- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我在 Github 上提出了一个错误,但想看看是否有人也可以提供帮助。 Bug #1839
问题/重现问题的步骤
我尝试使用 openId Connect 对我们的 azure 广告进行身份验证,但在回调方法之后我被重定向到/Account/AccessDenied
身份验证完成后,azure 会重定向回回调方法。
/// <summary>
/// Post processing of external authentication. Callback from azure.
/// </summary>
[HttpGet]
public async Task<IActionResult> TprUserLoginCallback(string returnUrl)
{
// read external identity from the temporary cookie
var claimsPrincipal = await HttpContext.Authentication.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (claimsPrincipal == null)
{
throw new Exception("External authentication error");
}
var claimResult = externalClaimsMapper.Map(claimsPrincipal);
var claims = claimResult.Claims.ToArray();
await HttpContext.Authentication.SignInAsync(claimResult.UserId, claimResult.UserName, claimResult.Provider, claims);
return Redirect(interactionService.IsValidReturnUrl(returnUrl) ? returnUrl : "~/");
}
然后重定向似乎进入了 asp 核心中间件(v1.1.3),该中间件在日志中添加了一个条目,表示 cookie 被禁止。
2017-12-06 11:01:13,920 [40] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - AuthenticationScheme: idsrv.external was forbidden and after that the page redirects to /Account/AccessDenied.
2017-12-06 11:01:13,921 [40] INFO Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware.Log - AuthenticationScheme: OpenIdConnect was forbidden.
启动 - cookie 身份验证和 openid 连接身份验证
app.UseIdentityServer();
var appSettings = container.GetInstance<AppSettings>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
AutomaticAuthenticate = false,
AutomaticChallenge = false,
ExpireTimeSpan = TimeSpan.FromMinutes(appSettings.DefaultTokenLifetimeInMinutes)
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = appSettings.AzureClientId,
Authority = appSettings.AzureAuthority,
PostLogoutRedirectUri = appSettings.AzurePostLogoutRedirectUri,
DisplayName = "TPR Login",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ResponseType = OpenIdConnectResponseType.IdToken,
SaveTokens = true,
RequireHttpsMetadata = false // F5's HTTPS handling so traffic will be HTTP
});
app.UseStaticFiles();
app.UseCors("default");
app.UseMvc(ConfigureRoutes.Configure);
重定向后,用户已登录,并且如果您手动导航到该网址,则可以访问应用
日志文件的相关部分
2017-12-06 11:01:13,899 [40] INFO Microsoft.AspNetCore.Hosting.Internal.WebHost.Log - Request starting HTTP/1.1 GET http://localhost:44362/ 2017-12-06 11:01:13,900 [40] DEBUG Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Log - Performing unprotect operation to key {144dcece-5570-4965-a74c-0ec3aed546e8} with purposes ('C:\code\tfs03\Single Sign On\Login\ReleaseSSO-Dev\WebUI\Login.IdentityServer', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'idsrv', 'v2'). 2017-12-06 11:01:13,902 [40] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - HttpContext.User merged via AutomaticAuthentication from authenticationScheme: idsrv. 2017-12-06 11:01:13,904 [40] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - AuthenticationScheme: idsrv was successfully authenticated. 2017-12-06 11:01:13,905 [40] DEBUG IdentityServer4.Hosting.EndpointRouter.Log - No endpoint entry found for request path: / 2017-12-06 11:01:13,906 [40] DEBUG Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Log - The request path / does not match a supported file type 2017-12-06 11:01:13,909 [40] DEBUG Microsoft.AspNetCore.Routing.RouteBase.Log - Request successfully matched the route with name 'default' and template '{controller=Login}/{action=Login}'. 2017-12-06 11:01:13,910 [40] DEBUG Microsoft.AspNetCore.Mvc.Internal.ActionSelector.Log - Action 'Login.IdentityServer.Controllers.LoginController.Login (Login.IdentityServer)' with id 'cba23692-b89e-4fe7-bf59-ccc14c18352a' did not match the constraint 'Microsoft.AspNetCore.Mvc.Internal.HttpMethodActionConstraint' 2017-12-06 11:01:13,911 [40] DEBUG Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Log - Executing action Login.IdentityServer.Controllers.LoginController.Login (Login.IdentityServer) 2017-12-06 11:01:13,913 [40] INFO Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Log - Executing action method Login.IdentityServer.Controllers.LoginController.Login (Login.IdentityServer) with arguments () - ModelState is Valid 2017-12-06 11:01:13,914 [40] DEBUG Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Log - Executed action method Login.IdentityServer.Controllers.LoginController.Login (Login.IdentityServer), returned result Microsoft.AspNetCore.Mvc.ChallengeResult. 