通过 OWIN 中间件的 Azure OpenID 连接导致无限重定向循环
[英]Azure OpenID Connect via OWIN Middleware resulting in Infinite Redirect Loop
问题描述
I have setup OpenID Connect authentication in my ASP.NET MVC application using OWIN Middleware.
我已经使用 OWIN 中间件在我的 ASP.NET MVC 应用程序中设置了 OpenID Connect 身份验证。
As this Fiddler output shows, once successfully logging in via Azure OpenID Connect, the browser continually loops back and forth between my site.azurewebsites.net and login.windows.net.正如此 Fiddler 输出所示,一旦通过 Azure OpenID Connect 成功登录,浏览器就会不断在我的 site.azurewebsites.net 和 login.windows.net 之间来回循环。
I have ensured following keys are correctly matching Azure AD information我已确保以下键正确匹配 Azure AD 信息
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:Tenant" value="******.onmicrosoft.com" />
<add key="ida:ClientId" value="*******" />
<add key="ida:PostLogoutRedirectUri" value="*********" />
And my Start.cs code is as follows而我的 Start.cs 代码如下
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
IAuthorizationService authorizationService = new AuthorizationService();
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
ExpireTimeSpan =TimeSpan.FromMinutes(15)
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri}
});
}
}
Not sure what is causing this to constantly redirect.不知道是什么导致这个不断重定向。 I have placed an [Authorize] attribute on the MVC Controller where Post Authentication Redirect Url goes.我已经在 MVC 控制器上放置了一个[Authorize]属性,其中 Post Authentication Redirect Url 去。
5 个解决方案
解决方案1
4 2019-03-08 19:06:42
I ran into this issue last night in an ASP.NET Framework 4.5.1 MVC app.我昨晚在 ASP.NET Framework 4.5.1 MVC 应用程序中遇到了这个问题。 There were two issues for me.对我来说有两个问题。
Trying to access the site using HTTP instead of HTTPS
尝试使用 HTTP 而不是 HTTPS 访问站点- I have localhost, dev, and test (and prod of course) environments running under HTTPS so I didn't have to worry about handling HTTP locally.我有 localhost、dev 和 test(当然还有 prod)环境在 HTTPS 下运行,所以我不必担心在本地处理 HTTP。 I have HSTS running everywhere and that solved this problem.我到处都在运行 HSTS,这解决了这个问题。 See Best way in asp.net to force https for an entire site?请参阅asp.net 中强制使用 https 整个站点的最佳方式? for additional info.了解更多信息。
- I have localhost, dev, and test (and prod of course) environments running under HTTPS so I didn't have to worry about handling HTTP locally.
Cookie overwriting as described here https://github.com/aspnet/AspNetKatana/wiki/System.Web-response-cookie-integration-issues
此处描述的 Cookie 覆盖https://github.com/aspnet/AspNetKatana/wiki/System.Web-response-cookie-integration-issues- What worked for me was the Reconfigure the CookieAuthenticationMiddleware to write directly to System.Web's cookie collection fix combined with Katana 3.1.0 has several implementations of ICookieManager available.对我有用的是重新配置 CookieAuthenticationMiddleware 以直接写入 System.Web 的 cookie 集合修复程序,结合Katana 3.1.0 有几个可用的 ICookieManager 实现。 Older versions can use the following fix.旧版本可以使用以下修复程序。
- What worked for me was the Reconfigure the CookieAuthenticationMiddleware to write directly to System.Web's cookie collection fix combined with Katana 3.1.0 has several implementations of ICookieManager available.
I was a "I tried everything but nothing works" dev until I found that fix.我是一个“我尝试了一切,但没有任何效果”的开发人员,直到我找到了解决办法。 Hopefully that works for you too.希望这也适用于您。
解决方案2
1 2014-12-18 04:55:42
what is happening here is related to what JuneT noticed.这里发生的事情与 JuneT 注意到的有关。 This is related to the default on CookieAuthenticationOptions.CookieSecure == CookieSecureOption.SameAsRequest.这与 CookieAuthenticationOptions.CookieSecure == CookieSecureOption.SameAsRequest 的默认值有关。 Since you started at http, the final redirect is to http.因为你是从 http 开始的,所以最后的重定向是到 http。 The request that created the 'authcookie' was https from AAD.创建“authcookie”的请求是来自 AAD 的 https。
I was able to get this working by setting CookieSecure == CookieSecureOption.Always.我能够通过设置 CookieSecure == CookieSecureOption.Always 来实现这一点。 This means that cookie could leak along with your auth.这意味着 cookie 可能会与您的身份验证一起泄漏。
Is there must be a way to ensure that pages that auth only will accept connections on https.是否必须有一种方法来确保 auth 页面只接受 https 上的连接。
解决方案3
1 2020-03-29 05:07:33
To resolve this issue: you can upgrade your application to use ASP.NET Core.要解决此问题:您可以升级应用程序以使用 ASP.NET Core。 If you must continually stay on ASP.NET, perform the following: Update your application's Microsoft.Owin.Host.SystemWeb package be at least version.如果您必须继续使用 ASP.NET,请执行以下操作: 将您的应用程序的 Microsoft.Owin.Host.SystemWeb 包更新为至少版本。 Modify your code to use one of the new cookie manager classes, for example something like the following:修改您的代码以使用新的 cookie 管理器类之一,例如如下所示:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
解决方案4
0 2016-10-25 19:30:25
Fixed this issue by ensuring that request is using https BEFORE redirecting to Azure通过确保请求在重定向到 Azure 之前使用 https 来解决此问题
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = AppConfig.ClientId,
Authority = AppConfig.Authority,
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = context =>
{
if (context.ProtocolMessage.RequestType == OpenIdConnectRequestType.AuthenticationRequest)
{
// ensure https before redirecting to Azure
if (!context.Request.IsSecure)
{
context.Response.Redirect(string.Format("https://{0}{1}", context.Request.Uri.Authority, context.Request.Uri.AbsolutePath));
context.HandleResponse();
return Task.FromResult(0);
}
}
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect(AppConfig.RedirectUri + "SignInError?message=" + context.Exception.Message);
return Task.FromResult(0);
},
},
});
解决方案5
0 2017-02-17 05:59:29
I faced the same issue and fixed it by using nuget package kentor.owincookiesaver .我遇到了同样的问题并使用 nuget 包kentor.owincookiesaver修复了它。 Use code as below:-使用代码如下:-
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseKentorOwinCookieSaver();//Workaround for infinite loop between webapp & login page
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignUpPolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ProfilePolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.