DaI*_*mTo 6 c# oauth asp.net-core-mvc identityserver4
我有一个Asp .net核心MVC应用程序。哪个连接到Identity Server 4进行身份验证。托管在Docker群中
MVC应用托管在https:// XXXXXXX上
配置服务
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
//options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\temp-keys\"));
// when the identity has been created from the data we receive,
// persist it with this authentication scheme, hence in a cookie
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// Identity server endpoint
options.Authority = settingsSetup.IdentityServerEndpoint;
// Client id to login with
options.ClientId = settingsSetup.ClientId;
// Client secret.
options.ClientSecret = settingsSetup.Secret;
// Scope of our API
options.Scope.Add("testapi");
options.Scope.Add("devconsole");
// adding offline_access to get a refresh token
options.Scope.Add("offline_access");
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
});
当我尝试运行该应用程序时,出现重定向uri Miss Match错误。
Invalid redirect_uri: http://developerconsole.XXXXX.io/signin-oidc
{
"ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
"ClientName": "Developer Console",
"AllowedRedirectUris": [
"http://localhost:55000/signin-oidc",
"http://localhost:55000/auth.html",
"http://localhost:55000/auth-silent.html"
"https://developerconsole.XXXXX.io/signin-oidc"
],
"SubjectId": "21379983",
"RequestedScopes": "",
"Raw": {
"client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
"redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile testapi devconsole offline_access",
"response_mode": "form_post",
"nonce": "636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",
"state": "CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ--u-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N",
"x-client-SKU": "ID_NET",
"x-client-ver": "2.1.4.0"
}
}
该错误即将到来,因为我有 "https://developerconsole.XXXXX.io/signin-oidc"一个重定向uri,而不是"http://developerconsole.XXXXX.io/signin-oidc" 我不想添加HTTP重定向uri 。
为什么我的应用程序构建重定向uri时具有http而不是https?
如果我确实添加了HTTP,则会收到一个烦人的Correlation错误。我认为这是由于服务器自动将http转换为https,因此服务器将其作为https返回。
处理请求时发生未处理的异常。例外:关联失败。Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler + d__12.MoveNext()
堆栈查询cookie标题异常:关联失败。Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler + d__12.MoveNext()System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Authentication.AuthenticationMiddleware + d__6.MoveNext() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务任务)Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware + d__7.MoveNext()
我可能无需提及这在localhost上可以正常工作:/
DaI*_*mTo 11
解决方案非常简单。通过设置UseForwardedHeaders,它现在将所有请求作为HTTPS发送。
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
关联失败。
现在已修复,我不再需要http和https重定向uris。