2017-12-06 11:01:13,915 [40] INFO Microsoft.AspNetCore.Mvc.ChallengeResult.Log - Executing ChallengeResult with authentication schemes (OpenIdConnect). 2017-12-06 11:01:13,917 [40] DEBUG Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Log - Performing unprotect operation to key {144dcece-5570-4965-a74c-0ec3aed546e8} with purposes ('C:\code\tfs03\Single Sign On\Login\ReleaseSSO-Dev\WebUI\Login.IdentityServer', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'idsrv.external', 'v2'). 2017-12-06 11:01:13,918 [40] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - AuthenticationScheme: idsrv.external was successfully authenticated. 2017-12-06 11:01:13,920 [40] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - AuthenticationScheme: idsrv.external was forbidden. 2017-12-06 11:01:13,921 [40] INFO Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware.Log - AuthenticationScheme: OpenIdConnect was forbidden. 2017-12-06 11:01:13,922 [40] INFO Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Log - Executed action Login.IdentityServer.Controllers.LoginController.Login (Login.IdentityServer) in 10.0229ms 2017-12-06 11:01:13,924 [40] DEBUG Microsoft.AspNetCore.Server.Kestrel.Log - Connection id "0HL9SILL2SM7P" completed keep alive response. 2017-12-06 11:01:13,926 [40] INFO Microsoft.AspNetCore.Hosting.Internal.WebHost.Log - Request finished in 26.936ms 302 2017-12-06 11:01:13,930 [24] INFO Microsoft.AspNetCore.Hosting.Internal.WebHost.Log - Request starting HTTP/1.1 GET http://localhost:44362/Account/AccessDenied?ReturnUrl=%2Flogin%2Ftpruserlogincallback 2017-12-06 11:01:13,932 [24] DEBUG Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Log - Performing unprotect operation to key {144dcece-5570-4965-a74c-0ec3aed546e8} with purposes ('C:\code\tfs03\Single Sign On\Login\ReleaseSSO-Dev\WebUI\Login.IdentityServer', 'Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware', 'idsrv', 'v2'). 2017-12-06 11:01:13,934 [24] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - HttpContext.User merged via AutomaticAuthentication from authenticationScheme: idsrv. 2017-12-06 11:01:13,935 [24] INFO Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware.Log - AuthenticationScheme: idsrv was successfully authenticated. 2017-12-06 11:01:13,936 [24] DEBUG IdentityServer4.Hosting.EndpointRouter.Log - No endpoint entry found for request path: /Account/AccessDenied 2017-12-06 11:01:13,938 [24] DEBUG Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Log - The request path /Account/AccessDenied does not match a supported file type 2017-12-06 11:01:13,940 [24] DEBUG Microsoft.AspNetCore.Routing.RouteBase.Log - Request successfully matched the route with name 'default' and template '{controller=Login}/{action=Login}'. 2017-12-06 11:01:13,941 [24] DEBUG Microsoft.AspNetCore.Mvc.Internal.MvcRouteHandler.Log - No actions matched the current request 2017-12-06 11:01:13,943 [24] DEBUG Microsoft.AspNetCore.Builder.RouterMiddleware.Log - Request did not match any routes. 2017-12-06 11:01:13,945 [24] DEBUG Microsoft.AspNetCore.Server.Kestrel.Log - Connection id "0HL9SILL2SM7P" completed keep alive response. 2017-12-06 11:01:13,946 [24] INFO Microsoft.AspNetCore.Hosting.Internal.WebHost.Log - Request finished in 15.7755ms 404
最佳答案
我最近遇到了同样的问题,原因是注销期间未删除 cookie。就我而言,我发现我在 StartUp.cs 的 CookieAuthenticationOptions 中设置的 CookieName 属性导致了问题。
在调查浏览器中的问题时,我注意到 cookie 不是使用此名称创建的,而是使用“idsvr.external”创建的。删除 cookie 名称设置解决了我的问题。
app.UseCookieAuthentication(new CookieAuthenticationOptions)
{
...
