无法在IIS中运行IdentityServer3

Question

我已经从IdentityServer下载了这里的代码。在IIS中运行IdentityServer3\Host.Web解决方案时，我可以使用TokenClient.RequestResourceOwnerPasswordAsync方法从控制台客户端进行身份验证。

但是，一旦我切换IdentityServer3\Host.Web以直接在IIS下运行，我就会得到以下错误：

HTTP Error 401.1 - Unauthorized 
You do not have permission to view this directory or page using the credentials that you supplied.
Most likely causes:
- The username supplied to IIS is invalid.
- The password supplied to IIS was not typed correctly.
- Incorrect credentials were cached by the browser.
- IIS could not verify the identity of the username and password provided.
- The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
- The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
- Invalid Kerberos configuration may be the cause if all of the following are true:
    - Integrated authentication was used.
    - the application pool identity is a custom account.
    the server is a member of a domain.

为了让IdentityServer3在IIS下工作，我需要配置什么不同的配置？

Answer 1

解决方案1:

这看起来像一个解决方案，就是将身份验证类型更改为PostValues：

var client = new TokenClient(
            authenticationUrl,
            "carbon",
            "21B5F798-BE55-42BC-8AA8-0025B903DC3B",
            AuthenticationStyle.PostValues);

var token = await client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1");

注意，必须在构造函数中设置AuthenticationStyle。在构造后设置它是有问题的，因为身份验证标头是在构造函数中有条件创建的。

解决方案2:

禁用IIS设置中的“基本身份验证”。