dotnetcasclient 重定向问题,没有生成日志
dotnetcasclient redirect issue with no logs being generated
我正在尝试在我的网站上为 SSO 实施 dotnet-cas-client。我遵循了此处给出的文档 https://github.com/apereo/dotnet-cas-client/wiki/Getting-Started。我能够连接到 CAS 服务器,并且看到 SSO 的登录页面,但在登录后我收到错误 'page redirected too many times'。我搜索了多个网站并尝试了很多不同的方法,但似乎无法解决问题。我尝试在我的 webconfig 中实现诊断部分以生成日志,这样我就可以了解问题所在但没有生成日志。我粘贴在我的 webconfig 配置下面。有人可以告诉我我做错了什么吗?如果您需要我提供更多信息,请告诉我。
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=301879
-->
<configuration>
<configSections>
<section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<connectionStrings>
<add name="TestConnectionString" connectionString="Data Source=localhost;Initial Catalog=clinical;Persist Security Info=True; Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.diagnostics>
<trace autoflush="true" useGlobalLock="false" />
<sharedListeners>
<!--
Writing trace output to a log file is recommended.
IMPORTANT:
The user account under which the containing application pool runs
must have privileges to create and modify the trace log file.
-->
<add name="TraceFile"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log"
traceOutputOptions="DateTime" />
</sharedListeners>
<sources>
<!-- Provides diagnostic information on module configuration parameters. -->
<source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. -->
<source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides protocol message and routing information. -->
<source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides details on security operations and notable security conditions. -->
<source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
</sources>
<switches>
<!--
Set trace switches to appropriate logging level. Recommended values in order of increasing verbosity:
- Off
- Error
- Warning
- Information
- Verbose
-->
<!--
Config category displays detailed information about CasAuthenticationModule configuration.
The output of this category is only displayed when the module is initialized, which happens
for the first request following application/server startup.
-->
<add name="Config" value="Verbose"/>
<!--
Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule.
This category produces voluminous output in Verbose mode and should be avoided except for
limited periods of time troubleshooting vexing integration problems.
-->
<add name="HttpModule" value="Verbose"/>
<!--
Set to Verbose to display protocol messages between the client and server.
This category is very helpful for troubleshooting integration problems.
-->
<add name="Protocol" value="Verbose"/>
<!--
Displays important security-related information.
-->
<add name="Security" value="Verbose"/>
</switches>
</system.diagnostics>
<system.web>
<authentication mode="Forms">
<forms name=".DotNetCasClientAuth" loginUrl="https://cas.server.com/cas/login" timeout="30" cookieless="UseCookies" defaultUrl="~/Default.aspx" path="/" />
</authentication>
<customErrors mode="Off" />
<compilation targetFramework="4.7.1" debug="true">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<httpRuntime targetFramework="4.7.1" />
<httpModules>
<add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
<authorization>
<allow users = "*" />
</authorization>
<roleManager enabled="true" defaultProvider="AspNetReadOnlyXmlRoleProvider">
<providers>
<add name="AspNetReadOnlyXmlRoleProvider" type="DotNetCasClient.Security.ReadOnlyXmlRoleProvider" xmlFileName="~/App_Data/UserRoles.xml"/>
</providers>
</roleManager>
<siteMap enabled="true">
<providers>
<clear/>
<add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider"/>
</providers>
</siteMap>
<pages enableEventValidation="false" >
<controls>
<add tagPrefix="cas" tagName="CookieViewer" src="~/Controls/CookieViewer.ascx"/>
<add tagPrefix="cas" tagName="TicketManager" src="~/Controls/TicketManager.ascx"/>
</controls>
</pages>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<remove value="iisstart.htm" />
<remove value="index.htm" />
<remove value="index.html" />
<remove value="Default.asp" />
<remove value="Default.htm" />
<add value="index.aspx" />
</files>
</defaultDocument>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules>
<remove name="TelemetryCorrelationHttpModule" />
<remove name="DotNetCasClient" />
<add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" preCondition="integratedMode,managedHandler" />
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
<rewrite>
<rules>
<rule name="HTTPS redirect" enabled="false">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFFS" />
</conditions>
<action type="Rewrite" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" />
<bindingRedirect oldVersion="0.0.0.0-4.0.2.1" newVersion="4.0.2.1" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.4.0" newVersion="5.2.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<casClientConfig casServerLoginUrl="https://cas.server.com/cas/login" casServerUrlPrefix="https://cas.server.com/cas/" serverName="https://mywebsite.com/" redirectAfterValidation="true" renew="false" singleSignOut="true" ticketTimeTolerance="5000" ticketValidatorName="Cas20" serviceTicketManager="CacheServiceTicketManager" />
</configuration>
我通过更改应该生成日志的位置来让日志工作。重定向循环是由 403 forbidden 错误引起的。经过调查,我发现我连接的 CAS 服务器不允许通过端口 443 与我通信,因为该端口已被阻止。端口一打开,CAS就开始工作了。
对于可能遇到同样问题的其他人,我可以通过查看表单部分的 defaultUrl 来解决它。确保此 url 不受 CAS 保护,否则会导致无限重定向循环。
还要确保您的网络服务器上启用了 TLS 1.0 and/or TLS 1.1。如果不是(此时出于安全原因应禁用它们并且仅使用 TLS 1.2),您可以尝试通过在 Global.asax.cs 方法 [=17= 中添加以下代码来强制应用程序的所有请求使用 TLS 1.2 ]:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
我正在尝试在我的网站上为 SSO 实施 dotnet-cas-client。我遵循了此处给出的文档 https://github.com/apereo/dotnet-cas-client/wiki/Getting-Started。我能够连接到 CAS 服务器,并且看到 SSO 的登录页面,但在登录后我收到错误 'page redirected too many times'。我搜索了多个网站并尝试了很多不同的方法,但似乎无法解决问题。我尝试在我的 webconfig 中实现诊断部分以生成日志,这样我就可以了解问题所在但没有生成日志。我粘贴在我的 webconfig 配置下面。有人可以告诉我我做错了什么吗?如果您需要我提供更多信息,请告诉我。
<?xml version="1.0" encoding="UTF-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=301879
-->
<configuration>
<configSections>
<section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
<connectionStrings>
<add name="TestConnectionString" connectionString="Data Source=localhost;Initial Catalog=clinical;Persist Security Info=True; Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.diagnostics>
<trace autoflush="true" useGlobalLock="false" />
<sharedListeners>
<!--
Writing trace output to a log file is recommended.
