[英]IdentityServer3 with Windows Authentication fails with redirect to IdpReplyUrl
I am trying to implement IdentityServer using Windows Authentication in an ASP.NET OWIN application.我正在尝试在 ASP.NET OWIN 应用程序中使用 Windows 身份验证来实现 IdentityServer。
I have used the WebHost (WindowsAuth) code at https://github.com/IdentityServer/IdentityServer3.Samples to prove the concept and it works.我在https://github.com/IdentityServer/IdentityServer3.Samples使用了 WebHost (WindowsAuth) 代码来证明这个概念并且它有效。 However, when I try to use the same principles with my own IdentityServer implementation it doesn't work.
但是,当我尝试在自己的 IdentityServer 实现中使用相同的原理时,它不起作用。 I've replicated, I hope, the sample exactly.
我希望准确地复制了样本。
The IdentityServer home page displays correctly. IdentityServer 主页正确显示。 The WindowsAuthentication app responds with the metadata xml correctly.
WindowsAuthentication 应用正确响应元数据 xml。 The discovery document displays correctly.
发现文档正确显示。 However, when I try to access the permissions page, I get redirected to the route I've specified in the WindowsAuthentication
IdpReplyUrl
: http://localhost:55567/was
and that's it.但是,当我尝试访问权限页面时,我被重定向到我在 WindowsAuthentication
IdpReplyUrl
中指定的路由: http://localhost:55567/was
就是这样。 In the sample, I reach an empty permissions page, but I know the auth has worked as it shows my username in the title bar.在示例中,我到达了一个空的权限页面,但我知道身份验证已经工作,因为它在标题栏中显示了我的用户名。
Looking into the logging (see below) it ends with a 401, which I thought was the answer, however the successful authentication also has this line.查看日志记录(见下文),它以 401 结尾,我认为这是答案,但是成功的身份验证也有这一行。
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 [2021-01-07T10:50:16.2766069Z] Request received, Method=GET, Url=http://localhost:53731/permissions, Id=061c1ec0-df33-4137-9eb1-9366c5c9b09b, Message='http://localhost:53731/permissions'
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 Permissions page requested
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 User not authenticated, redirecting to login
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 Redirecting to login page
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 Protecting message: {"ReturnUrl":"http://localhost:53731/permissions","AcrValues":[],"Created":637456134164505256}
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 [2021-01-07T10:50:16.5320969Z] Sending response, Status=302 (Redirect), Method=GET, Url=http://localhost:53731/permissions, Id=061c1ec0-df33-4137-9eb1-9366c5c9b09b, Message='Content-type='none', content-length=unknown'
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 [2021-01-07T10:50:16.5580994Z] Request received, Method=GET, Url=http://localhost:53731/login?signin=815bf7d8b26092659af9966b10eab111, Id=eec1429b-0162-44c1-be75-99316e56e995, Message='http://localhost:53731/login?signin=815bf7d8b26092659af9966b10eab111'
MyApp.Authentication.UserServices.Windows.WindowsUserService DEBUG 2021-01-07 10:50:16 Initialising MyApp user service
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 Login page requested
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 signin message passed to login: {
"ReturnUrl": "http://localhost:53731/permissions",
"ClientId": null,
"IdP": null,
"Tenant": null,
"LoginHint": null,
"DisplayMode": null,
"UiLocales": null,
"AcrValues": [],
"Created": 637456134164505256
}
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 local login disabled for the client
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 only one provider for client
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:16 redirecting to provider URL: http://localhost:53731/external?provider=windows&signin=815bf7d8b26092659af9966b10eab111
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 [2021-01-07T10:50:16.8326786Z] Sending response, Status=302 (Redirect), Method=GET, Url=http://localhost:53731/login?signin=815bf7d8b26092659af9966b10eab111, Id=eec1429b-0162-44c1-be75-99316e56e995, Message='Content-type='none', content-length=unknown'
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:16 [2021-01-07T10:50:16.8649835Z] Request received, Method=GET, Url=http://localhost:53731/external?provider=windows&signin=815bf7d8b26092659af9966b10eab111, Id=584d06ea-8cd0-4974-90e5-2b53ef202910, Message='http://localhost:53731/external?provider=windows&signin=815bf7d8b26092659af9966b10eab111'
MyApp.Authentication.UserServices.Windows.WindowsUserService DEBUG 2021-01-07 10:50:16 Initialising MyApp user service
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:17 External login requested for provider: windows
IdentityServer3.Core.Logging.LoggerExecutionWrapper INFO 2021-01-07 10:50:17 Triggering challenge for external identity provider
IdentityServer3.Core.Logging.LoggerExecutionWrapper DEBUG 2021-01-07 10:50:17 [2021-01-07T10:50:17.1793712Z] Sending response, Status=401 (Unauthorized), Method=GET, Url=http://localhost:53731/external?provider=windows&signin=815bf7d8b26092659af9966b10eab111, Id=584d06ea-8cd0-4974-90e5-2b53ef202910, Message='Content-type='none', content-length=unknown'
Any suggestions are warmly received.任何建议都会受到热烈欢迎。
I've enabled logging on the WindowsAuthentication app and that appears to be working:我已经启用了 WindowsAuthentication 应用程序的登录,这似乎正在工作:
Start WS-Federation request
User is anonymous. Triggering authentication
Start WS-Federation request
Sign-in request
Creating WS-Federation signin response
Using primary SID as subject
Emitting WindowsAccountName as name claim
This was because I had set the IdpReplyUrl
incorrectly.这是因为我错误地设置了
IdpReplyUrl
。 It must be set to the address of the 'main' IdentityServer host, I had it set to the Windows authentication host:它必须设置为“主” IdentityServer 主机的地址,我将其设置为 Windows 身份验证主机:
IdpReplyUrl = "https://idserverapp/was"
not IdpReplyUrl = "https://windowsauthapp/was"
IdpReplyUrl = "https://idserverapp/was"
不是IdpReplyUrl = "https://windowsauthapp/was"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.