IdentityServer4 遇到的坑

1.Error connecting to http://..../.well-known/openid-configuration. HTTPS required.

　　部署IdentityServer4 之后遇到的坑

　　參考 https://www.cnblogs.com/stulzq/p/9594623.html

　　IdentityServer4解決辦法

　　

 

2.在identityServer 服務端登錄后重定向時，遇到錯誤 http://localhost:56468/signin-oidc signin-oidc 報404

 

　　需要在Startup.cs 中 Configure 啟動 添加 app.UseAuthentication(); 中間件，最好放在app.UseAuthorization() 之前

3.Correlation failed.  錯誤如下

　　

　　這是由谷歌內核瀏覽器 cookie 策略引起的，參考 http://www.ruanyifeng.com/blog/2019/09/cookie-samesite.html

　　a.換一個不是谷歌內核的瀏覽器

　　b.如下

 　　代碼如下

services.Configure<CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                options.Secure = CookieSecurePolicy.SameAsRequest;
                options.OnAppendCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                options.OnDeleteCookie = cookieContext =>
                    AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            });

　　參考具體代碼  

　　https://github.com/skoruba/IdentityServer4.Admin/blob/master/src/Skoruba.IdentityServer4.Shared/Authentication/AuthenticationHelpers.cs

public static class AuthenticationHelpers
    {
        public static void CheckSameSite(HttpContext httpContext, CookieOptions options)
        {
            if (options.SameSite == SameSiteMode.None)
            {
                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent))
                {
                    // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
                    options.SameSite = SameSiteMode.Unspecified;
                }
            }
        }

        public static bool DisallowsSameSiteNone(string userAgent)
        {
            // Cover all iOS based browsers here. This includes:
            // - Safari on iOS 12 for iPhone, iPod Touch, iPad
            // - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
            // - Chrome on iOS 12 for iPhone, iPod Touch, iPad
            // All of which are broken by SameSite=None, because they use the iOS networking stack
            if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12"))
            {
                return true;
            }

            // Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
            // - Safari on Mac OS X.
            // This does not include:
            // - Chrome on Mac OS X
            // Because they do not use the Mac OS networking stack.
            if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") &&
                userAgent.Contains("Version/") && userAgent.Contains("Safari"))
            {
                return true;
            }

            // Cover Chrome 50-69, because some versions are broken by SameSite=None, 
            // and none in this range require it.
            // Note: this covers some pre-Chromium Edge versions, 
            // but pre-Chromium Edge does not require SameSite=None.
            if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6"))
            {
                return true;
            }

            return false;
        }
    }

4. 錯誤 OpenIdConnectProtocolException: 'access_denied' 或者 OpenIdConnectProtocolException: Message contains error: 'invalid_client',

　　

 　　解決辦法 

 　　

　　檢測你的秘鑰是否正確

　　

　　這才是秘鑰。

 5.默認情況下 HttpContext.User.Claims中是不帶用戶授權的一些身份信息的

　　1.解決辦法

　　

　　2. 開源的客戶端