In my identityserver app that use idsv4 and run on port "5000" have a client
new Client
{
ClientId = "client",
// no interactive user, use the clientid/secret for authentication
AllowedGrantTypes = GrantTypes.ClientCredentials,
// secret for authentication
ClientSecrets =
{
new Secret("secret".Sha256())
},
// scopes that client has access to
AllowedScopes = { "api1" }
}`
and in my .Net Framework Api's startup class that use port no "7001" :
app.UseIdentityServerBearerTokenAuthentication(
new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:5000",
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { "api1" }
});`
and finally in my client catch token successfully:
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:5000/connect/token",
"client",
"secret");
return client.RequestClientCredentialsAsync("api1").Result;
}`
but when i use this token to call api:
static void CallApi(TokenResponse response)
{
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
Console.WriteLine(client.GetStringAsync("http://localhost:7001/api/identity/get").Result);
}
client throw an exception:
Response status code does not indicate success: 401 (Unauthorized). I have done all of them in core api and every things are ok!!
After switching to X509 certificate instead of the certificate that comes with the samples, everything started working fine.
Get rid of .AddDeveloperSigningCredential() and use .AddSigningCredential(GET_THE_CERT_FROM_YOUR_CERT_STORE)
来源:https://stackoverflow.com/questions/40760087/identity-server-4-token-not-validate-in-netframework-api-that-use-identity-serv