403.60 - 使用 Azure 移动应用程序对 Cordova 进行身份验证时出现禁止错误
403.60 - Forbidden error authenticating Cordova with Azure Mobile Apps
解决方案
Phonegap oauth2 redirect issue
身份验证适用于设备但不适用于 Ripple
仍在尝试弄清楚如何让它在 Ripple
上运行
初始问题
我正在按照教程创建一个入门 Cordova 应用程序,并针对 Azure 应用程序服务进行身份验证:
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-cordova-get-started-users/
和
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
我可以直接浏览到位于 zumotest4.azurewebsites.net 的应用服务,但 Cordova 应用(由 Azure 移动应用快速启动生成)失败。 Azure 移动服务调用 client.login('microsoftaccount'); 确实启动了 OAuth 登录页面,但是在提交凭据后,OAuth 登录屏幕保持打开状态并显示空白屏幕。网络跟踪显示 403 禁止回调失败。 Azure 应用服务错误日志将错误报告为 HTTP 错误 403.60 - 禁止访问。
后端 = .NET (C#)
当请求未通过身份验证时,服务器设置为 'Allow request (no action)'。 todo 控制器设置为 [Authorize].
[Authorize]
public class TodoItemController : TableController<TodoItem>
{...
Microsoft 注册应用程序配置:
-移动或桌面客户端应用程序:是
-目标域:空白
-限制JWT发行:是
-根域:zumotest4.azurewebsites.net
-重定向 URL:
*https://zumotest4.azurewebsites.net/.auth/login/microsoftaccount/callback
*https://zumotest4.azurewebsites.net/.auth/login/microsoftaccount
*https://zumotest4.azurewebsites.net/.auth/login/done
*https://zumotest4.azurewebsites.net
Cordova 客户端 CSP:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://login.windows.net https://login.live.com https://zumotest4.azurewebsite...; style-src 'self'">
Cordova 客户端index.js:
function onDeviceReady() {
client = new WindowsAzure.MobileServiceClient('https://zumotest4.azurewebsites.net');
// Login to the service
client.login('microsoftaccount')
.then(function () {
// BEGINNING OF ORIGINAL CODE
// Create a table reference
todoItemTable = client.getTable('todoitem');
// Refresh the todoItems
refreshDisplay();
// Wire up the UI Event Handler for the Add Item
$('#add-item').submit(addItemHandler);
$('#refresh').on('click', refreshDisplay);
// END OF ORIGINAL CODE
}, handleError);
}
网络跟踪:
姓名:https://zumotest4.azurewebsite..."%"3dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3d" -H "Accept-Encoding: gzip, deflate, sdch" -H "Accept-Language: en-US,en;q=0.8" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Referer: https://login.live.com/oauth20..."%"3A"%"2F"%"2Fzumotest4.azurewebsites.net"%"2F.auth"%"2Flogin"%"2Fmicrosoftaccount"%"2Fcallback&response_type=code&scope=wl.basic&state=nonce"%"3Dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3D" -H "Cookie: CompletionOrigin=http://localhost:4400; CompletionType=postMessage; Nonce=JpK4rfK4vvSKl3Mr6xhuJdy5b0xzu2nls5zL4ShiBrxVjw64e9n9/JXXhLlOeq3S8Pn9YFfV9G2RGowbFB4YZem5vCGwDWHV3vHoa0iT3/XvHHA9SAOD5AjlXxN3ffbk; AppServiceSessionMode=token; ARRAffinity=45469bcdd9e2de45e5ee43c5a6d02e5e7b574ac8ea3eb9b10e5cce208e5268b6" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" --compressed
状态:403 - 禁止
类型:文档
发起人:https://zumotest4.azurewebsite..."%"3dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3d" -H "Accept-Encoding: gzip, deflate, sdch" -H "Accept-Language: en-US,en;q=0.8" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Referer: https://login.live.com/oauth20..."%"3A"%"2F"%"2Fzumotest4.azurewebsites.net"%"2F.auth"%"2Flogin"%"2Fmicrosoftaccount"%"2Fcallback&response_type=code&scope=wl.basic&state=nonce"%"3Dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3D" -H "Cookie: CompletionOrigin=http://localhost:4400; CompletionType=postMessage; Nonce=JpK4rfK4vvSKl3Mr6xhuJdy5b0xzu2nls5zL4ShiBrxVjw64e9n9/JXXhLlOeq3S8Pn9YFfV9G2RGowbFB4YZem5vCGwDWHV3vHoa0iT3/XvHHA9SAOD5AjlXxN3ffbk; AppServiceSessionMode=token; ARRAffinity=45469bcdd9e2de45e5ee43c5a6d02e5e7b574ac8ea3eb9b10e5cce208e5268b6" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" --compressed
在此先感谢您的帮助。
需要一些额外的步骤才能在浏览器中进行身份验证。请参阅此 GitHub 问题中提到的解决方案:https://github.com/Azure/azure-mobile-apps-js-client/issues/81。如果有帮助,请告诉我。
解决方案
Phonegap oauth2 redirect issue
身份验证适用于设备但不适用于 Ripple
仍在尝试弄清楚如何让它在 Ripple
初始问题
我正在按照教程创建一个入门 Cordova 应用程序,并针对 Azure 应用程序服务进行身份验证:
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-cordova-get-started-users/
和
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
我可以直接浏览到位于 zumotest4.azurewebsites.net 的应用服务,但 Cordova 应用(由 Azure 移动应用快速启动生成)失败。 Azure 移动服务调用 client.login('microsoftaccount'); 确实启动了 OAuth 登录页面,但是在提交凭据后,OAuth 登录屏幕保持打开状态并显示空白屏幕。网络跟踪显示 403 禁止回调失败。 Azure 应用服务错误日志将错误报告为 HTTP 错误 403.60 - 禁止访问。
后端 = .NET (C#)
当请求未通过身份验证时,服务器设置为 'Allow request (no action)'。 todo 控制器设置为 [Authorize].
