And*_*urn 6 c# authentication asp.net-mvc infinite-loop openid-connect
问题
我在使用OpenID Connect 3为我正在开发的网站提供授权时遇到问题。
问题是这样的:
第 4 步和第 5 步将永远进行下去……好吧,除了达到 cookie 最大数量的限制之外,一切都会结束。
尝试过的解决方案
经过几天的谷歌搜索后,我尝试了以下方法,但到目前为止没有任何效果对我有用。
Kentor Owin Cookie Fix在 Startup 类中..ConfigureAuth 函数
app.UseKentorOwinCookieSaver();
1 的变体
app.UseKentorOwinCookieSaver(PipelineStage.Authenticate);
替代 cookie 管理器SystemWebCookieManager
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new SystemWebCookieManager()
});
3 SystemWebChunkingCookieManager的变体
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new SystemWebChunkingCookieManager()
});
Global.asa 文件中的会话存根
protected void Session_Start()
{
}
protected void Session_End()
{
}
我确实尝试了其他一些事情,其他开发人员编写了自己的代码来尝试和修复。我有点疯狂,因为似乎没有任何效果。有没有其他人来过这里可以为我提供下一步可以做什么的线索。以下是我的 OpenIdServer 和 MVC 应用程序中的相关代码。
身份服务器配置
using Microsoft.Owin;
using Owin;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using IDServer.Config;
using IdentityServer3.Core.Configuration;
using System.Security.Cryptography.X509Certificates;
[assembly: OwinStartup(typeof(IDServer.Startup))]
namespace IDServer
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.Map("", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServer3.Core.Configuration.IdentityServerOptions
{
SiteName = "Identity Server",
IssuerUri = "https://localhost:44398/embedded",
Factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get()),
SigningCertificate = LoadCertificate(),
RequireSsl = true,
});
});
}
X509Certificate2 LoadCertificate()
{
return new X509Certificate2(
string.Format(@"{0}\Certificates\idsrv3test.pfx",
AppDomain.CurrentDomain.BaseDirectory), "idsrv3test");
}
}
}
服务器上的客户端注册配置
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using IdentityServer3.Core.Models;
namespace IDServer.Config
{
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
Enabled=true,
ClientName = "My Application",
ClientId = "MyApp",
Flow = Flows.Hybrid,
//Flow=Flows.Implicit,
RequireConsent = true,
RedirectUris = new List<string> { "https://localhost:44362/" },
AllowedScopes = new List<string> {"openid"}
}
};
}
}
}
网络应用程序配置
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Diagnostics;
using System.Web;
using Microsoft.Owin.Host.SystemWeb;
using Microsoft.Owin.Infrastructure;
[assembly: OwinStartup(typeof(MyApp.Startup))]
namespace MyApp {
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseKentorOwinCookieSaver();
//app.UseKentorOwinCookieSaver(PipelineStage.Authenticate);
app.SetDefaultSignInAsAuthenticationTypeCookieAuthenticationDefaults
.AuthenticationType);
ICookieManager c = new SystemWebCookieManager();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
//CookieManager = new SystemWebChunkingCookieManager()
//CookieManager = new SystemWebCookieManager()
CookieManager = c
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "MyApp",
Authority = "https://localhost:44398/",
RedirectUri = "https://localhost:44362/",
SignInAsAuthenticationType = "Cookies",
ResponseType = "code id_token",
Scope = "openid",
RequireHttpsMetadata = true,
CallbackPath = new PathString("/home/contact/"),
Notifications = new OpenIdConnectAuthenticationNotifications()
{
MessageReceived = async n =>
{
Debug.Print(n.ProtocolMessage.IdToken);
}
}
}
}
我终于通过将 AutheticationType 设置为 Active 使其正常工作。请参阅下面的片段。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
AuthenticationMode = AuthenticationMode.Active
});