[英]ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
[英]ASP.NET CORE 3.1: Azure AD Authentication fails in EDGE. Infinite redirect loops and page reloads during authentication
我对铬没有任何问题。 这是我面临问题的边缘浏览器。 我试图清除缓存。 删除了 cookies。 重置浏览器。 没有任何效果。 我在登录时不断收到无限循环。 它最终失败并显示消息“我们无法让您登录。请重试。” . 任何帮助表示赞赏。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
{
Console.WriteLine("intercepted");
};
});
var azureAd = new AzureAd();
Configuration.GetSection("AzureAd").Bind(azureAd);
services.AddControllersWithViews();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
var url = "https://abc.xyz.com/platform/signin-oidc";
//var url = "https://localhost:5001/platform/signin-oidc";
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async context =>
{
context.ProtocolMessage.RedirectUri = url;
//context.Response.Headers.Add("Referrer-Policy", "no-referrer");
await Task.FromResult(0);
}
};
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCors("CorsPolicy");
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
//app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapControllerRoute(
name: "platform",
pattern: "/platform/{controller=Home}/{action=Index}/{id?}");
});
}
编辑
我确实在开发人员工具的网络选项卡中看到了这一点:
问题是因为 AD 发回的令牌存储在 cookie 中。 并且 cookie 被阻止,因为它没有安全属性。
它没有安全属性,因为应用程序部署在 Kubernetes 集群上,并且前门和应用程序之间的通信是 http 而不是 https。 因此,为了强制安全 cookies 我必须在public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
中添加以下内容:
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.Use(async (context, next) =>
{
if (context.Request.Host.Host.ToLower() != "localhost")
context.Request.Scheme = "https";
await next.Invoke();
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.