[Authorize]
public class TodoItemController : TableController<TodoItem>
{...
Microsoft 注册应用程序配置:
-移动或桌面客户端应用程序:是
-目标域:空白
-限制JWT发行:是
-根域:zumotest4.azurewebsites.net
-重定向 URL:
*https://zumotest4.azurewebsites.net/.auth/login/microsoftaccount/callback
*https://zumotest4.azurewebsites.net/.auth/login/microsoftaccount
*https://zumotest4.azurewebsites.net/.auth/login/done
*https://zumotest4.azurewebsites.net
Cordova 客户端 CSP:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://login.windows.net https://login.live.com https://zumotest4.azurewebsite...; style-src 'self'">
Cordova 客户端index.js:
function onDeviceReady() {
client = new WindowsAzure.MobileServiceClient('https://zumotest4.azurewebsites.net');
// Login to the service
client.login('microsoftaccount')
.then(function () {
// BEGINNING OF ORIGINAL CODE
// Create a table reference
todoItemTable = client.getTable('todoitem');
// Refresh the todoItems
refreshDisplay();
// Wire up the UI Event Handler for the Add Item
$('#add-item').submit(addItemHandler);
$('#refresh').on('click', refreshDisplay);
// END OF ORIGINAL CODE
}, handleError);
}
网络跟踪:
姓名:https://zumotest4.azurewebsite..."%"3dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3d" -H "Accept-Encoding: gzip, deflate, sdch" -H "Accept-Language: en-US,en;q=0.8" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Referer: https://login.live.com/oauth20..."%"3A"%"2F"%"2Fzumotest4.azurewebsites.net"%"2F.auth"%"2Flogin"%"2Fmicrosoftaccount"%"2Fcallback&response_type=code&scope=wl.basic&state=nonce"%"3Dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3D" -H "Cookie: CompletionOrigin=http://localhost:4400; CompletionType=postMessage; Nonce=JpK4rfK4vvSKl3Mr6xhuJdy5b0xzu2nls5zL4ShiBrxVjw64e9n9/JXXhLlOeq3S8Pn9YFfV9G2RGowbFB4YZem5vCGwDWHV3vHoa0iT3/XvHHA9SAOD5AjlXxN3ffbk; AppServiceSessionMode=token; ARRAffinity=45469bcdd9e2de45e5ee43c5a6d02e5e7b574ac8ea3eb9b10e5cce208e5268b6" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" --compressed
状态:403 - 禁止
类型:文档
发起人:https://zumotest4.azurewebsite..."%"3dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3d" -H "Accept-Encoding: gzip, deflate, sdch" -H "Accept-Language: en-US,en;q=0.8" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" -H "Referer: https://login.live.com/oauth20..."%"3A"%"2F"%"2Fzumotest4.azurewebsites.net"%"2F.auth"%"2Flogin"%"2Fmicrosoftaccount"%"2Fcallback&response_type=code&scope=wl.basic&state=nonce"%"3Dc28004776f304afca14c71b77d660d8d_20160311125405"%"26redir"%"3D" -H "Cookie: CompletionOrigin=http://localhost:4400; CompletionType=postMessage; Nonce=JpK4rfK4vvSKl3Mr6xhuJdy5b0xzu2nls5zL4ShiBrxVjw64e9n9/JXXhLlOeq3S8Pn9YFfV9G2RGowbFB4YZem5vCGwDWHV3vHoa0iT3/XvHHA9SAOD5AjlXxN3ffbk; AppServiceSessionMode=token; ARRAffinity=45469bcdd9e2de45e5ee43c5a6d02e5e7b574ac8ea3eb9b10e5cce208e5268b6" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" --compressed
在此先感谢您的帮助。
需要一些额外的步骤才能在浏览器中进行身份验证。请参阅此 GitHub 问题中提到的解决方案:https://github.com/Azure/azure-mobile-apps-js-client/issues/81。如果有帮助,请告诉我。