与 Asp.net 一起使用的 OpenIdConnectAuthentication 应用程序进入 AuthorizationCodeReceived 的无限循环
OpenIdConnectAuthentication, used with Asp.net application goes to infinite loop for AuthorizationCodeReceived
我正在为我的 asp.net 应用程序使用 Owin、OpenId 身份验证来验证使用 Azure 登录的用户。但是一旦我从 azure 完成登录并重定向,AuthorizationCodeReceived 就会进入无限循环。下面是我用过的代码。
我已经尝试了以下不同帖子的各种建议,但对我没有帮助。
https://github.com/IdentityServer/IdentityServer3/issues/3239
infinite loop going back to authentication page when using OAuth in MVC5
- Second sign-in causes infinite redirect loop after the first successful login MVC .NET 5 OWIN ADAL OpenIDConnect
设置回调路径
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseKentorOwinCookieSaver(); //did not work
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
//CookieHttpOnly = false,
//CookieSecure = CookieSecureOption.SameAsRequest, //Did not work
//CookieManager = new SystemWebCookieManager() //did not work
AuthenticationType = "Cookies"
}
);
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLogoutRedirectUri,
CallbackPath = new PathString("/my_Azure/Start.aspx"),
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
return Task.FromResult(0);
}
}
}
);
// This makes any middleware defined above this line run before the Authorization rule is applied in web.config
app.UseStageMarker(PipelineStage.Authenticate);
问题出在 web.config 中的授权设置,我使用了 deny <deny users="*"/> 这导致应用程序拒绝所有授权因此进入循环,当我将其更改为 <deny users="?"/> 它开始工作正常。
我正在为我的 asp.net 应用程序使用 Owin、OpenId 身份验证来验证使用 Azure 登录的用户。但是一旦我从 azure 完成登录并重定向,AuthorizationCodeReceived 就会进入无限循环。下面是我用过的代码。
我已经尝试了以下不同帖子的各种建议,但对我没有帮助。
https://github.com/IdentityServer/IdentityServer3/issues/3239
infinite loop going back to authentication page when using OAuth in MVC5
- Second sign-in causes infinite redirect loop after the first successful login MVC .NET 5 OWIN ADAL OpenIDConnect
设置回调路径
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseKentorOwinCookieSaver(); //did not work app.UseCookieAuthentication(new CookieAuthenticationOptions() { //CookieHttpOnly = false, //CookieSecure = CookieSecureOption.SameAsRequest, //Did not work //CookieManager = new SystemWebCookieManager() //did not work AuthenticationType = "Cookies" } ); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = postLogoutRedirectUri, CallbackPath = new PathString("/my_Azure/Start.aspx"), Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(clientId, appKey); string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); return Task.FromResult(0); } } } ); // This makes any middleware defined above this line run before the Authorization rule is applied in web.config app.UseStageMarker(PipelineStage.Authenticate);
问题出在 web.config 中的授权设置,我使用了 deny <deny users="*"/> 这导致应用程序拒绝所有授权因此进入循环,当我将其更改为 <deny users="?"/> 它开始工作正常。