来自 MVC 应用程序重定向循环的 Azure AD 登录
Azure AD Signin from MVC App Redirect Loop
我读了很多 post,在验证时都归结为 Cookie。但是,当我在登录后直接遇到重定向循环时,它会影响任何登录的客户端,而不仅仅是特定的 PC。
我已经尽我所能,我可以 post 我所做的一切,但我不明白如果它发生在所有用户身上怎么会是一个 cookie 问题。所以这一刻它起作用了,下一刻由于重定向循环而没有人可以登录。
从逻辑上讲,它一定与身份验证 cookie 有关,但它怎么会同时影响每个人?
这不是 Azure 中可能导致问题的东西吗?似乎必须如此?
任何想法都将不胜感激,因为我现在收到来自客户的大量批评:(
这是我的startup.auth 如果它有帮助的话
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
// Concatenate aadInstance, tenant to form authority value
private string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
// ConfigureAuth method
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
//Enable the application to use a cookie to store information for the signed in user
//and to use a cookie to temporarily store information about a user logging in with a third party login provider
//Configure the sign in cookie
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// LoginPath = new PathString("/Account/Login"),
// Provider = new CookieAuthenticationProvider
// {
// // Enables the application to validate the security stamp when the user logs in.
// // This is a security feature which is used when you change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: TimeSpan.FromMinutes(30),
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
// },
// CookieSecure = CookieSecureOption.Always
//});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "Local_Login",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
//CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true
});
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.OwinContext.Response.Redirect("/Account/Login");
return Task.FromResult(0);
}
}
});
} // end - ConfigureAuth method
经过许多小时和数个深夜,我终于找到了解决方案。
所以根据我的理解,在某些时候 'MVC' cookie(我认为是 application.cookie)和 Azure AD cookie(我认为是 aspnet.cookie)互相删除,由于微软内部的一个错误,这个问题已经存在很多年了,但一直没有修复。那么发生了什么,你已经登录到 Azure AD 并且 auth cookie 说你现在已经通过身份验证,但是当点击控制器时,'MVC' cookie(如 post 中所说)说你未通过身份验证,因此重定向回 Azure AD 登录,但看到您已通过 Azure AD 进行身份验证,因此无限循环继续。
我看到很多人提到 Kentor Cookie Saver 并且它有帮助,一两个人说它没有,但我决定试一试,并且在过去的 2- 3天了,肯定有用。
这是我使用的link:Kentor Cookie Saver
我希望这有助于或引导某人朝着正确的方向前进。
干杯!
我读了很多 post,在验证时都归结为 Cookie。但是,当我在登录后直接遇到重定向循环时,它会影响任何登录的客户端,而不仅仅是特定的 PC。
我已经尽我所能,我可以 post 我所做的一切,但我不明白如果它发生在所有用户身上怎么会是一个 cookie 问题。所以这一刻它起作用了,下一刻由于重定向循环而没有人可以登录。
从逻辑上讲,它一定与身份验证 cookie 有关,但它怎么会同时影响每个人?
这不是 Azure 中可能导致问题的东西吗?似乎必须如此?
任何想法都将不胜感激,因为我现在收到来自客户的大量批评:(
这是我的startup.auth 如果它有帮助的话
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
// Concatenate aadInstance, tenant to form authority value
private string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
// ConfigureAuth method
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
//Enable the application to use a cookie to store information for the signed in user
//and to use a cookie to temporarily store information about a user logging in with a third party login provider
//Configure the sign in cookie
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// LoginPath = new PathString("/Account/Login"),
// Provider = new CookieAuthenticationProvider
// {
// // Enables the application to validate the security stamp when the user logs in.
// // This is a security feature which is used when you change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: TimeSpan.FromMinutes(30),
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
// },
// CookieSecure = CookieSecureOption.Always
//});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "Local_Login",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
//CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true
});
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.OwinContext.Response.Redirect("/Account/Login");
return Task.FromResult(0);
}
}
});
} // end - ConfigureAuth method
经过许多小时和数个深夜,我终于找到了解决方案。
所以根据我的理解,在某些时候 'MVC' cookie(我认为是 application.cookie)和 Azure AD cookie(我认为是 aspnet.cookie)互相删除,由于微软内部的一个错误,这个问题已经存在很多年了,但一直没有修复。那么发生了什么,你已经登录到 Azure AD 并且 auth cookie 说你现在已经通过身份验证,但是当点击控制器时,'MVC' cookie(如 post 中所说)说你未通过身份验证,因此重定向回 Azure AD 登录,但看到您已通过 Azure AD 进行身份验证,因此无限循环继续。
我看到很多人提到 Kentor Cookie Saver 并且它有帮助,一两个人说它没有,但我决定试一试,并且在过去的 2- 3天了,肯定有用。
这是我使用的link:Kentor Cookie Saver
我希望这有助于或引导某人朝着正确的方向前进。
干杯!