CookieName = "...",
...
}
关于c# - 身份服务器 4 OpenId Connect 重定向到/Account/AccessDenied,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47693930/
我刚刚克隆了 ProductHunt.com 网站,在处理 url 时,我收到了名称错误的错误!当我输入“localhost:8000/accounts/signup”时,它应该带我进入一个 html
我正在将 account.analytic.account 字段从销售订单传递到发票。意图是在确认销售订单时通过该字段。 def _prepare_invoice(self, cr, uid, ord
我有一个奇怪的问题,并不是真正的技术性问题,但我确实希望收集有意义的建议。 我正在构建一个大型 Web 应用程序,基本上是一个照片共享社区站点。作为该站点的一部分,登录用户可以转到他们的个人资料,从中
在 Google Play 开发者控制台中,我在启动前测试中收到警告,其中提到: java.lang.NullPointerException:尝试从字段“java.lang.String andro
我的网站抛出以下异常: IOException: The account used is a computer account. Use your global user account or loc
我在 test 模块下通过 stripe api 在 stripe 中创建了一个帐户。并与该账户绑定(bind)一个银行账户。转到 Stripe dashboard -> connect -> acc
我最近在 Play 商店中更新了我的第一个 android 应用程序,并且发布前报告报告了特定设备上的一个错误。提供的堆栈跟踪如下: FATAL EXCEPTION: main Process: co
我想显示类似的东西: 案例一:“以用户身份登录” @ UserName [ logout ] 这里没有问题,我只是这样做: @ {{ app.user.username}} [ 注销 ] 案例2:“以
为了能够测试 Android Market 许可的任何实现(例如 LVL、应用内结算),Google 建议创建一个 Google Checkout 测试账号 ,因为开发者无法使用自己的 Google
我的公司有一个 Apple 企业帐户,我们用它来为使用 MDM 的员工部署应用程序。工作正常。 我们正在与外部开发人员一起开发一款应用。这个应用程序可能会被放入 App Store。 我大致理解Ent
我有这个方法: @api.multi @api.depends('order_picking', 'order_picking.isbn', 'contract_worksheet', 'state'
我来自以太坊环境,Solana 概念有点令人困惑。我找到了各种指导代码步骤的教程,但并没有真正解释逻辑背后的概念。 我知道在 Solana 中我们有程序,它们不包含数据,只是逻辑 - 网络中的可执行实
我正在编写一个应用程序来访问 Office 365 中用户的数据(电子邮件、联系人、日历)。因此我需要为外部用户启用对我的访问。 我已按照此处的 Microsoft Office 说明 ( http:
我正在构建我的第一个 Meteor 应用程序,在配置accounts-ui/accounts-google 时,系统会提示我将授权重定向 URI 设置为:http://localhost:3000/_
我正在创建一个应该能够读取某个域的所有用户的市场应用程序。我请求访问这些范围: https://www.googleapis.com/auth/userinfo.email https://www.
几天来,我一直在努力显示数据集中表中的数据。当我不在 WHERE 中放置条件时,它会显示完整的表,但只需要表中满足条件的行。如果有更快查看的建议。多谢。 myConnectionString = pw
我正在尝试使用来自 qt c++ 代码的 android AccountManager。要添加帐户,我想创建一个 android.accounts.Account 的实例,我正在尝试使用以下代码执行此
出于某种原因,一小部分 iOS 10 用户无法从我的公共(public) iCloud 容器中读取数据。 CloudKit 返回的 localisedError 是“Account doesn't h
我刚刚开始使用 Stripe API,并且已经遇到了一些我不明白的事情: 我如何确定我自己的 Stripe 帐户的标识符(例如, acct_abcd1234blablabla )? 我在临时 Stri
需要从贷方和借方帐号相同的借方总额中减去贷方总额。如果一个值只存在于借记账号,没有什么可以减去的,只需要得到这个值。 名为 18_7_ChartOfAccounts 的表如下所示: ID | Acco
我是一名优秀的程序员,十分优秀!