Chr*_*isO 5 asp.net-mvc asp.net-core identityserver4
我正在尝试在我的 MVC 应用程序上实现一个自定义登录按钮,该按钮将定向到 IdentityServer 进行登录,然后重定向回我的 MVC 应用程序。
要做到这一点,我使用的Microsoft.AspNetCore.Authentication.ChallengeAsync扩展方法对HttpContext我的Account/Login行动
public Task Login()
{
return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
}
请求被定向到 IDP 上的授权端点,用户可以登录并且请求被重定向到我的 MVC 应用程序上的 signin-oidc。正是在这一点上,signin-oidc 调用Account/Login动作并开始无限循环。
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action methodLanding.Controllers.AccountController.Login (Landing) with arguments ((null)) - ModelState is Valid
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[12]
AuthenticationScheme: OpenIdConnect was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action Landing.Controllers.AccountController.Login (Landing) in 11.9704ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 23.4211ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST https://localhost:4500/signin-oidc application/x-www-form-urlencoded 1488
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
AuthenticationScheme: Cookies signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 10.4219ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET https://localhost:4500/Account/Login
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action methodLanding.Controllers.AccountController.Login (Landing) with arguments ((null)) - ModelState is Valid
我假设 signin-oidc 无法保存 cookie 并且假设登录不成功。MVC 应用程序的相关配置如下所示
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Constants.Authority;
options.RequireHttpsMetadata = true;
options.ClientId = "mvc";
options.SaveTokens = true;
});
在 IDP 上,客户端是这样注册的
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
RedirectUris = { "https://localhost:4500/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:4500/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
},
}
我怎样才能让这个流程ChallengeAsync正常工作?
对于将来看到此内容的任何人:ChallengeAsync 的过载允许您传入您希望 signin-oidc 在成功登录后将用户发送到的 redirectUrl。一旦设置,就不会发生无限重定向。
return HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
{
RedirectUri = "/",
});
| 归档时间: |
|
| 查看次数: |
6582 次 |
| 最近记录: |