Проблема с механизмом авторизации OpenId. ⇐ C#

[Anonymous]

Я работаю над микросервисной архитектурой со следующими проектами: WEB, API и AUTH. Я столкнулся с проблемой в веб-проекте: мне нужно получить токен аутентификации из службы AUTH.
Файл конфигурации веб-проекта:

Код: Выделить всё

Code:
using IdentityModel.Client;
using Mango.Web;
using Mango.Web.Services;
using Mango.Web.Services.Interfaces;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.CodeAnalysis.Options;
using Microsoft.Extensions.Options;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddHttpClient();
ServiceUrls.ProductAPIBase = builder.Configuration["ServiceUrls:ProductAPI"];

builder.Services.AddScoped();
builder.Services.AddControllersWithViews();

builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(10);
options.LoginPath = "/Account/Login";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = builder.Configuration["ServiceUrls:IdentityAPI"];
options.ClientId = "mango";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("mango");
options.SaveTokens = true;

options.CallbackPath = "/signin-oidc";
options.SignedOutCallbackPath = "/signout-callback-oidc";

options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};

options.Events = new OpenIdConnectEvents
{
OnTokenResponseReceived = async context =>
{
var tokens = context.TokenEndpointResponse;
if (tokens != null)
{
// Установка куки с токеном доступа
context.HttpContext.Response.Cookies.Append("access_token", tokens.AccessToken, new CookieOptions
{
HttpOnly = true,
Secure = true,
SameSite = SameSiteMode.None,
Expires = DateTimeOffset.UtcNow.AddMinutes(10)
});
}
}
};
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days.  You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");

app.Run();

Файл конфигурации проекта идентификации

Код: Выделить всё

using Mango.Services.Identity;
using Mango.Services.Identity.Entities;
using Mango.Services.Identity.Initializer;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddControllersWithViews();

builder.Services.AddDbContext(options =>
{
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));
});

builder.Services.AddIdentity( options =>
{
options.SignIn.RequireConfirmedAccount = true;
})
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();

builder.Services.AddScoped();

builder.Services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.EmitStaticAudienceClaim = true;
}).AddInMemoryIdentityResources(Claims.IdentityResource)
.AddInMemoryApiScopes(Claims.ApiScopes)
.AddInMemoryClients(Claims.Clients)
.AddAspNetIdentity()
.AddDeveloperSigningCredential(); ;

builder.Services.AddScoped();

builder.Services.AddRazorPages();

var initializer = builder.Services.BuildServiceProvider().GetService();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days.  You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
initializer.Initialize();
app.UseRouting();
app.UseIdentityServer();

app.UseAuthorization();
app.MapRazorPages();

app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");

app.Run();

Модель страницы проекта идентификации, которая должна вернуть мне токен:

Код: Выделить всё

public async Task OnPost()
{
// check if we are in the context of an authorization request
var context = await _interaction.GetAuthorizationContextAsync(Input.ReturnUrl);

// the user clicked the "cancel" button
if (Input.Button != "login")
{
if (context != null)
{
// This "can't happen", because if the ReturnUrl was null, then the context would be null
ArgumentNullException.ThrowIfNull(Input.ReturnUrl, nameof(Input.ReturnUrl));

// if the user cancels, send a result back into IdentityServer as if they
// denied the consent (even if this client does not require consent).
// this will send back an access denied OIDC error response to the client.
await _interaction.DenyAuthorizationAsync(context, AuthorizationError.AccessDenied);

// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
if (context.IsNativeClient())
{
// The client is native, so this change in how to
// return the response is for better UX for the end user.
return this.LoadingPage(Input.ReturnUrl);
}

return Redirect(Input.ReturnUrl ?? "~/");
}
else
{
// since we don't have a valid context, then we just go back to the home page
return Redirect("~/");
}
}

if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(
Input.Username, Input.Password, Input.RememberLogin, lockoutOnFailure: false);
if (result.Succeeded)
{
var user = await _users.FindByNameAsync(Input.Username);

await _events.RaiseAsync(
new UserLoginSuccessEvent(user.UserName,
user.Id, user.FirstName + " " + user.LastName,
clientId: context?.Client.ClientId));

if (context != null)
{
return Challenge(new AuthenticationProperties { RedirectUri = "/" }, "oidc");
}

if (Url.IsLocalUrl(Input.ReturnUrl))
{
return Redirect(Input.ReturnUrl);
}

else if (string.IsNullOrEmpty(Input.ReturnUrl))
{
return Redirect("~/");
}
else
{
throw new Exception("Invalid return Url");
}
}
const string error = "invalid credentials";
await _events.RaiseAsync(new UserLoginFailureEvent(Input.Username, error, clientId:context?.Client.ClientId));
ModelState.AddModelError(string.Empty, LoginOptions.InvalidCredentialsErrorMessage);
}

// something went wrong, show form with error
await BuildModelAsync(Input.ReturnUrl);
return Page();
}

И текст ошибки:
InvalidOperationException: для схемы «oidc» не зарегистрирован обработчик аутентификации. Зарегистрированные схемы: Identity.Application, Identity.External, Identity.TwoFactorRememberMe, Identity.TwoFactorUserId, idsrv, idsrv.external. Вы забыли вызвать AddAuthentication().AddSomeAuthHandler?
Может кто-нибудь мне с этим помочь?
Мне нужно реализовать обычную авторизацию внутри веб-проекта.

Подробнее здесь: https://stackoverflow.com/questions/788 ... -mechanism