小贝子编程

Identity Server 3-未读取令牌终结点的已发布数据



我在生产中使用的应用程序遇到了一个奇怪的问题。

该应用程序是一个Asp.net 4.7.2 Webapi,由一个嵌入式Identity Server 3实例和一个用于文档的swagger实例保护。

我只需要客户端身份验证,所以我选择client credential作为流。

这些是应用程序的主要配置数据。

new Client {
ClientName = "GDPR Logger Client",
Enabled = true,
ClientId = "gdpr_logger",
Flow = Flows.ClientCredentials,
AccessTokenType = AccessTokenType.Reference,
ClientSecrets = new List<Secret> {
new Secret("secret".Sha256())
},
AllowedScopes = new List<string> {
"write"
},
AccessTokenLifetime = 30
}
app.Map("/auth", auth => {
var options = new IdentityServerOptions {
SiteName = "GDPR LOGGER Authentication Server",
SigningCertificate = LoadCertificate(),
RequireSsl = true,
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(new List<InMemoryUser>())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
};
auth.UseIdentityServer(options);
});
private static X509Certificate2 LoadCertificate() {
certificateFilePath = HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["RelativeCertPath"]);
X509Certificate2 cert = new X509Certificate2();
cert.Import(certificateFilePath, "GDPRLoggerCert",           X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
return cert;}

在我的本地机器中,一切都很完美,但我一把它放在服务器上,Identity server就停止工作了。

当我尝试获取客户端的访问令牌(具有client_credentials流(时,Identity Server在我POSThttps://{my-server}/auth/connect/token时用invalid_client响应我,所有数据都作为请求grant_type=client_credentials&client_id=gdpr_logger&client_secret=secret&scope=write中的application/x-www-form-urlencoded内容。

2018-11-20 09:14:20,035 [244] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - Start token request
2018-11-20 09:14:20,066 [244] DEBUG IdentityServer3.Core.Validation.ClientSecretValidator - Start client validation
2018-11-20 09:14:20,066 [244] DEBUG IdentityServer3.Core.Validation.BasicAuthenticationSecretParser - Start parsing Basic Authentication secret
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.PostBodySecretParser - Start parsing for secret in post body
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.PostBodySecretParser - No secret in post body found
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.X509CertificateSecretParser - Start parsing for X.509 certificate
2018-11-20 09:14:20,082 [244] DEBUG IdentityServer3.Core.Validation.X509CertificateSecretParser - client_id is not found in post body
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Validation.SecretParser - Parser found no secret
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Validation.ClientSecretValidator - No client secret found
2018-11-20 09:14:20,082 [244] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - End token request
2018-11-20 09:14:20,097 [244] INFO  IdentityServer3.Core.Results.TokenErrorResult - Returning error: invalid_client

如果我指定client_idclient_secret作为基本身份验证头标识服务器,则用unsupported_grant_type响应我。

2018-11-20 09:08:36,113 [323] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - Start token request
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.ClientSecretValidator - Start client validation
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.BasicAuthenticationSecretParser - Start parsing Basic Authentication secret
2018-11-20 09:08:36,144 [323] DEBUG IdentityServer3.Core.Validation.SecretParser - Parser found secret: BasicAuthenticationSecretParser
2018-11-20 09:08:36,144 [323] INFO  IdentityServer3.Core.Validation.SecretParser - Secret id found: gdpr_logger
2018-11-20 09:08:36,160 [323] DEBUG IdentityServer3.Core.Validation.SecretValidator - Secret validator success: HashedSharedSecretValidator
2018-11-20 09:08:36,160 [323] INFO  IdentityServer3.Core.Validation.ClientSecretValidator - Client validation success
2018-11-20 09:08:36,176 [323] INFO  IdentityServer3.Core.Validation.TokenRequestValidator - Start token request validation
2018-11-20 09:08:36,363 [323] ERROR IdentityServer3.Core.Validation.TokenRequestValidator - Grant type is missing.
{
"ClientId": "gdpr_logger",
"ClientName": "GDPR Logger Client",
"Raw": {}
}
2018-11-20 09:08:36,363 [323] INFO  IdentityServer3.Core.Endpoints.TokenEndpointController - End token request
2018-11-20 09:08:36,379 [323] INFO  IdentityServer3.Core.Results.TokenErrorResult - Returning error: unsupported_grant_type

正如您在Raw中的最后一个日志中所看到的,帖子中的数据似乎不是从Identity Server读取/获取的。

我不明白问题出在哪里。

我的服务器管理器解决了这个问题。

在我的案例中,二级域的ModSecurity(在Web应用程序防火墙内的Plesk中(阻止了发布数据,因为这违反了它的规则。

禁用或编辑规则解决了问题。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium