使用 Azure 应用服务和 Facebook 身份配置 ASP.NET 核心 Web 应用程序时出错
Error configuring ASP.NET Core web application with Azure App service and Facebook identity
我的 ASP.Net Core 2.2 应用程序的 "Facebook external login setup" 在我的本地计算机上运行,但在 Azure 应用程序服务上运行不正常。当应用程序重定向到 facebook 时,我收到 You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https:// 错误。但是,我已经在 facebook 配置下设置了我的应用程序的安全 url=> "Valid OAuth Redirect URIs"(请参见下面的屏幕截图)。
我错过了什么?
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
.............
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseForwardedHeaders();
}
故障排除输出基于 this link:
Header: "X-Client-IP": ["76.187.198.247"]
Header: "X-Client-Port": ["51335"]
Header: "Upgrade-Insecure-Requests": ["1"]
Header: "DNT": ["1"]
Header: "X-WAWS-Unencoded-URL": ["/Identity/Account/Login"]
Header: "CLIENT-IP": ["76.187.198.247:51335"]
Header: "X-ARR-LOG-ID": ["3b69d760-03e7-4199-bec4-38ff77055413"]
Header: "DISGUISED-HOST": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-SITE-DEPLOYMENT-ID": ["SimplerProductsScrubber"]
Header: "WAS-DEFAULT-HOSTNAME": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-Original-URL": ["/Identity/Account/Login"]
Header: "X-Forwarded-For": ["76.187.198.247:51335"]
Header: "X-ARR-SSL": ["2048|256|C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=*.azurewebsites.net"]
Header: "X-Forwarded-Proto": ["https"]
Header: "X-AppService-Proto": ["https"]
Request RemoteIp: "::ffff:172.16.1.1"
Request Method: "GET"
Request Scheme: "http"
Request Path: "/Identity/Account/Login"
Header: "Connection": ["close"]
Header: "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"]
Header: "Accept-Encoding": ["gzip, deflate, br"]
Header: "Accept-Language": ["en-US,en;q=0.9"]
Header: "Cookie": ["ARRAffinity=152c130e21c95ce31be52418aed58ed4a1114b560e108246b2120e2d4dbf27ee; .AspNetCore.Antiforgery.nixphHDAMN4=CfDJ8G1Jn3njIA5IoKC-W8RHjabWwnkwCrPq4ZnU7-ZRlTXbuf8kfpKPQACS5HEylcqol59j-9GJ4AzKFgirMIn8yclO5QSucBnlED9aKjQgAlRrkuZmIZeu8VKT9oOA1V_dvEpjhDoqKxxWrRpfVwST6hU"]
Header: "Host": ["simplerproductsscrubber.azurewebsites.net"]
Header: "Max-Forwards": ["10"]
Header: "Referer": ["https://simplerproductsscrubber.azurewebsites.net/Dashboard"]
Header: "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"]
Facebook 配置:显示我的网站配置为 https 的有效 OAuth 重定向 URI:
在facebook developer中,你用appId和appSecret注册了一个应用,并且在本地测试的很好。将网站发布到 Azure 网络应用程序后,您应该在 Facebook 开发人员门户中重置 AppSecret。
根据您的描述,您在 FaceBook API OAUTH 屏幕中设置的 OAUTH URL 似乎与您尝试用作 OAUTH 的 url 不匹配。
将以下 URL 添加到 Valid OAuth redirect URIs 字段:https://yourwebsite.azurewebsites.net/auth/facebook/callback 其中 yoursite.com 是您的域。并将 ssl 证书添加到您的 azure 网站。
对我有用的是 here 中记录的解决方案。还需要在 Microsoft Azure 中添加 ASPNETCORE_FORWARDEDHEADERS_ENABLED=true 应用程序设置。
// 配置服务
if (string.Equals("true", hostingContext.Configuration["ForwardedHeaders_Enabled"], StringComparison.OrdinalIgnoreCase))
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// Only loopback proxies are allowed by default. Clear that restriction because forwarders are
// being enabled by explicit configuration.
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
}
我的 ASP.Net Core 2.2 应用程序的 "Facebook external login setup" 在我的本地计算机上运行,但在 Azure 应用程序服务上运行不正常。当应用程序重定向到 facebook 时,我收到 You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https:// 错误。但是,我已经在 facebook 配置下设置了我的应用程序的安全 url=> "Valid OAuth Redirect URIs"(请参见下面的屏幕截图)。
我错过了什么?
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
.............
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseForwardedHeaders();
}
故障排除输出基于 this link:
Header: "X-Client-IP": ["76.187.198.247"]
Header: "X-Client-Port": ["51335"]
Header: "Upgrade-Insecure-Requests": ["1"]
Header: "DNT": ["1"]
Header: "X-WAWS-Unencoded-URL": ["/Identity/Account/Login"]
Header: "CLIENT-IP": ["76.187.198.247:51335"]
Header: "X-ARR-LOG-ID": ["3b69d760-03e7-4199-bec4-38ff77055413"]
Header: "DISGUISED-HOST": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-SITE-DEPLOYMENT-ID": ["SimplerProductsScrubber"]
Header: "WAS-DEFAULT-HOSTNAME": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-Original-URL": ["/Identity/Account/Login"]
Header: "X-Forwarded-For": ["76.187.198.247:51335"]
Header: "X-ARR-SSL": ["2048|256|C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=*.azurewebsites.net"]
Header: "X-Forwarded-Proto": ["https"]
Header: "X-AppService-Proto": ["https"]
Request RemoteIp: "::ffff:172.16.1.1"
Request Method: "GET"
Request Scheme: "http"
Request Path: "/Identity/Account/Login"
Header: "Connection": ["close"]
Header: "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"]
Header: "Accept-Encoding": ["gzip, deflate, br"]
Header: "Accept-Language": ["en-US,en;q=0.9"]
Header: "Cookie": ["ARRAffinity=152c130e21c95ce31be52418aed58ed4a1114b560e108246b2120e2d4dbf27ee; .AspNetCore.Antiforgery.nixphHDAMN4=CfDJ8G1Jn3njIA5IoKC-W8RHjabWwnkwCrPq4ZnU7-ZRlTXbuf8kfpKPQACS5HEylcqol59j-9GJ4AzKFgirMIn8yclO5QSucBnlED9aKjQgAlRrkuZmIZeu8VKT9oOA1V_dvEpjhDoqKxxWrRpfVwST6hU"]
Header: "Host": ["simplerproductsscrubber.azurewebsites.net"]
Header: "Max-Forwards": ["10"]
Header: "Referer": ["https://simplerproductsscrubber.azurewebsites.net/Dashboard"]
Header: "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"]
Facebook 配置:显示我的网站配置为 https 的有效 OAuth 重定向 URI:
在facebook developer中,你用appId和appSecret注册了一个应用,并且在本地测试的很好。将网站发布到 Azure 网络应用程序后,您应该在 Facebook 开发人员门户中重置 AppSecret。
根据您的描述,您在 FaceBook API OAUTH 屏幕中设置的 OAUTH URL 似乎与您尝试用作 OAUTH 的 url 不匹配。
将以下 URL 添加到 Valid OAuth redirect URIs 字段:https://yourwebsite.azurewebsites.net/auth/facebook/callback 其中 yoursite.com 是您的域。并将 ssl 证书添加到您的 azure 网站。
对我有用的是 here 中记录的解决方案。还需要在 Microsoft Azure 中添加 ASPNETCORE_FORWARDEDHEADERS_ENABLED=true 应用程序设置。
// 配置服务
if (string.Equals("true", hostingContext.Configuration["ForwardedHeaders_Enabled"], StringComparison.OrdinalIgnoreCase))
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// Only loopback proxies are allowed by default. Clear that restriction because forwarders are
// being enabled by explicit configuration.
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
}