IMPORTANT:
The user account under which the containing application pool runs
must have privileges to create and modify the trace log file.
-->
<add name="TraceFile"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log"
traceOutputOptions="DateTime" />
</sharedListeners>
<sources>
<!-- Provides diagnostic information on module configuration parameters. -->
<source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. -->
<source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides protocol message and routing information. -->
<source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides details on security operations and notable security conditions. -->
<source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" >
<listeners>
<add name="TraceFile" />
</listeners>
</source>
</sources>
<switches>
<!--
Set trace switches to appropriate logging level. Recommended values in order of increasing verbosity:
- Off
- Error
- Warning
- Information
- Verbose
-->
<!--
Config category displays detailed information about CasAuthenticationModule configuration.
The output of this category is only displayed when the module is initialized, which happens
for the first request following application/server startup.
-->
<add name="Config" value="Verbose"/>
<!--
Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule.
This category produces voluminous output in Verbose mode and should be avoided except for
limited periods of time troubleshooting vexing integration problems.
-->
<add name="HttpModule" value="Verbose"/>
<!--
Set to Verbose to display protocol messages between the client and server.
This category is very helpful for troubleshooting integration problems.
-->
<add name="Protocol" value="Verbose"/>
<!--
Displays important security-related information.
-->
<add name="Security" value="Verbose"/>
</switches>
</system.diagnostics>
<system.web>
<authentication mode="Forms">
<forms name=".DotNetCasClientAuth" loginUrl="https://cas.server.com/cas/login" timeout="30" cookieless="UseCookies" defaultUrl="~/Default.aspx" path="/" />
</authentication>
<customErrors mode="Off" />
<compilation targetFramework="4.7.1" debug="true">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<httpRuntime targetFramework="4.7.1" />
<httpModules>
<add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
</httpModules>
<authorization>
<allow users = "*" />
</authorization>
<roleManager enabled="true" defaultProvider="AspNetReadOnlyXmlRoleProvider">
<providers>
<add name="AspNetReadOnlyXmlRoleProvider" type="DotNetCasClient.Security.ReadOnlyXmlRoleProvider" xmlFileName="~/App_Data/UserRoles.xml"/>
</providers>
</roleManager>
<siteMap enabled="true">
<providers>
<clear/>
<add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider"/>
</providers>
</siteMap>
<pages enableEventValidation="false" >
<controls>
<add tagPrefix="cas" tagName="CookieViewer" src="~/Controls/CookieViewer.ascx"/>
<add tagPrefix="cas" tagName="TicketManager" src="~/Controls/TicketManager.ascx"/>
</controls>
</pages>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<remove value="iisstart.htm" />
<remove value="index.htm" />
<remove value="index.html" />
<remove value="Default.asp" />
<remove value="Default.htm" />
<add value="index.aspx" />
</files>
</defaultDocument>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules>
<remove name="TelemetryCorrelationHttpModule" />
<remove name="DotNetCasClient" />
<add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" preCondition="integratedMode,managedHandler" />
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
<rewrite>
<rules>
<rule name="HTTPS redirect" enabled="false">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFFS" />
</conditions>
<action type="Rewrite" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" />
<bindingRedirect oldVersion="0.0.0.0-4.0.2.1" newVersion="4.0.2.1" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.4.0" newVersion="5.2.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\"Web\" /optionInfer+" />
</compilers>
</system.codedom>
<casClientConfig casServerLoginUrl="https://cas.server.com/cas/login" casServerUrlPrefix="https://cas.server.com/cas/" serverName="https://mywebsite.com/" redirectAfterValidation="true" renew="false" singleSignOut="true" ticketTimeTolerance="5000" ticketValidatorName="Cas20" serviceTicketManager="CacheServiceTicketManager" />
</configuration>
我通过更改应该生成日志的位置来让日志工作。重定向循环是由 403 forbidden 错误引起的。经过调查,我发现我连接的 CAS 服务器不允许通过端口 443 与我通信,因为该端口已被阻止。端口一打开,CAS就开始工作了。
对于可能遇到同样问题的其他人,我可以通过查看表单部分的 defaultUrl 来解决它。确保此 url 不受 CAS 保护,否则会导致无限重定向循环。
还要确保您的网络服务器上启用了 TLS 1.0 and/or TLS 1.1。如果不是(此时出于安全原因应禁用它们并且仅使用 TLS 1.2),您可以尝试通过在 Global.asax.cs 方法 [=17= 中添加以下代码来强制应用程序的所有请求使用 TLS 1.2 ]:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;