视图：

<div class="form-group">
@*<label asp-for="Email"></label>
<input asp-for="User" class="form-control" />
<span asp-validation-for="Email" class="text-danger"></span>*@
<label asp-for="Username"></label>
<input asp-for="Username" class="form-control" />
<span asp-validation-for="Username" class="text-danger"></span>
</div>

我还更新了 InputViewModel：

public class LoginViewModel
{
[Required]
//[EmailAddress]
//public string Email { get; set; }
public string Username { get;  set; }
[Required]
[DataType(DataType.Password)]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
//public object Username { get; internal set; }
public object RememberLogin { get; internal set; }
public string Email { get; internal set; }
}

最后，我删除了 Authority 启动类的 OpenID Connect 质询。

进行上面列出的更改后，我可以使用 EF Identity DB 用户名登录，而不是使用 OpenID 的电子邮件登录。 就我而言，这已经足够好了。我感谢所有的贡献，请随时给我留下任何评论。保罗