堆栈内存溢出
  简体   繁体   English

Azure AD B2C 容易受到 Open Redirect 的攻击?

[英]Azure AD B2C vulnerable to Open Redirect?

 原文  2018-01-19 12:04:32       azure/ redirect/ logout/ azure-ad-b2c

问题描述

I am using OWIN & OpenId to authenticate users for my web application using Azure AD B2C, the Startup.Auth.cs has code like so :我正在使用 OWIN 和 OpenId 使用 Azure AD B2C 对我的 Web 应用程序的用户进行身份验证,Startup.Auth.cs 具有如下代码:

app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                 MetadataAddress = string.Format(AadInstance, Tenant, policy),
                AuthenticationType = policy,
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = postLogoutRedirectUri,
                Notifications = new OpenIdConnectAuthenticationNotifica....

On signout, it causes a redirect to the postLogoutRedirectUrl like so在注销时,它会像这样导致重定向到 postLogoutRedirectUrl

https://login.microsoftonline.com/MY_TENANT/oauth2/logout?p=my_policy&post_logout_redirect_uri=https%3A%2F%2Fgoogle.com%2F https://login.microsoftonline.com/MY_TENANT/oauth2/logout?p=my_policy&post_logout_redirect_uri=https%3A%2F%2Fgoogle.com%2F

The post logout redirect URI is present in the redirect Uri in the portal.登出后重定向 URI 存在于门户的重定向 URI 中。

If I stop the browser and change the post logout uri in the address bar to https%3A%2F%2Fevil.com%2F, the redirect happens properly even though this url https://evil.com/ is not in the allowed redirect uri.如果我停止浏览器并将地址栏中的 post logout uri 更改为 https%3A%2F%2Fevil.com%2F,即使此 url https://evil.com/不在允许的重定向中,重定向也会正确发生里。

Why is AD B2C not stopping the redirect ?为什么 AD B2C 不停止重定向? is this not open to vulnerability ?这不是对漏洞开放吗?

2 个解决方案

解决方案1
 5 已采纳  2018-01-19 15:12:36

When you sign in using Azure AD B2C, the B2C service sends a token to the "redirect_uri" (the app).使用 Azure AD B2C 登录时,B2C 服务会向“redirect_uri”(应用)发送一个令牌。 Since a token needs to remain secure, the B2C service asks you to whitelist the URL's where it should send the token to.由于令牌需要保持安全,B2C 服务要求您将应将令牌发送到的 URL 列入白名单。

When you are signing out, nothing secure is being transmitted from the B2C service back to the app.当您退出时,B2C 服务不会将任何安全信息传输回应用程序。 Therefore, even if a user is redirected to a malicious site, nothing secure is lost.因此,即使用户被重定向到恶意站点,也不会丢失任何安全内容。

解决方案2
 2  2020-02-21 21:02:32

You can change this behavior to force Azure AD B2C to only process the logout re-direct if a valid ID token is passed in as a parameter in the sign out request.您可以更改此行为以强制 Azure AD B2C 仅在有效 ID 令牌作为注销请求中的参数传入时才处理注销重定向。 To get B2C to automatically include the ID token, and check for its existence, simply edit your sign-in / sign-up policy within the Azure Portal, ie:要让 B2C 自动包含 ID 令牌并检查其是否存在,只需在 Azure 门户中编辑您的登录/注册策略,即:

在此处输入图片说明

Alternatively, if you are using custom policies, you can add the SingleSignOn element to the UserJourneyBehaviors section, and set the EnforceIdTokenHintOnLogout to true, ie:或者,如果您使用自定义策略,您可以将SingleSignOn元素添加到UserJourneyBehaviors部分,并将EnforceIdTokenHintOnLogout设置为 true,即:

<UserJourneyBehaviors>
     <SingleSignOn Scope="Tenant" EnforceIdTokenHintOnLogout="true" />

</UserJourneyBehaviors>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure AD B2C ASP.NET 重定向循环 - Azure AD B2C ASP.NET redirect loop Azure AD B2C 门户不会保存我的重定向 uri - Azure AD B2C portal will not save my redirect uri Azure AD B2C 与 MSAL 更改重定向 url 成功 - Azure AD B2C with MSAL change redirect url on success Azure 无法识别 AD B2C 用户登录重定向 URI - Azure AD B2C user login redirect URI not recognized 面向用户的 Azure AD 和 Azure B2C - Azure AD and Azure B2C for users Azure AD B2C编辑属性 - Azure AD B2C edit attributes 删除 Azure B2C AD 租户 - Delete Azure B2C AD Tenant Azure AD B2C中的自定义策略 - Custom policies in Azure AD B2C Azure AD B2C 创建租户 - Azure AD B2C Create Tenant Azure AD B2C 策略使用 - Azure AD B2C policy usage
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM