时间戳

首页 > 解决方案 > 来自 MVC 应用重定向循环的 Azure AD 登录

asp.net-mvc - 来自 MVC 应用重定向循环的 Azure AD 登录

问题描述

我已经阅读了很多帖子,并且在进行身份验证时都归结为 Cookie。但是,当我在登录后直接遇到重定向循环时,它会在任何登录的客户端上生效,而不仅仅是特定的 PC。

我已经尽我所能尝试了一切,我可以发布我所做的一切,但我不明白如果它发生在所有用户身上,这怎么可能是一个 cookie 问题。所以前一刻它可以工作,下一刻由于重定向循环而没有人可以登录。

从逻辑上讲,它必须与身份验证 cookie 有关,但它如何同时影响每个人呢?

这不是 Azure 中可能导致问题的东西吗?似乎必须如此?

任何想法都将不胜感激,因为我现在从我的客户那里收到了很多批评:(

这是我的startup.auth,如果它有帮助的话

private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];


        // Concatenate aadInstance, tenant to form authority value       
        private string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        // ConfigureAuth method  
        public void ConfigureAuth(IAppBuilder app)
        {
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            //app.UseCookieAuthentication(new CookieAuthenticationOptions());

            //Enable the application to use a cookie to store information for the signed in user

            //and to use a cookie to temporarily store information about a user logging in with a third party login provider

            //Configure the sign in cookie


            //app.UseCookieAuthentication(new CookieAuthenticationOptions
            //{
            //    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            //    LoginPath = new PathString("/Account/Login"),
            //    Provider = new CookieAuthenticationProvider
            //    {
            //        // Enables the application to validate the security stamp when the user logs in.
            //        // This is a security feature which is used when you change a password or add an external login to your account.  
            //        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            //            validateInterval: TimeSpan.FromMinutes(30),
            //            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            //    },
            //    CookieSecure = CookieSecureOption.Always
            //});

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                CookieName = "Local_Login",
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                            validateInterval: TimeSpan.FromMinutes(30),
                            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                },
                //CookieManager = new SystemWebCookieManager(),
                SlidingExpiration = true
            });

            //app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(

                            new OpenIdConnectAuthenticationOptions
                            {
                                ClientId = clientId,
                                Authority = authority,
                                RedirectUri = redirectUri,
                                PostLogoutRedirectUri = postLogoutRedirectUri,
                                Notifications = new OpenIdConnectAuthenticationNotifications
                                {
                                    AuthenticationFailed = (context) =>
                                    {
                                        context.HandleResponse();
                                        context.OwinContext.Response.Redirect("/Account/Login");
                                        return Task.FromResult(0);
                                    }
                                }
                            });


        } // end - ConfigureAuth method

标签: asp.net-mvcazureazure-active-directoryowinopenid-connect

解决方案

因此,经过许多小时和许多深夜,我似乎终于找到了解决方案。

因此,根据我的理解,由于微软内部的一个错误,在某些时候“MVC”cookie(我认为是 application.cookie)和 Azure AD cookie(我认为是 aspnet.cookie)会相互删除,在遇到此问题多年后仍未解决。那么发生了什么,您是否已登录 Azure AD 并且 auth cookie 表示您现在已通过身份验证,但是当点击控制器时,“MVC”cookie(如帖子中所说)表示您未通过身份验证,因此重定向返回 Azure AD 登录,但看到您已通过 Azure AD 进行身份验证,因此无限循环继续。

我看到很多人提到 Kentor Cookie Saver 并且它有帮助,一两个人说它没有,但我决定试一试,过去 2-3 天我没有让客户抱怨,所以它一定有效。

这是我使用的链接:Kentor Cookie Saver

我希望这可以帮助或引导某人朝着正确的方向前进。

干杯!

推荐阅读