问题描述
我正在开展一个项目,其中第三方提供商将充当基于 Oauth2 的授权服务器.一个基于 Asp.net MVC 5 的客户端,它将用户发送到授权服务器进行身份验证(使用登录名/密码),并且身份验证服务器将返回一个访问令牌返回给 MVC 客户端.对资源服务器 (API) 的任何进一步调用都将使用访问令牌进行.
I am working on a project where a third party provider will act as an Oauth2 based Authorization Server. An Asp.net MVC 5 based client which will send the user to the authorization server to authenticate (using login / password) and the auth server will return an access token back to the MVC client. Any further calls to resource servers (APIs) will be made using the access token.
为了实现这一点,我使用了 Microsoft.Owin.Security.OpenIdConnect 和 UseOpenIdConnectAuthentication 扩展.我能够成功重定向并从身份验证服务器获取访问令牌,但客户端没有创建身份验证 Cookie.每次我尝试访问安全页面时,都会获得带有访问令牌的回调页面.
To achieve this I am using Microsoft.Owin.Security.OpenIdConnect and the UseOpenIdConnectAuthentication extension. I am able to successfully redirect and get the access token from the auth server but the client is not creating an Authentication Cookie. Every time I try to access a secured page, I get the callback page with access token.
我在这里缺少什么?我当前的代码如下.
What am I missing here? My current code is below.
安全控制器操作:
启动类: