[英]ASP.NET CORE 3.1: Azure AD Authentication fails in EDGE. Infinite redirect loops and page reloads during authentication
I have no issues with chrome.我对铬没有任何问题。 It is the edge browser where I am facing issues.这是我面临问题的边缘浏览器。 I have tried to clear the cache.我试图清除缓存。 Deleted cookies.删除了 cookies。 Reset the browser.重置浏览器。 Nothing worked.没有任何效果。 I keep getting infinite loop on login.我在登录时不断收到无限循环。 And it eventually fails with message "We couldn't sign you in. Please try again."它最终失败并显示消息“我们无法让您登录。请重试。” . . Any help is appreciated.任何帮助表示赞赏。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
{
Console.WriteLine("intercepted");
};
});
var azureAd = new AzureAd();
Configuration.GetSection("AzureAd").Bind(azureAd);
services.AddControllersWithViews();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
var url = "https://abc.xyz.com/platform/signin-oidc";
//var url = "https://localhost:5001/platform/signin-oidc";
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async context =>
{
context.ProtocolMessage.RedirectUri = url;
//context.Response.Headers.Add("Referrer-Policy", "no-referrer");
await Task.FromResult(0);
}
};
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCors("CorsPolicy");
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
//app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "platform",
pattern: "/platform/{controller=Home}/{action=Index}/{id?}");
});
}
EDIT编辑
I do see this in networks tab in developer tools:我确实在开发人员工具的网络选项卡中看到了这一点:
The issue was because the token sent back by the AD is stored in a cookie.问题是因为 AD 发回的令牌存储在 cookie 中。 And the cookie was blocked because it did not have secure attribute.并且 cookie 被阻止,因为它没有安全属性。
It did not have secure attribute because the application deployed on Kubernetes Cluster and the communication was http instead of https between front door and the application.它没有安全属性,因为应用程序部署在 Kubernetes 集群上,并且前门和应用程序之间的通信是 http 而不是 https。 So in order to force secure cookies I had to add the following inside public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
:因此,为了强制安全 cookies 我必须在public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
中添加以下内容:
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.Use(async (context, next) =>
{
if (context.Request.Host.Host.ToLower() != "localhost")
context.Request.Scheme = "https";
await next.Invoke();
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.